General

  • Target

    1247967cf7de3eda70695f0be85015bc_JaffaCakes118

  • Size

    141KB

  • Sample

    240626-rl8ewsyara

  • MD5

    1247967cf7de3eda70695f0be85015bc

  • SHA1

    683fe4d7a48013b86ffc37cfca3a256a2c7e7a08

  • SHA256

    d78ad2b9e04c5e3e9c1359aedf97d70c5b4ee86993eeb404190b6ac4322bf3be

  • SHA512

    276e427bb6ef389d37678d5475fc3c4f10bfddf6f0a78d8f84ddff0129dee32cb37e40dd856cee14868771dca475b210f3e1b00f9ed2c72bde463c8e6c938447

  • SSDEEP

    3072:aR+3mSXsvirTVCtnGzZHt399U/CXFFk8jwaaHw7Koj4r4U3ZTjW0w+DLQ:aR+WGzCtnGNT9U/CXiZTjA+D0

Malware Config

Targets

    • Target

      1247967cf7de3eda70695f0be85015bc_JaffaCakes118

    • Size

      141KB

    • MD5

      1247967cf7de3eda70695f0be85015bc

    • SHA1

      683fe4d7a48013b86ffc37cfca3a256a2c7e7a08

    • SHA256

      d78ad2b9e04c5e3e9c1359aedf97d70c5b4ee86993eeb404190b6ac4322bf3be

    • SHA512

      276e427bb6ef389d37678d5475fc3c4f10bfddf6f0a78d8f84ddff0129dee32cb37e40dd856cee14868771dca475b210f3e1b00f9ed2c72bde463c8e6c938447

    • SSDEEP

      3072:aR+3mSXsvirTVCtnGzZHt399U/CXFFk8jwaaHw7Koj4r4U3ZTjW0w+DLQ:aR+WGzCtnGNT9U/CXiZTjA+D0

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks