General

  • Target

    124a3d01a5b6f8185fd72ae9832ea930_JaffaCakes118

  • Size

    192KB

  • Sample

    240626-rnvlta1dpr

  • MD5

    124a3d01a5b6f8185fd72ae9832ea930

  • SHA1

    05431389bbd962bb21fda72684ded217aa973d21

  • SHA256

    0df2066073ea06809544f663e3d568bbb7f53ee524ef409a9b1d5fb653c958d7

  • SHA512

    9011cf42484b5e221e5137eaa047c32208869279a32e2dac77b9d371e143dbff508e2536e0d5edc86dcb268eb390db6c2a3cb7d6802f95251f5432eb47e5764c

  • SSDEEP

    3072:fDohuOjLbQZ8JpLmmjJbSLvQl4bVC7KrP+F3zEwVALkrdB1/cjRyTiH7aX:7oJbdD2hhEQQoEAoxB1gRRbW

Malware Config

Targets

    • Target

      124a3d01a5b6f8185fd72ae9832ea930_JaffaCakes118

    • Size

      192KB

    • MD5

      124a3d01a5b6f8185fd72ae9832ea930

    • SHA1

      05431389bbd962bb21fda72684ded217aa973d21

    • SHA256

      0df2066073ea06809544f663e3d568bbb7f53ee524ef409a9b1d5fb653c958d7

    • SHA512

      9011cf42484b5e221e5137eaa047c32208869279a32e2dac77b9d371e143dbff508e2536e0d5edc86dcb268eb390db6c2a3cb7d6802f95251f5432eb47e5764c

    • SSDEEP

      3072:fDohuOjLbQZ8JpLmmjJbSLvQl4bVC7KrP+F3zEwVALkrdB1/cjRyTiH7aX:7oJbdD2hhEQQoEAoxB1gRRbW

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks