General

  • Target

    12865c260a2994bfce70e5dae7503621_JaffaCakes118

  • Size

    175KB

  • Sample

    240626-s73bfatgmn

  • MD5

    12865c260a2994bfce70e5dae7503621

  • SHA1

    3a4ce0237ae3f0625ef59917c477429c539feff2

  • SHA256

    85f2f930963106e02b32851ab6e8f5038d371afcb890294a204e6cd353d84d81

  • SHA512

    4eb4da483725ddb60bf53f842633c560ead66acd6610b3f474663717361e40846464daf6cf3e50be30dfd9ebbbe1d0b97cf6e9e6bca5e6e3cb5345844396389f

  • SSDEEP

    3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rocwEXi7w9GWg:p9bpUUO8GWg

Malware Config

Targets

    • Target

      12865c260a2994bfce70e5dae7503621_JaffaCakes118

    • Size

      175KB

    • MD5

      12865c260a2994bfce70e5dae7503621

    • SHA1

      3a4ce0237ae3f0625ef59917c477429c539feff2

    • SHA256

      85f2f930963106e02b32851ab6e8f5038d371afcb890294a204e6cd353d84d81

    • SHA512

      4eb4da483725ddb60bf53f842633c560ead66acd6610b3f474663717361e40846464daf6cf3e50be30dfd9ebbbe1d0b97cf6e9e6bca5e6e3cb5345844396389f

    • SSDEEP

      3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rocwEXi7w9GWg:p9bpUUO8GWg

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks