General

  • Target

    127c71185c30e370c4a771b19b22ea06_JaffaCakes118

  • Size

    96KB

  • Sample

    240626-sy51zatdnp

  • MD5

    127c71185c30e370c4a771b19b22ea06

  • SHA1

    426d62cff629f3cdf2f6d57ebb1ca03c8b41f8d8

  • SHA256

    abafc41047c0757dba0d58374e4501a7ef21d46fb07eb7aff4abe77d65c829fa

  • SHA512

    6f496a379c72db185e639089c8452ce14a685b2621b2dc0f3dc0bd90bb2decde9e002bb2215c7014e00305c5dd0ba9220561b650722cd4f37c58f99e56135783

  • SSDEEP

    3072:PIV+RlGM9K85rbyIxlPRBzgzXn/EU5jwaaHw7Koj4rH:AkPGM8QyIxl3sRg

Malware Config

Targets

    • Target

      127c71185c30e370c4a771b19b22ea06_JaffaCakes118

    • Size

      96KB

    • MD5

      127c71185c30e370c4a771b19b22ea06

    • SHA1

      426d62cff629f3cdf2f6d57ebb1ca03c8b41f8d8

    • SHA256

      abafc41047c0757dba0d58374e4501a7ef21d46fb07eb7aff4abe77d65c829fa

    • SHA512

      6f496a379c72db185e639089c8452ce14a685b2621b2dc0f3dc0bd90bb2decde9e002bb2215c7014e00305c5dd0ba9220561b650722cd4f37c58f99e56135783

    • SSDEEP

      3072:PIV+RlGM9K85rbyIxlPRBzgzXn/EU5jwaaHw7Koj4rH:AkPGM8QyIxl3sRg

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks