General

  • Target

    12d4ca5d5585aed5722ca56fedf7d9ae_JaffaCakes118

  • Size

    98KB

  • Sample

    240626-v8psvavdpc

  • MD5

    12d4ca5d5585aed5722ca56fedf7d9ae

  • SHA1

    94a272e42bd70405f810004bae94256adfe3fbe9

  • SHA256

    ad1adf33b046fb2e8c7e377859ab7600c7192f129a8b77c0e2dc9ff28872dcaa

  • SHA512

    9c3270d35b28fbb86ca25371ee21e48bd9e574c46952f3aee4b6701ec070d4dd0f350fa061605745f1a4f438461103ffaf11f41f719a5309e0cbdb4e2e4d90d0

  • SSDEEP

    1536:znoNzMiAhLpKp8BNzMEbr4ErO0PNVSYJ9xcizk9D90K1Vy3ucHEvQMb4+4mCzsv8:0iMWpOYBckY6QEu6MFkPmCzse9DAE

Malware Config

Targets

    • Target

      12d4ca5d5585aed5722ca56fedf7d9ae_JaffaCakes118

    • Size

      98KB

    • MD5

      12d4ca5d5585aed5722ca56fedf7d9ae

    • SHA1

      94a272e42bd70405f810004bae94256adfe3fbe9

    • SHA256

      ad1adf33b046fb2e8c7e377859ab7600c7192f129a8b77c0e2dc9ff28872dcaa

    • SHA512

      9c3270d35b28fbb86ca25371ee21e48bd9e574c46952f3aee4b6701ec070d4dd0f350fa061605745f1a4f438461103ffaf11f41f719a5309e0cbdb4e2e4d90d0

    • SSDEEP

      1536:znoNzMiAhLpKp8BNzMEbr4ErO0PNVSYJ9xcizk9D90K1Vy3ucHEvQMb4+4mCzsv8:0iMWpOYBckY6QEu6MFkPmCzse9DAE

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks