General

  • Target

    1376cb7adfb829ea7f2eaadff8bbe24a_JaffaCakes118

  • Size

    196KB

  • Sample

    240626-zzj88awgqq

  • MD5

    1376cb7adfb829ea7f2eaadff8bbe24a

  • SHA1

    4ca0a9057ebebab9c739b420600ea0da7414361d

  • SHA256

    8a43752634ce249043aa0db000fa9bd717c67519efcd0ec947f98f7db2511dc8

  • SHA512

    ffed6b40381e8453201dedf778130541876f7cdbe553ec9302fce46cdb2ebf156581620e42ad727b25c81f9d8706d343756b4638cfe08fa48dfcb5ad55a59993

  • SSDEEP

    3072:OHE483pNzMPw/tAAw5jwaaHw7Koj4rhZSWJdQmuZmrl+8vsuXid4U0:aF8ZNoPGAJAZSWJdQ1gr4IHXiH0

Malware Config

Targets

    • Target

      1376cb7adfb829ea7f2eaadff8bbe24a_JaffaCakes118

    • Size

      196KB

    • MD5

      1376cb7adfb829ea7f2eaadff8bbe24a

    • SHA1

      4ca0a9057ebebab9c739b420600ea0da7414361d

    • SHA256

      8a43752634ce249043aa0db000fa9bd717c67519efcd0ec947f98f7db2511dc8

    • SHA512

      ffed6b40381e8453201dedf778130541876f7cdbe553ec9302fce46cdb2ebf156581620e42ad727b25c81f9d8706d343756b4638cfe08fa48dfcb5ad55a59993

    • SSDEEP

      3072:OHE483pNzMPw/tAAw5jwaaHw7Koj4rhZSWJdQmuZmrl+8vsuXid4U0:aF8ZNoPGAJAZSWJdQ1gr4IHXiH0

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks