General
-
Target
2f54004f7c1074e201d7c755893aec3f_JaffaCakes118
-
Size
293KB
-
Sample
240709-hd8k9atale
-
MD5
2f54004f7c1074e201d7c755893aec3f
-
SHA1
49eb89a4d612adb62897ff9272cc7dd80e5327bf
-
SHA256
0b8c9a303a6431429e1ff08cdfac18fd5564cc8028ca59e735d5e9df15745593
-
SHA512
9e52d51f8b3ec7f527d51b8fa2c96228992d394596db38ca6b45a40fd0fc381c3b54cea8ab8fb9e2e802728ea3c8c88f597c8936cafc8f4d4acc6483b475eb58
-
SSDEEP
6144:A26lQFyAn0+mMDhFDIO1kbcG4GBMELGJO:16y/0+dDhMbcfGz
Malware Config
Targets
-
-
Target
2f54004f7c1074e201d7c755893aec3f_JaffaCakes118
-
Size
293KB
-
MD5
2f54004f7c1074e201d7c755893aec3f
-
SHA1
49eb89a4d612adb62897ff9272cc7dd80e5327bf
-
SHA256
0b8c9a303a6431429e1ff08cdfac18fd5564cc8028ca59e735d5e9df15745593
-
SHA512
9e52d51f8b3ec7f527d51b8fa2c96228992d394596db38ca6b45a40fd0fc381c3b54cea8ab8fb9e2e802728ea3c8c88f597c8936cafc8f4d4acc6483b475eb58
-
SSDEEP
6144:A26lQFyAn0+mMDhFDIO1kbcG4GBMELGJO:16y/0+dDhMbcfGz
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1