General
-
Target
48149aedc4df56fcc72dfbc2d238baee_JaffaCakes118
-
Size
105KB
-
Sample
240715-ebh12awfrq
-
MD5
48149aedc4df56fcc72dfbc2d238baee
-
SHA1
42d4af7419c0d102e4964af7c811f9a505150d7b
-
SHA256
64358ba6a19a57be6bf3e9b636b045186f87f5489b0a15c28accb2ac17843a66
-
SHA512
8e8d97af398ce34a61f935693d86b76be4db3730131a0d7695ebe23cf2bb5b5fc9c54d8ae7cd70acfaa301dd56f649a921f9f89ecd556fd27d6333e9921d8b83
-
SSDEEP
3072:5Tg2vIufer7yfdn7pPqjwaaHw7Koj4rV:5kynWr7qd71F
Malware Config
Targets
-
-
Target
48149aedc4df56fcc72dfbc2d238baee_JaffaCakes118
-
Size
105KB
-
MD5
48149aedc4df56fcc72dfbc2d238baee
-
SHA1
42d4af7419c0d102e4964af7c811f9a505150d7b
-
SHA256
64358ba6a19a57be6bf3e9b636b045186f87f5489b0a15c28accb2ac17843a66
-
SHA512
8e8d97af398ce34a61f935693d86b76be4db3730131a0d7695ebe23cf2bb5b5fc9c54d8ae7cd70acfaa301dd56f649a921f9f89ecd556fd27d6333e9921d8b83
-
SSDEEP
3072:5Tg2vIufer7yfdn7pPqjwaaHw7Koj4rV:5kynWr7qd71F
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1