General
-
Target
75857a9db91fc3c34217ab09adf6dea1_JaffaCakes118
-
Size
296KB
-
Sample
240726-yteacavcqh
-
MD5
75857a9db91fc3c34217ab09adf6dea1
-
SHA1
958c2ce3783a35cac4b041ced5a02d593a3d2726
-
SHA256
a61c96b81c35b6273d12b7228797d84c09d6801e97c24396778577feecb6c51b
-
SHA512
7a389c8ddc6626c6dc32d97931508e2c8a29c9e140f74672947fd1d2cc15cf834c441c637674878ce96638642315a83435982dc0852e6b9adef707dd77e65ead
-
SSDEEP
3072:Pw8tHHRgGC8VTclFFk8jwaaHw7Koj4reSwDZr6gM/avYduCBhWRol9VudVGT3Do:ouHHRgRISYwDB6gM/8auC/WKVud83Do
Malware Config
Targets
-
-
Target
75857a9db91fc3c34217ab09adf6dea1_JaffaCakes118
-
Size
296KB
-
MD5
75857a9db91fc3c34217ab09adf6dea1
-
SHA1
958c2ce3783a35cac4b041ced5a02d593a3d2726
-
SHA256
a61c96b81c35b6273d12b7228797d84c09d6801e97c24396778577feecb6c51b
-
SHA512
7a389c8ddc6626c6dc32d97931508e2c8a29c9e140f74672947fd1d2cc15cf834c441c637674878ce96638642315a83435982dc0852e6b9adef707dd77e65ead
-
SSDEEP
3072:Pw8tHHRgGC8VTclFFk8jwaaHw7Koj4reSwDZr6gM/avYduCBhWRol9VudVGT3Do:ouHHRgRISYwDB6gM/8auC/WKVud83Do
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4