General
-
Target
bf92b8e712f11b4a45268d362c9f5063_JaffaCakes118
-
Size
281KB
-
Sample
240824-2ne68stdrc
-
MD5
bf92b8e712f11b4a45268d362c9f5063
-
SHA1
c163b2882bfde027d3a05a971b6be69ed0d96d51
-
SHA256
6074f224c255ecfd0df6d1a4fa90ffe2184b06ab9c08d69d1b4b96384a2e3411
-
SHA512
662a964483cca13eb852434fa687e3985411767b1806063e87156abbd42edd28cf5f898bd0197ce341927d0a57a5ea707f17e34b729ea851a7b3ca37b216baac
-
SSDEEP
6144:A7EZS7GkpKZ6gQFlAWYIJ7fZ8TEJzxgYsFymhw5AI5cs9C9y3:A7EZS7VKZjQbj1JrZZxgpFyVAI5cs9u2
Malware Config
Targets
-
-
Target
bf92b8e712f11b4a45268d362c9f5063_JaffaCakes118
-
Size
281KB
-
MD5
bf92b8e712f11b4a45268d362c9f5063
-
SHA1
c163b2882bfde027d3a05a971b6be69ed0d96d51
-
SHA256
6074f224c255ecfd0df6d1a4fa90ffe2184b06ab9c08d69d1b4b96384a2e3411
-
SHA512
662a964483cca13eb852434fa687e3985411767b1806063e87156abbd42edd28cf5f898bd0197ce341927d0a57a5ea707f17e34b729ea851a7b3ca37b216baac
-
SSDEEP
6144:A7EZS7GkpKZ6gQFlAWYIJ7fZ8TEJzxgYsFymhw5AI5cs9C9y3:A7EZS7VKZjQbj1JrZZxgpFyVAI5cs9u2
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4