General

  • Target

    0ed4fa61826690a547b459b18c134bce_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241003-kpa58syakg

  • MD5

    0ed4fa61826690a547b459b18c134bce

  • SHA1

    160574ec5e17f4f1e5c67ab7c953213d19761ac7

  • SHA256

    a01e6589fa2efd835287898910c7edb6be6519707933686f230329f5b20babad

  • SHA512

    478e59eb18233032fba75fcdea86feac1962885333907a813877bfecaac8cb074e8d4961da4431b4f8995b5147c7e202332ede2c9ec90109d42bb3201f1ff42f

  • SSDEEP

    12288:mKUdJNAnBFlAt32d2Gj7hs1d8UtkdT1MdwYt+ezSI:1U/yfOmUG8d8Ut8wkeeI

Malware Config

Targets

    • Target

      0ed4fa61826690a547b459b18c134bce_JaffaCakes118

    • Size

      1.2MB

    • MD5

      0ed4fa61826690a547b459b18c134bce

    • SHA1

      160574ec5e17f4f1e5c67ab7c953213d19761ac7

    • SHA256

      a01e6589fa2efd835287898910c7edb6be6519707933686f230329f5b20babad

    • SHA512

      478e59eb18233032fba75fcdea86feac1962885333907a813877bfecaac8cb074e8d4961da4431b4f8995b5147c7e202332ede2c9ec90109d42bb3201f1ff42f

    • SSDEEP

      12288:mKUdJNAnBFlAt32d2Gj7hs1d8UtkdT1MdwYt+ezSI:1U/yfOmUG8d8Ut8wkeeI

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks