General

  • Target

    0f5c5f387363e8ea2da8a416265495f8_JaffaCakes118

  • Size

    992KB

  • Sample

    241003-ssx36swarb

  • MD5

    0f5c5f387363e8ea2da8a416265495f8

  • SHA1

    210be10e8149a1b206a2e0f9bd530420f4fc5114

  • SHA256

    c0d95efec5a7554273d6f3e98ad3b7bf6573374034849757894408206e80ad0f

  • SHA512

    0f253c881b7b67578c648704806587ae1e2a3d71bdb43907d68bef3233521c1819cdb79aaafae9b749e7ef7b6afa898afe6b95a866100bdb379c2b1bb537314b

  • SSDEEP

    24576:AatFGOH8KzJauobwEK10bVWyBc8TznlwWhLE32GRIVRXnRmqeJthax8:LvGOH8K1fosEHbVI8TznGWJ8I7BmqeJ3

Malware Config

Targets

    • Target

      0f5c5f387363e8ea2da8a416265495f8_JaffaCakes118

    • Size

      992KB

    • MD5

      0f5c5f387363e8ea2da8a416265495f8

    • SHA1

      210be10e8149a1b206a2e0f9bd530420f4fc5114

    • SHA256

      c0d95efec5a7554273d6f3e98ad3b7bf6573374034849757894408206e80ad0f

    • SHA512

      0f253c881b7b67578c648704806587ae1e2a3d71bdb43907d68bef3233521c1819cdb79aaafae9b749e7ef7b6afa898afe6b95a866100bdb379c2b1bb537314b

    • SSDEEP

      24576:AatFGOH8KzJauobwEK10bVWyBc8TznlwWhLE32GRIVRXnRmqeJthax8:LvGOH8K1fosEHbVI8TznGWJ8I7BmqeJ3

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks