General

  • Target

    153b5a2a10690815050947815b55c70a_JaffaCakes118

  • Size

    156KB

  • Sample

    241004-2ych4avhqb

  • MD5

    153b5a2a10690815050947815b55c70a

  • SHA1

    1de9cb4df8c6377663e60cd1866b6f3e76a76c44

  • SHA256

    9d17577b5c05fca532240bdf83512366b7ac16bf8b343bd5d5c257380c068a1f

  • SHA512

    4580322d556975cf5a79c117fa3da1a44295cfb44abfacf8267607d3afc26040e2d9037201016f30d6eee5d0747c6a44ae0c82fe30742b178773d61ba7cfe6da

  • SSDEEP

    3072:iPVx+kStHOl2XgC0c2gEPIgELNKmd+NhFdJEOxvgJulso1c:BTHOl2Xg7ccPg0A4bvtv9ll

Malware Config

Targets

    • Target

      153b5a2a10690815050947815b55c70a_JaffaCakes118

    • Size

      156KB

    • MD5

      153b5a2a10690815050947815b55c70a

    • SHA1

      1de9cb4df8c6377663e60cd1866b6f3e76a76c44

    • SHA256

      9d17577b5c05fca532240bdf83512366b7ac16bf8b343bd5d5c257380c068a1f

    • SHA512

      4580322d556975cf5a79c117fa3da1a44295cfb44abfacf8267607d3afc26040e2d9037201016f30d6eee5d0747c6a44ae0c82fe30742b178773d61ba7cfe6da

    • SSDEEP

      3072:iPVx+kStHOl2XgC0c2gEPIgELNKmd+NhFdJEOxvgJulso1c:BTHOl2Xg7ccPg0A4bvtv9ll

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks