General

  • Target

    14b60716458fcee0f43c6db584e4202a_JaffaCakes118

  • Size

    176KB

  • Sample

    241004-yjtx2sxekc

  • MD5

    14b60716458fcee0f43c6db584e4202a

  • SHA1

    0cedf726f85ba9799738eb1936c40653d28222e7

  • SHA256

    922a1b767a8a594488dfb8d95bb0b20b3f53f974db6eba62e2de0ff6457c5dbb

  • SHA512

    5606c361f16f08e00b0eff9b45ad0c04e66ac4b2bd502cefbb8e8e5df7c4099162342408df956b29ef486bd72675538532cb7b6d84f47818b1c8907db1686511

  • SSDEEP

    3072:blu6S6RTGfwy7kFaDh05bRw8tAg7Jai5yxryX22G74Ql5D34DMI:M6SS6P0/wwAglryx+VjQl5DK

Malware Config

Targets

    • Target

      14b60716458fcee0f43c6db584e4202a_JaffaCakes118

    • Size

      176KB

    • MD5

      14b60716458fcee0f43c6db584e4202a

    • SHA1

      0cedf726f85ba9799738eb1936c40653d28222e7

    • SHA256

      922a1b767a8a594488dfb8d95bb0b20b3f53f974db6eba62e2de0ff6457c5dbb

    • SHA512

      5606c361f16f08e00b0eff9b45ad0c04e66ac4b2bd502cefbb8e8e5df7c4099162342408df956b29ef486bd72675538532cb7b6d84f47818b1c8907db1686511

    • SSDEEP

      3072:blu6S6RTGfwy7kFaDh05bRw8tAg7Jai5yxryX22G74Ql5D34DMI:M6SS6P0/wwAglryx+VjQl5DK

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks