General

  • Target

    1777b28a65842d86c84019064a98b5e1_JaffaCakes118

  • Size

    105KB

  • Sample

    241005-nee8zs1fqr

  • MD5

    1777b28a65842d86c84019064a98b5e1

  • SHA1

    0ffdfb3766e8075f747b52e564ecfa5e7a6352bd

  • SHA256

    f72383928a32296a27d68e8d063b00ac19e94fa16ef5b9f8c09ed96641f9bcb9

  • SHA512

    4071a24aa747486bf3de93c0e10a854c29b2474336f1c2bb24e1a583b46db4f02f8753523cb0d7360e1481b68c7c7aaa454b6475d65bc2840f935aecb1d47616

  • SSDEEP

    3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rI:83z+svb1uz

Malware Config

Targets

    • Target

      1777b28a65842d86c84019064a98b5e1_JaffaCakes118

    • Size

      105KB

    • MD5

      1777b28a65842d86c84019064a98b5e1

    • SHA1

      0ffdfb3766e8075f747b52e564ecfa5e7a6352bd

    • SHA256

      f72383928a32296a27d68e8d063b00ac19e94fa16ef5b9f8c09ed96641f9bcb9

    • SHA512

      4071a24aa747486bf3de93c0e10a854c29b2474336f1c2bb24e1a583b46db4f02f8753523cb0d7360e1481b68c7c7aaa454b6475d65bc2840f935aecb1d47616

    • SSDEEP

      3072:zAK0CBezOU+8isBve4bF3u5jwaaHw7Koj4rI:83z+svb1uz

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks