General

  • Target

    9e7400a898add6101fab64024aee8719_JaffaCakes118

  • Size

    109KB

  • Sample

    241125-257yks1nhx

  • MD5

    9e7400a898add6101fab64024aee8719

  • SHA1

    53171e2db8ad08eaa48ff423725a8521be1cc638

  • SHA256

    f15bd9ea16cf3c58310524eb438916f488858e951b3cd33111acfdfe2dd7e3b5

  • SHA512

    fbdc281bbae000fdc11f49f906697933e4981cf54e477263c5891c3f5f2fee8d443e2f9c84485c6b09d0996f554f72786d5535a511604bcbe0865fbb57fd614a

  • SSDEEP

    3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rZlS:p9bpUyl

Malware Config

Targets

    • Target

      9e7400a898add6101fab64024aee8719_JaffaCakes118

    • Size

      109KB

    • MD5

      9e7400a898add6101fab64024aee8719

    • SHA1

      53171e2db8ad08eaa48ff423725a8521be1cc638

    • SHA256

      f15bd9ea16cf3c58310524eb438916f488858e951b3cd33111acfdfe2dd7e3b5

    • SHA512

      fbdc281bbae000fdc11f49f906697933e4981cf54e477263c5891c3f5f2fee8d443e2f9c84485c6b09d0996f554f72786d5535a511604bcbe0865fbb57fd614a

    • SSDEEP

      3072:yy9tGqOxnexUYMg2zk8jwaaHw7Koj4rZlS:p9bpUyl

    • Modifies WinLogon for persistence

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • UAC bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks