General
-
Target
99c3a32de4540c34210223e162bd8667_JaffaCakes118
-
Size
214KB
-
Sample
241125-g8lvastldv
-
MD5
99c3a32de4540c34210223e162bd8667
-
SHA1
156dc21c058b218ffbf493659652e3c530a05285
-
SHA256
24d0501fc2d29ff0428ead43d53edc8fec5f33bfe633601b7a191b2639e2a3e9
-
SHA512
ce48f3e65ded16676e13a3905eeb3cf7d74d6ad029bc2067c19905ae5b2235214ac4a207f76de3284775f823a4084cac0eb5be579e4f18606afcc42c1946bfe8
-
SSDEEP
3072:9jR4FS3AtAsHJcBJQ3UOtFIQ7RaaHw7Koj4rt9TYJBKegH42kSpYP+:H3lsHkJOpF7s2Hjs+
Malware Config
Targets
-
-
Target
99c3a32de4540c34210223e162bd8667_JaffaCakes118
-
Size
214KB
-
MD5
99c3a32de4540c34210223e162bd8667
-
SHA1
156dc21c058b218ffbf493659652e3c530a05285
-
SHA256
24d0501fc2d29ff0428ead43d53edc8fec5f33bfe633601b7a191b2639e2a3e9
-
SHA512
ce48f3e65ded16676e13a3905eeb3cf7d74d6ad029bc2067c19905ae5b2235214ac4a207f76de3284775f823a4084cac0eb5be579e4f18606afcc42c1946bfe8
-
SSDEEP
3072:9jR4FS3AtAsHJcBJQ3UOtFIQ7RaaHw7Koj4rt9TYJBKegH42kSpYP+:H3lsHkJOpF7s2Hjs+
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9