General

  • Target

    d87c2e231e0521f47b25432bfde99c2f_JaffaCakes118

  • Size

    129KB

  • Sample

    241208-x6n5mssqft

  • MD5

    d87c2e231e0521f47b25432bfde99c2f

  • SHA1

    16eb9dd322d15803fc7d004ebb54f3f16bdddf28

  • SHA256

    ce88a79e96501f3538cb392d8d970eacdf5c8f3882d184fcf0c7c81aceadbfa2

  • SHA512

    3fbf5d4c41a3d00c934e0fa40735b1fc25f259ef0aa9d87b99339920ad99c90754ba5243d42143b076a05fec4b8109f7e50fec7d241fffcb81eb707359af4c13

  • SSDEEP

    3072:rcOGauE7Ik6MZrUNDzhD0x6xDiwsv6jGu:Qy7INAr8dBiayu

Malware Config

Targets

    • Target

      d87c2e231e0521f47b25432bfde99c2f_JaffaCakes118

    • Size

      129KB

    • MD5

      d87c2e231e0521f47b25432bfde99c2f

    • SHA1

      16eb9dd322d15803fc7d004ebb54f3f16bdddf28

    • SHA256

      ce88a79e96501f3538cb392d8d970eacdf5c8f3882d184fcf0c7c81aceadbfa2

    • SHA512

      3fbf5d4c41a3d00c934e0fa40735b1fc25f259ef0aa9d87b99339920ad99c90754ba5243d42143b076a05fec4b8109f7e50fec7d241fffcb81eb707359af4c13

    • SSDEEP

      3072:rcOGauE7Ik6MZrUNDzhD0x6xDiwsv6jGu:Qy7INAr8dBiayu

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks