General
-
Target
e9b5328761a03dfab00189560c22fa51_JaffaCakes118
-
Size
172KB
-
Sample
241213-d7neysyqer
-
MD5
e9b5328761a03dfab00189560c22fa51
-
SHA1
5100d45b9c80d24292a911bcf66f937d58acd77f
-
SHA256
90cf5db5ff3f4490513c2144c94b845e343d4cd79f554cabd45bf6c173311587
-
SHA512
16fd0f8a0a3700895e25e2fc3c67b1c354cb493a8ee9971a69f377a335efba2b1dfc0f72eb3dd95e9dd77882981c3f70db8acfd3ea77897feafc5c4c617f8936
-
SSDEEP
3072:M1eOCo+TjB3JN+tvyN5BItbp/07ygLFYqAu:MMdT0yy2xF
Malware Config
Targets
-
-
Target
e9b5328761a03dfab00189560c22fa51_JaffaCakes118
-
Size
172KB
-
MD5
e9b5328761a03dfab00189560c22fa51
-
SHA1
5100d45b9c80d24292a911bcf66f937d58acd77f
-
SHA256
90cf5db5ff3f4490513c2144c94b845e343d4cd79f554cabd45bf6c173311587
-
SHA512
16fd0f8a0a3700895e25e2fc3c67b1c354cb493a8ee9971a69f377a335efba2b1dfc0f72eb3dd95e9dd77882981c3f70db8acfd3ea77897feafc5c4c617f8936
-
SSDEEP
3072:M1eOCo+TjB3JN+tvyN5BItbp/07ygLFYqAu:MMdT0yy2xF
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
9