General
-
Target
JaffaCakes118_6fd19089015d827b874ef529b7a494b9
-
Size
97KB
-
Sample
250103-1bppgatqhv
-
MD5
6fd19089015d827b874ef529b7a494b9
-
SHA1
f067e9c306adaa693daf6f1de924f6084b71a7f0
-
SHA256
723d824ac57d6c02843c19a2a6a5af0b362192838db7af0377da7131e0dd2e5e
-
SHA512
b6c39c2a1162ac54ca4b0673138ad19aa6a2b76d6d140ee4b99a84992e356701efd93e350a94ec7443c23c342d094fb1222299ad559c6fbe964e39880154d957
-
SSDEEP
3072:5xT4JveJ7aMIJG6uXBUI/D7sh6KT1lubIx6saaHw7Koj4rtMj:5xTeNput7Ihbjx6p
Malware Config
Targets
-
-
Target
JaffaCakes118_6fd19089015d827b874ef529b7a494b9
-
Size
97KB
-
MD5
6fd19089015d827b874ef529b7a494b9
-
SHA1
f067e9c306adaa693daf6f1de924f6084b71a7f0
-
SHA256
723d824ac57d6c02843c19a2a6a5af0b362192838db7af0377da7131e0dd2e5e
-
SHA512
b6c39c2a1162ac54ca4b0673138ad19aa6a2b76d6d140ee4b99a84992e356701efd93e350a94ec7443c23c342d094fb1222299ad559c6fbe964e39880154d957
-
SSDEEP
3072:5xT4JveJ7aMIJG6uXBUI/D7sh6KT1lubIx6saaHw7Koj4rtMj:5xTeNput7Ihbjx6p
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Windows security bypass
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
8