General
-
Target
JaffaCakes118_6e6d3921c2c2ec695d9c50743791a741
-
Size
113KB
-
Sample
250103-wjsc4synfn
-
MD5
6e6d3921c2c2ec695d9c50743791a741
-
SHA1
9e48d6234725cef785b2e7379984b97347b590cc
-
SHA256
35cb927023ce3d8762ecdfe362a8911a51b8cd85877781dc2fed85e59cbc3eef
-
SHA512
39201374e4382c3a045e533efaf79a49a883d05e1048931fa9539a2063030e82cf90ef67b53ca244228c4e773222d8f504d564241eaf004aceb04a8d183c47f2
-
SSDEEP
3072:pYhix8yfzQFCixL3f1fSvZqObx4J2vNbGfvGnd3gW5ZM4/u:pQm86zQQitfhKZbNdndPZMT
Malware Config
Targets
-
-
Target
JaffaCakes118_6e6d3921c2c2ec695d9c50743791a741
-
Size
113KB
-
MD5
6e6d3921c2c2ec695d9c50743791a741
-
SHA1
9e48d6234725cef785b2e7379984b97347b590cc
-
SHA256
35cb927023ce3d8762ecdfe362a8911a51b8cd85877781dc2fed85e59cbc3eef
-
SHA512
39201374e4382c3a045e533efaf79a49a883d05e1048931fa9539a2063030e82cf90ef67b53ca244228c4e773222d8f504d564241eaf004aceb04a8d183c47f2
-
SSDEEP
3072:pYhix8yfzQFCixL3f1fSvZqObx4J2vNbGfvGnd3gW5ZM4/u:pQm86zQQitfhKZbNdndPZMT
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
3