General
-
Target
JaffaCakes118_5b1a0c379ccc8cab0d06cbeb1338451b
-
Size
95KB
-
Sample
250115-s4ar1sykhr
-
MD5
5b1a0c379ccc8cab0d06cbeb1338451b
-
SHA1
ae615e94824e0547027768d74d03af8b23fefd4d
-
SHA256
2dccbfc709478a47a8c039619c5aecc11731f3fe8e3a70c26b4e6f668f190d29
-
SHA512
a4433852b9c404df4b8e2d68cabe0df3ff02a2c9ebda7ecc468e73d1651119bd1dc878474f3c508b8d42b8bb78c1c08d1fe5c93175f8e2b15a9765019179c581
-
SSDEEP
1536:MHj0v8OJ4gwubDS+8MSn/Dk7cyzrdYptjL87LU/o19Em+0rAfuILFxNSF5E8k8jw:MHo5e5im+8MIDgcEQVMLqEcmk6FFk8jw
Malware Config
Targets
-
-
Target
JaffaCakes118_5b1a0c379ccc8cab0d06cbeb1338451b
-
Size
95KB
-
MD5
5b1a0c379ccc8cab0d06cbeb1338451b
-
SHA1
ae615e94824e0547027768d74d03af8b23fefd4d
-
SHA256
2dccbfc709478a47a8c039619c5aecc11731f3fe8e3a70c26b4e6f668f190d29
-
SHA512
a4433852b9c404df4b8e2d68cabe0df3ff02a2c9ebda7ecc468e73d1651119bd1dc878474f3c508b8d42b8bb78c1c08d1fe5c93175f8e2b15a9765019179c581
-
SSDEEP
1536:MHj0v8OJ4gwubDS+8MSn/Dk7cyzrdYptjL87LU/o19Em+0rAfuILFxNSF5E8k8jw:MHo5e5im+8MIDgcEQVMLqEcmk6FFk8jw
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
4