General
-
Target
JaffaCakes118_2fc1bfd1abbd12a7e672e56a77c2ec38
-
Size
109KB
-
Sample
250125-z7swbszrez
-
MD5
2fc1bfd1abbd12a7e672e56a77c2ec38
-
SHA1
02f1fe712b443625e993f5379ceed9e8f0c5ef1d
-
SHA256
108642747e2414d32de711f9acc2b53488b1de153db1b5f771435af3ece10a49
-
SHA512
4139c679bf3aa14fa72fcbe1c312868c96248aa2defe2001f13aaf0f69efcddcb2c915555b60770b6a8f857610aef6897b176d2bf40e43acbfbb226275efd055
-
SSDEEP
3072:CYhix86fzQFCixL3f1fKpEZqObx4J2vNbGfvGnd3gW5ZM4/u:CQm8yzQQitfhKqZbNdndPZMT
Malware Config
Targets
-
-
Target
JaffaCakes118_2fc1bfd1abbd12a7e672e56a77c2ec38
-
Size
109KB
-
MD5
2fc1bfd1abbd12a7e672e56a77c2ec38
-
SHA1
02f1fe712b443625e993f5379ceed9e8f0c5ef1d
-
SHA256
108642747e2414d32de711f9acc2b53488b1de153db1b5f771435af3ece10a49
-
SHA512
4139c679bf3aa14fa72fcbe1c312868c96248aa2defe2001f13aaf0f69efcddcb2c915555b60770b6a8f857610aef6897b176d2bf40e43acbfbb226275efd055
-
SSDEEP
3072:CYhix86fzQFCixL3f1fKpEZqObx4J2vNbGfvGnd3gW5ZM4/u:CQm8yzQQitfhKqZbNdndPZMT
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
UAC bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
3