General
-
Target
f5d7f916f67086f62ec639f67c1236bd_JaffaCakes118
-
Size
392KB
-
Sample
240417-qdgrjagf86
-
MD5
f5d7f916f67086f62ec639f67c1236bd
-
SHA1
1dbe11528947d64c083b4b1fe4187319c39f7075
-
SHA256
557de43a39dab194d93452b00d6fdba11356f24f8675b8c6ee931b6ef63f01b1
-
SHA512
0f3396e608d0b7ea001f217a3fc5f6f892f0bd2d05ead98659f62e725abdecb6f1c99b37927c0245e87b031f24b0e2d30af2cdaf41a7cc04bd00a0ceb99ef137
-
SSDEEP
6144:C0obwRJ4en13igFOUn877ROFLtQ69ddxTSo4slLx712U5Mz:CKJ4wiPOFLqCjuJgL2U5W
Malware Config
Targets
-
-
Target
f5d7f916f67086f62ec639f67c1236bd_JaffaCakes118
-
Size
392KB
-
MD5
f5d7f916f67086f62ec639f67c1236bd
-
SHA1
1dbe11528947d64c083b4b1fe4187319c39f7075
-
SHA256
557de43a39dab194d93452b00d6fdba11356f24f8675b8c6ee931b6ef63f01b1
-
SHA512
0f3396e608d0b7ea001f217a3fc5f6f892f0bd2d05ead98659f62e725abdecb6f1c99b37927c0245e87b031f24b0e2d30af2cdaf41a7cc04bd00a0ceb99ef137
-
SSDEEP
6144:C0obwRJ4en13igFOUn877ROFLtQ69ddxTSo4slLx712U5Mz:CKJ4wiPOFLqCjuJgL2U5W
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1