Overview

overview

7

Static

static

3

fa796b7f38...18.exe

windows7-x64

7

fa796b7f38...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa796b7f38ce445a54ac7df65b6a643a_JaffaCakes118

  • Size

    112KB

  • Sample

    240419-rjed2aed48

  • MD5

    fa796b7f38ce445a54ac7df65b6a643a

  • SHA1

    9a10804ffef3780cd8dac342d616740d86d8ebe6

  • SHA256

    5e4e77b0bd97c5fe128d696341ccb4d21df5d036d178b7ddeadba653eec998c7

  • SHA512

    10b0a78f320e8e6071497f58df53120144441534d9a476135a6518425b4494c9c0bbca3d11ad52bf91df4c92d9be888e93ef6f872f0e95e0e8bca7d8c01b9f22

  • SSDEEP

    3072:wjs9TB2+IjuYmin2PHiT1/zeC2OYty5BTgwOF:wjiTcluvin2aTQC2OEyTTgwOF

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      fa796b7f38ce445a54ac7df65b6a643a_JaffaCakes118

    • Size

      112KB

    • MD5

      fa796b7f38ce445a54ac7df65b6a643a

    • SHA1

      9a10804ffef3780cd8dac342d616740d86d8ebe6

    • SHA256

      5e4e77b0bd97c5fe128d696341ccb4d21df5d036d178b7ddeadba653eec998c7

    • SHA512

      10b0a78f320e8e6071497f58df53120144441534d9a476135a6518425b4494c9c0bbca3d11ad52bf91df4c92d9be888e93ef6f872f0e95e0e8bca7d8c01b9f22

    • SSDEEP

      3072:wjs9TB2+IjuYmin2PHiT1/zeC2OYty5BTgwOF:wjiTcluvin2aTQC2OEyTTgwOF

    Score
    7/10
    bootkitpersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks