Overview

overview

8

Static

static

3

fa81b15797...18.dll

windows7-x64

8

fa81b15797...18.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa81b15797a930ba3cd1becba7a6271d_JaffaCakes118

  • Size

    139KB

  • Sample

    240419-rv2npsff2z

  • MD5

    fa81b15797a930ba3cd1becba7a6271d

  • SHA1

    d54e0e66b21ff35fbe83e08d2b16ea473864d8de

  • SHA256

    ca8882fa0f8901d1ced64859a24e5aeb6cfc595818e822026c6bdb31c41cdbc6

  • SHA512

    8d511392376a61ead636f3328e21fb7a7fc2c9d32f09070118f77a731ee8f799925f9089bb84991dc18a4391ab0115aa6d7e67e4df2fb74e08b9a25f2c38975b

  • SSDEEP

    3072:uSB1fMiCOQibXjFyZ25m8LFGC4l+zsjI0fuT4:/vfM34Xjoam8LFG5ozsjDuT

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      fa81b15797a930ba3cd1becba7a6271d_JaffaCakes118

    • Size

      139KB

    • MD5

      fa81b15797a930ba3cd1becba7a6271d

    • SHA1

      d54e0e66b21ff35fbe83e08d2b16ea473864d8de

    • SHA256

      ca8882fa0f8901d1ced64859a24e5aeb6cfc595818e822026c6bdb31c41cdbc6

    • SHA512

      8d511392376a61ead636f3328e21fb7a7fc2c9d32f09070118f77a731ee8f799925f9089bb84991dc18a4391ab0115aa6d7e67e4df2fb74e08b9a25f2c38975b

    • SSDEEP

      3072:uSB1fMiCOQibXjFyZ25m8LFGC4l+zsjI0fuT4:/vfM34Xjoam8LFG5ozsjDuT

    Score
    8/10
    bootkitpersistence

    • Blocklisted process makes network request

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks