Overview

overview

9

Static

static

3

fc3fe9d15a...18.exe

windows7-x64

9

fc3fe9d15a...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc3fe9d15a66ea65593c4d07a3b8bf40_JaffaCakes118

  • Size

    3.0MB

  • Sample

    240420-jdwgcsbg23

  • MD5

    fc3fe9d15a66ea65593c4d07a3b8bf40

  • SHA1

    917b947f3288cdb268b4008d0625ad96ada116f5

  • SHA256

    1e53c858208435c36959bc596b346f112dcccc12ff4e76b506185eea654b58cd

  • SHA512

    0ce32d3ae3caf5ab662f9388abf62e111ca9ff5ce910203f2bb0c1267845ee7ee4370b4dc5736c5ac824fd2fffc0dfa0af1d16b6691ab3d43b194157e887b218

  • SSDEEP

    49152:4sKfP9MS4qOjZrkvPMCjniz19tmETFPf9W0yDIqBfpBgJhlQg3031D+p99eSFfvh:4sYP9MSHoZrIUCjizzIETkDcJcCjfZ

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      fc3fe9d15a66ea65593c4d07a3b8bf40_JaffaCakes118

    • Size

      3.0MB

    • MD5

      fc3fe9d15a66ea65593c4d07a3b8bf40

    • SHA1

      917b947f3288cdb268b4008d0625ad96ada116f5

    • SHA256

      1e53c858208435c36959bc596b346f112dcccc12ff4e76b506185eea654b58cd

    • SHA512

      0ce32d3ae3caf5ab662f9388abf62e111ca9ff5ce910203f2bb0c1267845ee7ee4370b4dc5736c5ac824fd2fffc0dfa0af1d16b6691ab3d43b194157e887b218

    • SSDEEP

      49152:4sKfP9MS4qOjZrkvPMCjniz19tmETFPf9W0yDIqBfpBgJhlQg3031D+p99eSFfvh:4sYP9MSHoZrIUCjizzIETkDcJcCjfZ

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks