General
-
Target
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118
-
Size
49KB
-
Sample
240420-snxlvabh6z
-
MD5
fd0e477f26eccd783d2819b1c35e4d40
-
SHA1
ace074e56e7f8875405cba17cdf48d4c053b37e5
-
SHA256
af204a3b364e15c8fff9e6a1adfce189e4267ea4ff2a49c116d10ba08c4bb605
-
SHA512
5d804fe7c5b500f58c4bf37e93b4f62766da5fc058d0f0cad02fd6903491ff45c91e1c1fba119c89290fc3a4f16626a78d100c635728ae6e5fdb27ac55d80ae9
-
SSDEEP
1536:Rffj6lx9QTW/dfhoBbWnkYswggDwx8ltmHUr9:RffMxv/dfwbj0RDo8l7
Behavioral task
behavioral1
Sample
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fd0e477f26eccd783d2819b1c35e4d40_JaffaCakes118
-
Size
49KB
-
MD5
fd0e477f26eccd783d2819b1c35e4d40
-
SHA1
ace074e56e7f8875405cba17cdf48d4c053b37e5
-
SHA256
af204a3b364e15c8fff9e6a1adfce189e4267ea4ff2a49c116d10ba08c4bb605
-
SHA512
5d804fe7c5b500f58c4bf37e93b4f62766da5fc058d0f0cad02fd6903491ff45c91e1c1fba119c89290fc3a4f16626a78d100c635728ae6e5fdb27ac55d80ae9
-
SSDEEP
1536:Rffj6lx9QTW/dfhoBbWnkYswggDwx8ltmHUr9:RffMxv/dfwbj0RDo8l7
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-