General
-
Target
fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118
-
Size
834KB
-
Sample
240420-y1ppnagh44
-
MD5
fd8dcad6006a5c4cf5e4cb1dd0f9ac63
-
SHA1
ae039707a732f19a22ebee2ced7a9bfa81562652
-
SHA256
61697ef43dd7466ae631f86542c02d1512b39d146dc21291e58274f8a22e5a22
-
SHA512
2e3a3520e68ccbf25199e9182590b7ab1664cc3fda980fb9131f0ef938c294c08d21acfb24635bbd8785a0548569dfc06679ed33d5cdc0aba86956f0562d83b8
-
SSDEEP
12288:AXoJ3pFAFuIqlJzyi7m1IxXT0vHwkx+CxkpZhEKRO30OVkc1+QFpr8U:Vn2QA1IXwvlxshEKRO3VT7
Static task
static1
Behavioral task
behavioral1
Sample
fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
fd8dcad6006a5c4cf5e4cb1dd0f9ac63_JaffaCakes118
-
Size
834KB
-
MD5
fd8dcad6006a5c4cf5e4cb1dd0f9ac63
-
SHA1
ae039707a732f19a22ebee2ced7a9bfa81562652
-
SHA256
61697ef43dd7466ae631f86542c02d1512b39d146dc21291e58274f8a22e5a22
-
SHA512
2e3a3520e68ccbf25199e9182590b7ab1664cc3fda980fb9131f0ef938c294c08d21acfb24635bbd8785a0548569dfc06679ed33d5cdc0aba86956f0562d83b8
-
SSDEEP
12288:AXoJ3pFAFuIqlJzyi7m1IxXT0vHwkx+CxkpZhEKRO30OVkc1+QFpr8U:Vn2QA1IXwvlxshEKRO3VT7
Score8/10-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1