c1ef591b68cbceb3967c9a44d6d053ebe444eaa19651d9a9475438495df26fbe | Triage

Submit
Reports

Overview

overview

8

Static

static

1

647468fe98...18.exe

windows7-x64

8

647468fe98...18.exe

windows10-2004-x64

7

Sharing

General

Target

647468fe982d6659d20f3b5b5124cdd7_JaffaCakes118
Size

905KB
Sample

240521-xzc4ssff5v
MD5

647468fe982d6659d20f3b5b5124cdd7
SHA1

6c51a048011364d06e52d7912389e9394ac06547
SHA256

c1ef591b68cbceb3967c9a44d6d053ebe444eaa19651d9a9475438495df26fbe
SHA512

20aa1194af7157fa7cb77e681be2caae2a487a9315b515991fd0da42536d1567d9b95d48407281865e852048dc6589ff663fd739774e58c6a6f9a9e49c1ef807
SSDEEP

24576:nXifyIZzp53wHMAXwpa1P+1kkui6uKVOlzQ:XifyIZzvwHngp2P+1kWU4U

Score

8^/10

adware bootkit discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

647468fe982d6659d20f3b5b5124cdd7_JaffaCakes118.exe

Resource

win7-20240215-en

adware bootkit discovery persistence stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

647468fe982d6659d20f3b5b5124cdd7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

bootkit persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  647468fe982d6659d20f3b5b5124cdd7_JaffaCakes118
- Size
  
  905KB
- MD5
  
  647468fe982d6659d20f3b5b5124cdd7
- SHA1
  
  6c51a048011364d06e52d7912389e9394ac06547
- SHA256
  
  c1ef591b68cbceb3967c9a44d6d053ebe444eaa19651d9a9475438495df26fbe
- SHA512
  
  20aa1194af7157fa7cb77e681be2caae2a487a9315b515991fd0da42536d1567d9b95d48407281865e852048dc6589ff663fd739774e58c6a6f9a9e49c1ef807
- SSDEEP
  
  24576:nXifyIZzp53wHMAXwpa1P+1kkui6uKVOlzQ:XifyIZzvwHngp2P+1kWU4U
Score

8^/10

adware bootkit discovery persistence stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarebootkitdiscoverypersistencestealer

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy