9206da48749d315ed4d4744c69f5b457b914b5dc1140c6723241d8417b741efe | Triage

Sharing

General

Target

7273c77e71a5018ced8384d1c7f37f5a_JaffaCakes118
Size

16.6MB
Sample

240525-s6m55ahh62
MD5

7273c77e71a5018ced8384d1c7f37f5a
SHA1

b7a63e84e1f8c2c459b72ab02ca50e6157fcf3ec
SHA256

9206da48749d315ed4d4744c69f5b457b914b5dc1140c6723241d8417b741efe
SHA512

d1eee186d3b6069734269bde2d92ed58e1abd03c63cb1831e98f5a659498c883374584731088e83410b244115d8a7853e381e447a2ee06aa7f836776cf51d42f
SSDEEP

393216:I4rPcKia34iguEUIh4l6N57CfiAlpjH6LOEm10uaAm:pI5aFN6N57W5jaLOL0uaz

Score

7^/10

bootkit persistence spyware stealer upx

Malware Config

Targets

- Target
  
  7273c77e71a5018ced8384d1c7f37f5a_JaffaCakes118
- Size
  
  16.6MB
- MD5
  
  7273c77e71a5018ced8384d1c7f37f5a
- SHA1
  
  b7a63e84e1f8c2c459b72ab02ca50e6157fcf3ec
- SHA256
  
  9206da48749d315ed4d4744c69f5b457b914b5dc1140c6723241d8417b741efe
- SHA512
  
  d1eee186d3b6069734269bde2d92ed58e1abd03c63cb1831e98f5a659498c883374584731088e83410b244115d8a7853e381e447a2ee06aa7f836776cf51d42f
- SSDEEP
  
  393216:I4rPcKia34iguEUIh4l6N57CfiAlpjH6LOEm10uaAm:pI5aFN6N57W5jaLOL0uaz
Score

7^/10

bootkit persistence spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencespywarestealerupx

behavioral2

bootkitpersistencespywarestealerupx