General

  • Target

    73c6da067fb3d334aff02a228f118992_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240526-ayppwaha27

  • MD5

    73c6da067fb3d334aff02a228f118992

  • SHA1

    3ce65baab0d969339b658e3208efd1c4c4201415

  • SHA256

    0d5def3720993c7ff853209226c0becaee1a367ee2d69dae8cf9cb951602b4e6

  • SHA512

    518f6fd0f02423dae19464d3cec6c5dead56278b351ccc4cc48ba7a0e5106d034bc158d13d9877cd0a2e6a9acae83d8465f6dc7605469ff696dddd15081fddf9

  • SSDEEP

    49152:68uup8JQPIFz41BR3bbpePvcdNKEBOZ8VcjbDhYRtWaETOZ8DMul:68uup8JQPC41BR3MsNKEcZ8VOscaY

Score
7/10

Malware Config

Targets

    • Target

      73c6da067fb3d334aff02a228f118992_JaffaCakes118

    • Size

      2.0MB

    • MD5

      73c6da067fb3d334aff02a228f118992

    • SHA1

      3ce65baab0d969339b658e3208efd1c4c4201415

    • SHA256

      0d5def3720993c7ff853209226c0becaee1a367ee2d69dae8cf9cb951602b4e6

    • SHA512

      518f6fd0f02423dae19464d3cec6c5dead56278b351ccc4cc48ba7a0e5106d034bc158d13d9877cd0a2e6a9acae83d8465f6dc7605469ff696dddd15081fddf9

    • SSDEEP

      49152:68uup8JQPIFz41BR3bbpePvcdNKEBOZ8VcjbDhYRtWaETOZ8DMul:68uup8JQPC41BR3MsNKEcZ8VOscaY

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      19KB

    • MD5

      35d7b29c3ed690a8b0cd323917677b42

    • SHA1

      ad74d2babe09f94838e408c8f9f77b6b56c644f5

    • SHA256

      714bd22a836a7f164b848541b8bf8ac80a20ff38e10e412bf9ef518620a80b8c

    • SHA512

      abc6f37b7306de737adf998607e81304ecc1589ac8e3164651b237def11b424a190e84608f4f6ce44a63ce225d93be7c617a736c82fb6b9077c5222c2e17b67d

    • SSDEEP

      384:4JoiO8V2upW7vQjS//nYPLQa6jvjeMN+:4JzO8V2uovQjoym

    Score
    3/10
    • Target

      $PLUGINSDIR/insthelper.dll

    • Size

      774KB

    • MD5

      8bcd300c69b67e78b09cf07aecfa14fb

    • SHA1

      d92bdb71d8b8477a3f0838360191aecc459a3c09

    • SHA256

      d62d59db60544bd44db6d710f3b6d48608bee022d908dc46d16885e79dd1ca0d

    • SHA512

      393667c3423ed6defeca5c7c51c3244106ebb737398b34822a38edf9fa68cead72016a77c29d4f47d0c5c784c6339e8080d3b35eb17d325658a951c464951cf4

    • SSDEEP

      24576:Hur3XYYvDFTBs8N2x0y7J07fGYQ0gD8H9V2SM+5byEziR1BRWptMYabpeB:jp8JQPIFz41BR3bbpeB

    Score
    3/10
    • Target

      $PLUGINSDIR/reportsetup.dll

    • Size

      309KB

    • MD5

      52c3b9ac0484ece3b524a9526272f88e

    • SHA1

      c07268de6a13290acbf58ec5ef75e2468533d791

    • SHA256

      210876c0ff70ffaa88a05f9ef794a96136549f4168e940e256fb4ac85b0fff71

    • SHA512

      da7710404e5630509eeaf9e318e2a4a2d9c4f269aee6cdce5d2a8f128094e7c92940312fda9913f5c44dce5159b59159f40137ddb2e7975e450f30c6a7b24f47

    • SSDEEP

      6144:9TTPaNT41SBzliGz6WXKzoOCEIMzjKTBR2Z4kgg6D/Uuc:NrmT4uxiGz6WazojEfnKT/2Z4nD/Uuc

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

System Information Discovery

1
T1082

Tasks