Overview

overview

8

Static

static

3

a23a2cb51b...18.exe

windows7-x64

7

a23a2cb51b...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a23a2cb51b11df11ab9735872ea6ce09_JaffaCakes118

  • Size

    942KB

  • Sample

    240612-zbc51ashlm

  • MD5

    a23a2cb51b11df11ab9735872ea6ce09

  • SHA1

    7feefbbd69e9820a783698d0f928cf84ad6bbdb9

  • SHA256

    409a7ee93b354e1aeddba5d22cc22a79da4c539b0b72938cec3ca49fdf0dd760

  • SHA512

    dc4d87f28ec2a71c7a53a47630b577af955a6461fb4504e9c6af7fcf661ba8bc37707c1b651266d22ec110b1f23c533cec7de9639cc1f8074b0cdffed45bdcca

  • SSDEEP

    24576:f7kpSFHhjyI2MlGEogdVzs0GvKLzn6Y/4wDE:fmIVrV1TGSPnJ4wDE

Score
8/10
bootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      a23a2cb51b11df11ab9735872ea6ce09_JaffaCakes118

    • Size

      942KB

    • MD5

      a23a2cb51b11df11ab9735872ea6ce09

    • SHA1

      7feefbbd69e9820a783698d0f928cf84ad6bbdb9

    • SHA256

      409a7ee93b354e1aeddba5d22cc22a79da4c539b0b72938cec3ca49fdf0dd760

    • SHA512

      dc4d87f28ec2a71c7a53a47630b577af955a6461fb4504e9c6af7fcf661ba8bc37707c1b651266d22ec110b1f23c533cec7de9639cc1f8074b0cdffed45bdcca

    • SSDEEP

      24576:f7kpSFHhjyI2MlGEogdVzs0GvKLzn6Y/4wDE:fmIVrV1TGSPnJ4wDE

    Score
    8/10
    bootkitpersistencespywarestealer

    • Modifies Installed Components in the registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks