General

  • Target

    b281718cc324f7989cbf992ed83b554c_JaffaCakes118

  • Size

    341KB

  • Sample

    240616-j2sqdawcpb

  • MD5

    b281718cc324f7989cbf992ed83b554c

  • SHA1

    941afefd0d62dbb4f5b9c78d063c129f6eb3879c

  • SHA256

    0ff5c28b60e862f1b6b5e9427f72805aa3a1e44391b1fc44f0bf47d2fbf90c91

  • SHA512

    9b6ea10a198a8dd8702f501c548c997d6d1d4e9daee8621bd81ead2966941d17446281bcad4f327f2723c84a9427947e452462ea78fa55202f75de57f9f0786f

  • SSDEEP

    6144:hNYW4FChnyCibgTBco6CaXQsf9irpYBLkzCSFsnJhUxjhCDVwS3ifhW:14aPEo6CagXpYBeDFeJhUxj0XyfhW

Malware Config

Targets

    • Target

      b281718cc324f7989cbf992ed83b554c_JaffaCakes118

    • Size

      341KB

    • MD5

      b281718cc324f7989cbf992ed83b554c

    • SHA1

      941afefd0d62dbb4f5b9c78d063c129f6eb3879c

    • SHA256

      0ff5c28b60e862f1b6b5e9427f72805aa3a1e44391b1fc44f0bf47d2fbf90c91

    • SHA512

      9b6ea10a198a8dd8702f501c548c997d6d1d4e9daee8621bd81ead2966941d17446281bcad4f327f2723c84a9427947e452462ea78fa55202f75de57f9f0786f

    • SSDEEP

      6144:hNYW4FChnyCibgTBco6CaXQsf9irpYBLkzCSFsnJhUxjhCDVwS3ifhW:14aPEo6CagXpYBeDFeJhUxj0XyfhW

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks