General
-
Target
b281718cc324f7989cbf992ed83b554c_JaffaCakes118
-
Size
341KB
-
Sample
240616-j2sqdawcpb
-
MD5
b281718cc324f7989cbf992ed83b554c
-
SHA1
941afefd0d62dbb4f5b9c78d063c129f6eb3879c
-
SHA256
0ff5c28b60e862f1b6b5e9427f72805aa3a1e44391b1fc44f0bf47d2fbf90c91
-
SHA512
9b6ea10a198a8dd8702f501c548c997d6d1d4e9daee8621bd81ead2966941d17446281bcad4f327f2723c84a9427947e452462ea78fa55202f75de57f9f0786f
-
SSDEEP
6144:hNYW4FChnyCibgTBco6CaXQsf9irpYBLkzCSFsnJhUxjhCDVwS3ifhW:14aPEo6CagXpYBeDFeJhUxj0XyfhW
Static task
static1
Behavioral task
behavioral1
Sample
b281718cc324f7989cbf992ed83b554c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b281718cc324f7989cbf992ed83b554c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
b281718cc324f7989cbf992ed83b554c_JaffaCakes118
-
Size
341KB
-
MD5
b281718cc324f7989cbf992ed83b554c
-
SHA1
941afefd0d62dbb4f5b9c78d063c129f6eb3879c
-
SHA256
0ff5c28b60e862f1b6b5e9427f72805aa3a1e44391b1fc44f0bf47d2fbf90c91
-
SHA512
9b6ea10a198a8dd8702f501c548c997d6d1d4e9daee8621bd81ead2966941d17446281bcad4f327f2723c84a9427947e452462ea78fa55202f75de57f9f0786f
-
SSDEEP
6144:hNYW4FChnyCibgTBco6CaXQsf9irpYBLkzCSFsnJhUxjhCDVwS3ifhW:14aPEo6CagXpYBeDFeJhUxj0XyfhW
Score6/10-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-