General

  • Target

    05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118

  • Size

    35KB

  • Sample

    240620-nw1agszdlr

  • MD5

    05b02a023bdb0e2a9d113f7dd70e1f73

  • SHA1

    8f8e031cc94ccb71e037c9a1da497c3c1e297bbf

  • SHA256

    58f03772054f76078e4338edcf2e43e36302243832565dfb5736df41603438fa

  • SHA512

    8ad9f51ee2d17fb0de08fe92b3362a6e8b86759339a8644cdbca0a1c584a7e459b31d1dd9559fbe73717bb8075594bc837840dea692bc0e8b0b3e5ee9974b6bc

  • SSDEEP

    768:DH787z80EvJuGLzZmhH1B3yBPgxPCxtHygW1DRQX/a/o9H9ySOH8J:DHyUJuYzZ6VkBomR2wSQHyfC

Malware Config

Targets

    • Target

      05b02a023bdb0e2a9d113f7dd70e1f73_JaffaCakes118

    • Size

      35KB

    • MD5

      05b02a023bdb0e2a9d113f7dd70e1f73

    • SHA1

      8f8e031cc94ccb71e037c9a1da497c3c1e297bbf

    • SHA256

      58f03772054f76078e4338edcf2e43e36302243832565dfb5736df41603438fa

    • SHA512

      8ad9f51ee2d17fb0de08fe92b3362a6e8b86759339a8644cdbca0a1c584a7e459b31d1dd9559fbe73717bb8075594bc837840dea692bc0e8b0b3e5ee9974b6bc

    • SSDEEP

      768:DH787z80EvJuGLzZmhH1B3yBPgxPCxtHygW1DRQX/a/o9H9ySOH8J:DHyUJuYzZ6VkBomR2wSQHyfC

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks