General
-
Target
072ea7c552114d44aafc9ec49a9e6172_JaffaCakes118
-
Size
240KB
-
Sample
240620-snpk8sycjk
-
MD5
072ea7c552114d44aafc9ec49a9e6172
-
SHA1
2687035992a0b66e5ceb05eefade6c34baf4d99c
-
SHA256
a5c971c9e17d58583a8864660514fbaa89028a7b231731bcbf4a9ea1089f49b4
-
SHA512
79c27eda52b6f0b72154dc241e38cc0680d66101da4cd65234d4037b6c896e73fc4e01c033b91bf6267cb9dcaf9441e303b025cb133dac0a7d73bea4d2a61142
-
SSDEEP
6144:6lGc8eOEAJa9yS5IQBgz58YcMe+qPeLjunNsck2K:6YjY75n+z59F5/ja
Static task
static1
Behavioral task
behavioral1
Sample
072ea7c552114d44aafc9ec49a9e6172_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
072ea7c552114d44aafc9ec49a9e6172_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
072ea7c552114d44aafc9ec49a9e6172_JaffaCakes118
-
Size
240KB
-
MD5
072ea7c552114d44aafc9ec49a9e6172
-
SHA1
2687035992a0b66e5ceb05eefade6c34baf4d99c
-
SHA256
a5c971c9e17d58583a8864660514fbaa89028a7b231731bcbf4a9ea1089f49b4
-
SHA512
79c27eda52b6f0b72154dc241e38cc0680d66101da4cd65234d4037b6c896e73fc4e01c033b91bf6267cb9dcaf9441e303b025cb133dac0a7d73bea4d2a61142
-
SSDEEP
6144:6lGc8eOEAJa9yS5IQBgz58YcMe+qPeLjunNsck2K:6YjY75n+z59F5/ja
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-