General

  • Target

    075007642b0455ec4138eb0e88bbcc40_JaffaCakes118

  • Size

    124KB

  • Sample

    240620-syrtcavcpe

  • MD5

    075007642b0455ec4138eb0e88bbcc40

  • SHA1

    2463993f11dd54cf02eb527ac608b223fea6dd7d

  • SHA256

    52bc965e4bff74caf4831d75442c9ee1dac98d84de55e769ff47cf8413a3ad8a

  • SHA512

    6365f13cb922162bc16ae35d17f72b01ec7ceb37b375edaa68ff7c0ffa328dc396ad33f98ed819e216f54fcddd9121d8e953d7a74977e5caf24eed8656b0fad0

  • SSDEEP

    1536:yaONzSpBc5Xqb/8lcSAovLiZUI8ULmrNrNi3c1oHAtqGIiDAqaDy7fP:qlZvLs8FhR04oG8VDy7fP

Malware Config

Targets

    • Target

      075007642b0455ec4138eb0e88bbcc40_JaffaCakes118

    • Size

      124KB

    • MD5

      075007642b0455ec4138eb0e88bbcc40

    • SHA1

      2463993f11dd54cf02eb527ac608b223fea6dd7d

    • SHA256

      52bc965e4bff74caf4831d75442c9ee1dac98d84de55e769ff47cf8413a3ad8a

    • SHA512

      6365f13cb922162bc16ae35d17f72b01ec7ceb37b375edaa68ff7c0ffa328dc396ad33f98ed819e216f54fcddd9121d8e953d7a74977e5caf24eed8656b0fad0

    • SSDEEP

      1536:yaONzSpBc5Xqb/8lcSAovLiZUI8ULmrNrNi3c1oHAtqGIiDAqaDy7fP:qlZvLs8FhR04oG8VDy7fP

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks