General

  • Target

    043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118

  • Size

    876KB

  • Sample

    240622-2thvbaybqg

  • MD5

    043f3061b5b97d60b539e2fd7c0450ac

  • SHA1

    6d84525ffc3ca9d7792f33883f7a51e133797ba2

  • SHA256

    1d4d5f90b2ae553582a8a621595eabe8d2e4bd5573eb5f95c974e58f8f6308c4

  • SHA512

    d48735f57574fdc897d009085aa5b0d169821886258021c824e03bc1d1c6a846a50240030f60d0a73dbb43cdc873a58f78a15e02049d66ecc1578180bc93e8ec

  • SSDEEP

    12288:f0Ts0GIFWKY4pJImq/TJk2J2gqR01Mf/Ygz8TUw7XdkeCnkI4N8266WySF6/UgWN:fP0GIO+O/dHrM3MUDe6dyJWPCVB49

Malware Config

Targets

    • Target

      043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118

    • Size

      876KB

    • MD5

      043f3061b5b97d60b539e2fd7c0450ac

    • SHA1

      6d84525ffc3ca9d7792f33883f7a51e133797ba2

    • SHA256

      1d4d5f90b2ae553582a8a621595eabe8d2e4bd5573eb5f95c974e58f8f6308c4

    • SHA512

      d48735f57574fdc897d009085aa5b0d169821886258021c824e03bc1d1c6a846a50240030f60d0a73dbb43cdc873a58f78a15e02049d66ecc1578180bc93e8ec

    • SSDEEP

      12288:f0Ts0GIFWKY4pJImq/TJk2J2gqR01Mf/Ygz8TUw7XdkeCnkI4N8266WySF6/UgWN:fP0GIO+O/dHrM3MUDe6dyJWPCVB49

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks