General

  • Target

    046a4a79489ed04033bded0940f905fa_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240622-3ne2xatgjn

  • MD5

    046a4a79489ed04033bded0940f905fa

  • SHA1

    beb0d595474d1dbd104105ce9af092d284e1621b

  • SHA256

    b018ac748920d8481a4f95b035af15cdbed746e9e8267139d914bcf7f5a7ad5b

  • SHA512

    b6c0781186af5a2bdad93b7a9f318e09944b8ae0650febdc77b7a0526f6c9f9ee7ecc8ab77f57e2187a55e10a49bbdf65da7b1257c13aa13fd5f91e96d65e86b

  • SSDEEP

    24576:Xh7St1cIx+fLWVdcealYblWC/QhBn+GIOQny2yrT:lc13xmLWe1UpKBn9dtrT

Malware Config

Targets

    • Target

      046a4a79489ed04033bded0940f905fa_JaffaCakes118

    • Size

      1.1MB

    • MD5

      046a4a79489ed04033bded0940f905fa

    • SHA1

      beb0d595474d1dbd104105ce9af092d284e1621b

    • SHA256

      b018ac748920d8481a4f95b035af15cdbed746e9e8267139d914bcf7f5a7ad5b

    • SHA512

      b6c0781186af5a2bdad93b7a9f318e09944b8ae0650febdc77b7a0526f6c9f9ee7ecc8ab77f57e2187a55e10a49bbdf65da7b1257c13aa13fd5f91e96d65e86b

    • SSDEEP

      24576:Xh7St1cIx+fLWVdcealYblWC/QhBn+GIOQny2yrT:lc13xmLWe1UpKBn9dtrT

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks