General
-
Target
00d45af0b2f1fb5dffed543cd2b328cb_JaffaCakes118
-
Size
2.5MB
-
Sample
240623-z35pbswbjr
-
MD5
00d45af0b2f1fb5dffed543cd2b328cb
-
SHA1
fdd892754baeac73525a9adba67cb8395d8cb387
-
SHA256
c0c717a0f91316ca0671b60ab71e3a6c6b8793bac7992a0358e184667e762375
-
SHA512
7ae6dca00a9b0102445e1f3e1eb3879e2791b76644d0ce80f5f52cd0ef295ebdcf9bd8047d5e0ef729a372a029309ccb73c26d8c829104d9d521205d2e33d5eb
-
SSDEEP
49152:mUwCYiuHTF5Avd7Z3xBsbzSLQtF7hO3NpYkAm3ImN4glULMVzH39eHf4:mEYiuHYFV3bsqLQtF7M3pvh6sHt0g
Static task
static1
Behavioral task
behavioral1
Sample
00d45af0b2f1fb5dffed543cd2b328cb_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
00d45af0b2f1fb5dffed543cd2b328cb_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
00d45af0b2f1fb5dffed543cd2b328cb_JaffaCakes118
-
Size
2.5MB
-
MD5
00d45af0b2f1fb5dffed543cd2b328cb
-
SHA1
fdd892754baeac73525a9adba67cb8395d8cb387
-
SHA256
c0c717a0f91316ca0671b60ab71e3a6c6b8793bac7992a0358e184667e762375
-
SHA512
7ae6dca00a9b0102445e1f3e1eb3879e2791b76644d0ce80f5f52cd0ef295ebdcf9bd8047d5e0ef729a372a029309ccb73c26d8c829104d9d521205d2e33d5eb
-
SSDEEP
49152:mUwCYiuHTF5Avd7Z3xBsbzSLQtF7hO3NpYkAm3ImN4glULMVzH39eHf4:mEYiuHYFV3bsqLQtF7M3pvh6sHt0g
-
Gh0st RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
2