Overview

overview

6

Static

static

3

0f26d915d2...18.exe

windows7-x64

6

0f26d915d2...18.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    0f26d915d28e2054f77aaca92e703843_JaffaCakes118

  • Size

    968KB

  • Sample

    240625-xh3m5awgmd

  • MD5

    0f26d915d28e2054f77aaca92e703843

  • SHA1

    d4e7ec72f4e0e297136545166db5e8ab2499a429

  • SHA256

    4597fce089c7ea9fac3889a3ff9a6ad92cae116b590b9261475c3221d780d5ec

  • SHA512

    422c46df79640f3c660afc3f6ab2630dbd152f729435e9eee43051eae8cbdbf9fa1a2c31a726e9370ee2bd4b43b757dda0bd9220862d27a5046d2f758dce6ad0

  • SSDEEP

    24576:a8FPzKsv0aW0PapWdPlJyOAC5d31QDRj:a8FbG70dPzvjE

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      0f26d915d28e2054f77aaca92e703843_JaffaCakes118

    • Size

      968KB

    • MD5

      0f26d915d28e2054f77aaca92e703843

    • SHA1

      d4e7ec72f4e0e297136545166db5e8ab2499a429

    • SHA256

      4597fce089c7ea9fac3889a3ff9a6ad92cae116b590b9261475c3221d780d5ec

    • SHA512

      422c46df79640f3c660afc3f6ab2630dbd152f729435e9eee43051eae8cbdbf9fa1a2c31a726e9370ee2bd4b43b757dda0bd9220862d27a5046d2f758dce6ad0

    • SSDEEP

      24576:a8FPzKsv0aW0PapWdPlJyOAC5d31QDRj:a8FbG70dPzvjE

    Score
    6/10
    bootkitpersistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks