Overview

overview

9

Static

static

3

18c7e5fbfb...18.dll

windows7-x64

18c7e5fbfb...18.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18c7e5fbfb5b0bdd09279e3bd8bd17f0_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240628-e4zt9a1enb

  • MD5

    18c7e5fbfb5b0bdd09279e3bd8bd17f0

  • SHA1

    15b80b8a4b263f8a4b902dc1f6af01b923032e0e

  • SHA256

    2cd91ceff31309f8dbdef3e2ef66cd20a6df6d910f9a4c98b3d7a9e67aada436

  • SHA512

    29efa3df1eb2046e8662e29ef409cb6e7b6e7e3590aa9e9ee2d844e7faad3dd7302bd0c1627d4512faffccf53b446c3e82eb49b15ee14cc0a46fff8fdda1aaa6

  • SSDEEP

    49152:W3T+vr7klhTd2UJA0MfsPGrBnY0Llmh71Is9M:8yv/klR2fsPG1nDl271G

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      18c7e5fbfb5b0bdd09279e3bd8bd17f0_JaffaCakes118

    • Size

      1.7MB

    • MD5

      18c7e5fbfb5b0bdd09279e3bd8bd17f0

    • SHA1

      15b80b8a4b263f8a4b902dc1f6af01b923032e0e

    • SHA256

      2cd91ceff31309f8dbdef3e2ef66cd20a6df6d910f9a4c98b3d7a9e67aada436

    • SHA512

      29efa3df1eb2046e8662e29ef409cb6e7b6e7e3590aa9e9ee2d844e7faad3dd7302bd0c1627d4512faffccf53b446c3e82eb49b15ee14cc0a46fff8fdda1aaa6

    • SSDEEP

      49152:W3T+vr7klhTd2UJA0MfsPGrBnY0Llmh71Is9M:8yv/klR2fsPG1nDl271G

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks