Overview

overview

7

Static

static

7

18d696cca1...18.exe

windows7-x64

7

18d696cca1...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    18d696cca171bab74a506b22bfa5bb16_JaffaCakes118

  • Size

    852KB

  • Sample

    240628-fhhvaasbrh

  • MD5

    18d696cca171bab74a506b22bfa5bb16

  • SHA1

    586ef7cd5701a3b523ecc629ad2a64feeeaa2385

  • SHA256

    d42942ec57cde6ed9469595e7a127f6060e34c0229b5b79be1322a98dba23bd5

  • SHA512

    c3a4afc1f38a33e3fbb6e3167a30ae0674ad2e1fd4ca27a90d457db38ff0cd95073b3418fc6b561020cd90a5861b6a93a9f2faca1586c30330e4e86ca1892891

  • SSDEEP

    24576:1ahQbER00iU4SrC2etdgT5UifHnR2tNVlz:1amy0C4v9ngT5xfHRkNzz

Score
7/10
bootkitevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      18d696cca171bab74a506b22bfa5bb16_JaffaCakes118

    • Size

      852KB

    • MD5

      18d696cca171bab74a506b22bfa5bb16

    • SHA1

      586ef7cd5701a3b523ecc629ad2a64feeeaa2385

    • SHA256

      d42942ec57cde6ed9469595e7a127f6060e34c0229b5b79be1322a98dba23bd5

    • SHA512

      c3a4afc1f38a33e3fbb6e3167a30ae0674ad2e1fd4ca27a90d457db38ff0cd95073b3418fc6b561020cd90a5861b6a93a9f2faca1586c30330e4e86ca1892891

    • SSDEEP

      24576:1ahQbER00iU4SrC2etdgT5UifHnR2tNVlz:1amy0C4v9ngT5xfHRkNzz

    Score
    7/10
    bootkitevasionpersistencetrojanupx

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks