General
-
Target
2ac846432b45f23a8229bff015adfca6_JaffaCakes118
-
Size
815KB
-
Sample
240708-dpr1essapc
-
MD5
2ac846432b45f23a8229bff015adfca6
-
SHA1
e54d9f688dca25ffa2322c8f374a242f10a91119
-
SHA256
4698182a1917fcd6616ae0595325a2b74d1fba3f606a244e6730b0cbfbf41698
-
SHA512
0252cbefc0b36b5c9b822cb7d3a8d3c3323ad89aa7a2dd5fb9e779af994506947021c9bec151891c0ac794579f32a0a4cda3e70ce261bc23f4c5290313d9f384
-
SSDEEP
24576:LS8xiPkHXd+rVJORWzjEzG4inuB+Hto2:BBMrVJORWPEzMe+HtV
Malware Config
Targets
-
-
Target
2ac846432b45f23a8229bff015adfca6_JaffaCakes118
-
Size
815KB
-
MD5
2ac846432b45f23a8229bff015adfca6
-
SHA1
e54d9f688dca25ffa2322c8f374a242f10a91119
-
SHA256
4698182a1917fcd6616ae0595325a2b74d1fba3f606a244e6730b0cbfbf41698
-
SHA512
0252cbefc0b36b5c9b822cb7d3a8d3c3323ad89aa7a2dd5fb9e779af994506947021c9bec151891c0ac794579f32a0a4cda3e70ce261bc23f4c5290313d9f384
-
SSDEEP
24576:LS8xiPkHXd+rVJORWzjEzG4inuB+Hto2:BBMrVJORWPEzMe+HtV
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1