General
-
Target
3363b213b3cd64573f1ca3d6912b8162_JaffaCakes118
-
Size
370KB
-
Sample
240710-fnn89azejf
-
MD5
3363b213b3cd64573f1ca3d6912b8162
-
SHA1
bce4e19f54527a4d74bcc7adcffd541e48703935
-
SHA256
26d0e8ccceb0358465d5cc0cfa0f351e464a17aaa3137a3d333b4f8600e247f3
-
SHA512
d2498e6719bf934a2f6d7668bee67cbae66515877d35ff1c75da2cb639edb2ff79f0105e89e7db8ce3518edb43e6ca606da1c1440fbb843b7c88369c34dbf3b1
-
SSDEEP
6144:b1dlZro5yhwHn4ZCJN0tXkZ1giG6FzTDYIXxu8nMRbSkqUmK54lcDHt1Pmj:b1dlZo5yOn0CJmCiWX8vbD54lkHLPmj
Malware Config
Targets
-
-
Target
3363b213b3cd64573f1ca3d6912b8162_JaffaCakes118
-
Size
370KB
-
MD5
3363b213b3cd64573f1ca3d6912b8162
-
SHA1
bce4e19f54527a4d74bcc7adcffd541e48703935
-
SHA256
26d0e8ccceb0358465d5cc0cfa0f351e464a17aaa3137a3d333b4f8600e247f3
-
SHA512
d2498e6719bf934a2f6d7668bee67cbae66515877d35ff1c75da2cb639edb2ff79f0105e89e7db8ce3518edb43e6ca606da1c1440fbb843b7c88369c34dbf3b1
-
SSDEEP
6144:b1dlZro5yhwHn4ZCJN0tXkZ1giG6FzTDYIXxu8nMRbSkqUmK54lcDHt1Pmj:b1dlZo5yOn0CJmCiWX8vbD54lkHLPmj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-