General
-
Target
5bcdb9620aeca0baa30872b9dc0c8aa2_JaffaCakes118
-
Size
360KB
-
Sample
240719-nv7m6syhqm
-
MD5
5bcdb9620aeca0baa30872b9dc0c8aa2
-
SHA1
aa29fa0160ce73ed5dc46670435846f174497ed9
-
SHA256
b86a0f13b662941fac2210b81698d44a9e44b37a208143e3e49e0e27604e679d
-
SHA512
0c8dc7ff895442ad560d392428d160f9cf21742cda168c13c4b1b5935ccffbb7814b0ac8e499a14eade17f38c4493ea47808ca12e8300a45b3e66d80c691d18a
-
SSDEEP
6144:OyHhFMSpqT7UUwxZoWEAvxD2B1PED0ui9jh0:TXjxgAvxDKPjh
Malware Config
Targets
-
-
Target
5bcdb9620aeca0baa30872b9dc0c8aa2_JaffaCakes118
-
Size
360KB
-
MD5
5bcdb9620aeca0baa30872b9dc0c8aa2
-
SHA1
aa29fa0160ce73ed5dc46670435846f174497ed9
-
SHA256
b86a0f13b662941fac2210b81698d44a9e44b37a208143e3e49e0e27604e679d
-
SHA512
0c8dc7ff895442ad560d392428d160f9cf21742cda168c13c4b1b5935ccffbb7814b0ac8e499a14eade17f38c4493ea47808ca12e8300a45b3e66d80c691d18a
-
SSDEEP
6144:OyHhFMSpqT7UUwxZoWEAvxD2B1PED0ui9jh0:TXjxgAvxDKPjh
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1