Overview

overview

8

Static

static

3

5d85d71be0...18.exe

windows7-x64

8

5d85d71be0...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d85d71be02948694ea0d07bba6e329b_JaffaCakes118

  • Size

    196KB

  • Sample

    240719-y4k6msxgnl

  • MD5

    5d85d71be02948694ea0d07bba6e329b

  • SHA1

    d8eeddcced6f59b582ecefda5f3d6ef0d74f2bbb

  • SHA256

    0366c69735d1f7504da1b8f50f2c74d27297f116653be232cded3d4d925c8c18

  • SHA512

    6a91d97658d66d12eb4f519bddfd05a5ccdc66862c13bfee2e427889b383aeabe5d8d5edff19b58be63c01567867513308295aa38829516d768112245025a43a

  • SSDEEP

    3072:mA+YHMDqHNma8yzw1aBOR5OE1EM2jASY1atZgn37zpnop2WtXvs3RA/FLpcuR:mA+YHqyM1ay92NgvpnoJtEhANLpd

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      5d85d71be02948694ea0d07bba6e329b_JaffaCakes118

    • Size

      196KB

    • MD5

      5d85d71be02948694ea0d07bba6e329b

    • SHA1

      d8eeddcced6f59b582ecefda5f3d6ef0d74f2bbb

    • SHA256

      0366c69735d1f7504da1b8f50f2c74d27297f116653be232cded3d4d925c8c18

    • SHA512

      6a91d97658d66d12eb4f519bddfd05a5ccdc66862c13bfee2e427889b383aeabe5d8d5edff19b58be63c01567867513308295aa38829516d768112245025a43a

    • SSDEEP

      3072:mA+YHMDqHNma8yzw1aBOR5OE1EM2jASY1atZgn37zpnop2WtXvs3RA/FLpcuR:mA+YHqyM1ay92NgvpnoJtEhANLpd

    Score
    8/10
    bootkitpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks