Overview

overview

7

Static

static

7

5ef9abd1d4...18.dll

windows7-x64

7

5ef9abd1d4...18.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    5ef9abd1d41ff3267cc2056853c0e68d_JaffaCakes118

  • Size

    343KB

  • Sample

    240720-era1cswanp

  • MD5

    5ef9abd1d41ff3267cc2056853c0e68d

  • SHA1

    5311045a93e5f6d0c9784c576630e577f6458a44

  • SHA256

    21b1fb0083fa04798d4cd05c364cc93aa5ac9acad4a96b21a616bd37440bcc13

  • SHA512

    0075882fc7e1d3c6feccd893e6e55687bf4370ed4bf80f05c111b13518c6c740be0401d61d3c6b63f3318a5bdfe3162da65c5fb988771b4d46061739a2f171b4

  • SSDEEP

    6144:glbT0MaphPdAYXYwR4QDN5gtN8HumeGKmcz55FBrOK6VGpZJHA/zpA:gbpS1ewu0D3eGKv/Br+sZ8

Score
7/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      5ef9abd1d41ff3267cc2056853c0e68d_JaffaCakes118

    • Size

      343KB

    • MD5

      5ef9abd1d41ff3267cc2056853c0e68d

    • SHA1

      5311045a93e5f6d0c9784c576630e577f6458a44

    • SHA256

      21b1fb0083fa04798d4cd05c364cc93aa5ac9acad4a96b21a616bd37440bcc13

    • SHA512

      0075882fc7e1d3c6feccd893e6e55687bf4370ed4bf80f05c111b13518c6c740be0401d61d3c6b63f3318a5bdfe3162da65c5fb988771b4d46061739a2f171b4

    • SSDEEP

      6144:glbT0MaphPdAYXYwR4QDN5gtN8HumeGKmcz55FBrOK6VGpZJHA/zpA:gbpS1ewu0D3eGKv/Br+sZ8

    Score
    7/10
    bootkitpersistencevmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks