Overview

overview

7

Static

static

3

608efc0100...18.exe

windows7-x64

7

608efc0100...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    608efc010020c7f53457cd4adcfa4d3b_JaffaCakes118

  • Size

    296KB

  • Sample

    240721-pgcrbazhkh

  • MD5

    608efc010020c7f53457cd4adcfa4d3b

  • SHA1

    f2cd16584b821cdc3bd8b3e44276eadfd7adb348

  • SHA256

    0654ae3ae425e5d740f52215e40fc82b4666ddd7c4c5ad77771202cae5b1b60e

  • SHA512

    4fc91bf354143edfadfb29042299e411a5f6f2950af9fb32e01c9bd3b2b72a93590b1dc9b21c8d24c0d6cf34e4c2eec6347da36d9d7a39a94df0f8fc0a6f0c70

  • SSDEEP

    6144:I0BMhwjXMwGrAswx96CIXomvyhhiAXf2N8+kAjgFZWs5WeB:IuM+jcVFJyhM8uNWAoZWZg

Score
7/10
bootkitpersistencespywarestealer

Malware Config

Targets

    • Target

      608efc010020c7f53457cd4adcfa4d3b_JaffaCakes118

    • Size

      296KB

    • MD5

      608efc010020c7f53457cd4adcfa4d3b

    • SHA1

      f2cd16584b821cdc3bd8b3e44276eadfd7adb348

    • SHA256

      0654ae3ae425e5d740f52215e40fc82b4666ddd7c4c5ad77771202cae5b1b60e

    • SHA512

      4fc91bf354143edfadfb29042299e411a5f6f2950af9fb32e01c9bd3b2b72a93590b1dc9b21c8d24c0d6cf34e4c2eec6347da36d9d7a39a94df0f8fc0a6f0c70

    • SSDEEP

      6144:I0BMhwjXMwGrAswx96CIXomvyhhiAXf2N8+kAjgFZWs5WeB:IuM+jcVFJyhM8uNWAoZWZg

    Score
    7/10
    bootkitpersistencespywarestealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks