Overview

overview

8

Static

static

3

616e595a85...18.exe

windows7-x64

8

616e595a85...18.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    616e595a852b47d601c0d3a8d8d0dd0b_JaffaCakes118

  • Size

    88KB

  • Sample

    240721-z4ymeaverb

  • MD5

    616e595a852b47d601c0d3a8d8d0dd0b

  • SHA1

    22ccf544185fd7d6fb0a11d2d4b1dd6839e2dbbc

  • SHA256

    c3a36e41cab570c4737c54fab6e772cf70e4a78211b6ad4824f2ff97c623b91c

  • SHA512

    ac9f929724f3526c2447f12a0031511c5e8852615a3198fe10d8365c7ace1e0fd0cf09e724eac61dbf5d8d9238838ec7dee6f4fbb68cffcaa8fc741ff129bd15

  • SSDEEP

    1536:Jg6pmS7oIJn4SzO45tivfpCViUjRa7eMS0q+qYtCr5iRMPGzQZ:JgRS7oIJ4k5gfowU9a7efWqYCqMPqQZ

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      616e595a852b47d601c0d3a8d8d0dd0b_JaffaCakes118

    • Size

      88KB

    • MD5

      616e595a852b47d601c0d3a8d8d0dd0b

    • SHA1

      22ccf544185fd7d6fb0a11d2d4b1dd6839e2dbbc

    • SHA256

      c3a36e41cab570c4737c54fab6e772cf70e4a78211b6ad4824f2ff97c623b91c

    • SHA512

      ac9f929724f3526c2447f12a0031511c5e8852615a3198fe10d8365c7ace1e0fd0cf09e724eac61dbf5d8d9238838ec7dee6f4fbb68cffcaa8fc741ff129bd15

    • SSDEEP

      1536:Jg6pmS7oIJn4SzO45tivfpCViUjRa7eMS0q+qYtCr5iRMPGzQZ:JgRS7oIJ4k5gfowU9a7efWqYCqMPqQZ

    Score
    8/10
    bootkitpersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks