Overview

overview

10

Static

static

3

65070b7b45...18.exe

windows7-x64

10

65070b7b45...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    65070b7b458c5439b68e5e555a5d8ab5_JaffaCakes118

  • Size

    596KB

  • Sample

    240722-199sassckr

  • MD5

    65070b7b458c5439b68e5e555a5d8ab5

  • SHA1

    3ea4546031c961d3cf6b9b6a9179d3ddfff8df52

  • SHA256

    e6cb9521bd4e1f2ab53c03bfef1e00b3b0c8ec71b44682c44b79a67b34493446

  • SHA512

    da49c82e086c8f798db90d2b643ad59de67625b1efab57f8f42d9768cdf3e23d2c2160c44526467001baf93445c3d1e058d4f13394f21c44315d026c7950ef26

  • SSDEEP

    12288:97bE3pZIUhMtk2Borsi0cXLd5c8weuKAFV7zoO+DEavGVv:db8MU+MX0cbY8NXAFV7UO+4OGVv

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      65070b7b458c5439b68e5e555a5d8ab5_JaffaCakes118

    • Size

      596KB

    • MD5

      65070b7b458c5439b68e5e555a5d8ab5

    • SHA1

      3ea4546031c961d3cf6b9b6a9179d3ddfff8df52

    • SHA256

      e6cb9521bd4e1f2ab53c03bfef1e00b3b0c8ec71b44682c44b79a67b34493446

    • SHA512

      da49c82e086c8f798db90d2b643ad59de67625b1efab57f8f42d9768cdf3e23d2c2160c44526467001baf93445c3d1e058d4f13394f21c44315d026c7950ef26

    • SSDEEP

      12288:97bE3pZIUhMtk2Borsi0cXLd5c8weuKAFV7zoO+DEavGVv:db8MU+MX0cbY8NXAFV7UO+4OGVv

    Score
    10/10
    bootkitevasionpersistence

    • Modifies firewall policy service

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks