Overview

overview

8

Static

static

3

699ef2cb31...18.dll

windows7-x64

8

699ef2cb31...18.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    699ef2cb318463cf40ccb43b026c008f_JaffaCakes118

  • Size

    406KB

  • Sample

    240724-a5cznayakq

  • MD5

    699ef2cb318463cf40ccb43b026c008f

  • SHA1

    580a3087ca9ff60bd1b103265332f9346c2c9fe1

  • SHA256

    f39df327fe1c1bea6d7b8d9c9723d5c414e0604c9e3deb3254e4903847738e13

  • SHA512

    394b15ee032b7c7968e3faec36b80407e368f8bf40796b7d98946ea7751bac6fe363bc394daa972ff245cadaa0fdaf594915c705801717a5c2cadee585dd1c23

  • SSDEEP

    12288:aYwP2g5kEA+KZB/lGrKAvLCpqR6uYLQhpLnht:Y2n+KZNvY1j3Lnht

Score
8/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      699ef2cb318463cf40ccb43b026c008f_JaffaCakes118

    • Size

      406KB

    • MD5

      699ef2cb318463cf40ccb43b026c008f

    • SHA1

      580a3087ca9ff60bd1b103265332f9346c2c9fe1

    • SHA256

      f39df327fe1c1bea6d7b8d9c9723d5c414e0604c9e3deb3254e4903847738e13

    • SHA512

      394b15ee032b7c7968e3faec36b80407e368f8bf40796b7d98946ea7751bac6fe363bc394daa972ff245cadaa0fdaf594915c705801717a5c2cadee585dd1c23

    • SSDEEP

      12288:aYwP2g5kEA+KZB/lGrKAvLCpqR6uYLQhpLnht:Y2n+KZNvY1j3Lnht

    Score
    8/10
    bootkitdefense_evasiondiscoverypersistence

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks