Overview

overview

7

Static

static

3

69fd960523...18.exe

windows7-x64

7

69fd960523...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    69fd960523f52d1b43e0a0257ffb2256_JaffaCakes118

  • Size

    598KB

  • Sample

    240724-dc3w6axdrc

  • MD5

    69fd960523f52d1b43e0a0257ffb2256

  • SHA1

    2d98499b41707c0c34dd0f6652491ec3c80e646a

  • SHA256

    1ba6bee31fec7f41733b1d7c98d81143292e4648be761968414409e3f18cb7d2

  • SHA512

    9b99156eaa9a3d97f3c1591851aeece699e6161eaaa77f95aa682f35e754bd6dfa82fa41e54ae249b8b8a8528eef7223b08aa9f09f80df88699e5eb39c7b3bf7

  • SSDEEP

    12288:cS917Tpvurj39bVUkvVKZepF+dzNashq5qK/UUlU4b21ROyNtTird3V:cS9JT0Xthx4Zko5NaqaqK/flFbY3TEdl

Score
7/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      69fd960523f52d1b43e0a0257ffb2256_JaffaCakes118

    • Size

      598KB

    • MD5

      69fd960523f52d1b43e0a0257ffb2256

    • SHA1

      2d98499b41707c0c34dd0f6652491ec3c80e646a

    • SHA256

      1ba6bee31fec7f41733b1d7c98d81143292e4648be761968414409e3f18cb7d2

    • SHA512

      9b99156eaa9a3d97f3c1591851aeece699e6161eaaa77f95aa682f35e754bd6dfa82fa41e54ae249b8b8a8528eef7223b08aa9f09f80df88699e5eb39c7b3bf7

    • SSDEEP

      12288:cS917Tpvurj39bVUkvVKZepF+dzNashq5qK/UUlU4b21ROyNtTird3V:cS9JT0Xthx4Zko5NaqaqK/flFbY3TEdl

    Score
    7/10
    bootkitdefense_evasiondiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks