General
-
Target
7545c1fc4cb5e83829ee998937ca20e3_JaffaCakes118
-
Size
833KB
-
Sample
240726-xe9l9s1bqb
-
MD5
7545c1fc4cb5e83829ee998937ca20e3
-
SHA1
7a480f7d704da2590d2a22c839f2b49e609a7aec
-
SHA256
9645cc49070fef79fb808099cf5ff47685b4db46c904417a8637bcf100a6babc
-
SHA512
e5d06bda6d2f5b41bf389176ae19a3cae9200d8274ab78fdcd203810e6fe746410d290e54b171dd7fa4fc2b9537f8102637cb0db794d02f3322e6d58079142ce
-
SSDEEP
12288:apqn3gyydl6Ni03Lw/owD0AZstrmxt27TjfCjmBiPQurjeBf8SJ7K0NAnS+7zzaR:Eg3K6bw/Bx7SCi0gT4wuXzza0
Malware Config
Targets
-
-
Target
7545c1fc4cb5e83829ee998937ca20e3_JaffaCakes118
-
Size
833KB
-
MD5
7545c1fc4cb5e83829ee998937ca20e3
-
SHA1
7a480f7d704da2590d2a22c839f2b49e609a7aec
-
SHA256
9645cc49070fef79fb808099cf5ff47685b4db46c904417a8637bcf100a6babc
-
SHA512
e5d06bda6d2f5b41bf389176ae19a3cae9200d8274ab78fdcd203810e6fe746410d290e54b171dd7fa4fc2b9537f8102637cb0db794d02f3322e6d58079142ce
-
SSDEEP
12288:apqn3gyydl6Ni03Lw/owD0AZstrmxt27TjfCjmBiPQurjeBf8SJ7K0NAnS+7zzaR:Eg3K6bw/Bx7SCi0gT4wuXzza0
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1