Overview

overview

10

Static

static

1

76eda06da4...18.exe

windows7-x64

10

76eda06da4...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76eda06da4e01c605c1f0f5769b70cd2_JaffaCakes118

  • Size

    50KB

  • Sample

    240727-d985fayakg

  • MD5

    76eda06da4e01c605c1f0f5769b70cd2

  • SHA1

    ec7de640db263aab6f6da666ac155976de7ad149

  • SHA256

    196a7301d4343d87c4cb62aebd35f5d78daa72107a9f13d63d098726b52a288f

  • SHA512

    fdbdb2cc2e9fe6e1cad407a9243184107d95f9cd12cc465f2eeef98cf3550e5b3b0270d24de1197880eca970e4aac10a36371aaef9ea52dc32fcbdfefa27bb4c

  • SSDEEP

    768:HJ+VpSrdPv2qeVUW2U+YGuGcHj0bw/gSeNsh2eDWD/a0GUVXoze7K5:HJUkx8VUtrYJIbwIjNsh2JD6M4K+5

Score
10/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      76eda06da4e01c605c1f0f5769b70cd2_JaffaCakes118

    • Size

      50KB

    • MD5

      76eda06da4e01c605c1f0f5769b70cd2

    • SHA1

      ec7de640db263aab6f6da666ac155976de7ad149

    • SHA256

      196a7301d4343d87c4cb62aebd35f5d78daa72107a9f13d63d098726b52a288f

    • SHA512

      fdbdb2cc2e9fe6e1cad407a9243184107d95f9cd12cc465f2eeef98cf3550e5b3b0270d24de1197880eca970e4aac10a36371aaef9ea52dc32fcbdfefa27bb4c

    • SSDEEP

      768:HJ+VpSrdPv2qeVUW2U+YGuGcHj0bw/gSeNsh2eDWD/a0GUVXoze7K5:HJUkx8VUtrYJIbwIjNsh2JD6M4K+5

    Score
    10/10
    bootkitdiscoverypersistencespywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks