Overview

overview

7

Static

static

3

81ce35652b...18.exe

windows7-x64

7

81ce35652b...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81ce35652b20a42793957871754de915_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240801-1e7pfsxarm

  • MD5

    81ce35652b20a42793957871754de915

  • SHA1

    2e819fb982dfb4e7e05fac8c89d0ae63565f7ae9

  • SHA256

    7006bd37fe79f2acd4b127506a2787486d5eb2194ae7afeda5f0748937ed2489

  • SHA512

    71986250889c28191914f0411713682ba13ddf0d54b256efde36144605c434da7f3e3c329421e7a7d74b00b50b9ba8fdc74533758ae405c921225d75d6adfd97

  • SSDEEP

    49152:YzT61fZ5C5n0NJPyOztvmsFd1GEXae05YK6qDl3VzpzD1MVuVR1nvLaAo55NTEdx:Y6CnYpZMs9GhOK6khVRWViR1vLaXEP

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      81ce35652b20a42793957871754de915_JaffaCakes118

    • Size

      2.4MB

    • MD5

      81ce35652b20a42793957871754de915

    • SHA1

      2e819fb982dfb4e7e05fac8c89d0ae63565f7ae9

    • SHA256

      7006bd37fe79f2acd4b127506a2787486d5eb2194ae7afeda5f0748937ed2489

    • SHA512

      71986250889c28191914f0411713682ba13ddf0d54b256efde36144605c434da7f3e3c329421e7a7d74b00b50b9ba8fdc74533758ae405c921225d75d6adfd97

    • SSDEEP

      49152:YzT61fZ5C5n0NJPyOztvmsFd1GEXae05YK6qDl3VzpzD1MVuVR1nvLaAo55NTEdx:Y6CnYpZMs9GhOK6khVRWViR1vLaXEP

    Score
    7/10
    bootkitdiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks