Overview

overview

7

Static

static

3

81c225d08e...18.exe

windows7-x64

7

81c225d08e...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81c225d08e59e91fe4a47fd97e474679_JaffaCakes118

  • Size

    113KB

  • Sample

    240801-zlzfzswdqk

  • MD5

    81c225d08e59e91fe4a47fd97e474679

  • SHA1

    8437bf93c954dfc2bcabcaed0f3b21856e601869

  • SHA256

    89657dfe96c24204884e850e431d530eff07970a0ce2efcaa9fad50f9ca9998c

  • SHA512

    33bd687af4d8c8d41d2550989dce1c215c36789abe8ddda8a577144a03614f3a9a15605b99309379a74d0c73e615c2c54167f3192d46f9e4f1b61b95fd11194b

  • SSDEEP

    1536:35wqxqesTrdyP9+/wkvKnRamP1KLVv9XCwT5zFOfAzq0TeS4GOaNtSldqYXDC3rV:PTso0IKGKJ9FzFOfR0TefGgMbRNk0

Score
7/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      81c225d08e59e91fe4a47fd97e474679_JaffaCakes118

    • Size

      113KB

    • MD5

      81c225d08e59e91fe4a47fd97e474679

    • SHA1

      8437bf93c954dfc2bcabcaed0f3b21856e601869

    • SHA256

      89657dfe96c24204884e850e431d530eff07970a0ce2efcaa9fad50f9ca9998c

    • SHA512

      33bd687af4d8c8d41d2550989dce1c215c36789abe8ddda8a577144a03614f3a9a15605b99309379a74d0c73e615c2c54167f3192d46f9e4f1b61b95fd11194b

    • SSDEEP

      1536:35wqxqesTrdyP9+/wkvKnRamP1KLVv9XCwT5zFOfAzq0TeS4GOaNtSldqYXDC3rV:PTso0IKGKJ9FzFOfR0TefGgMbRNk0

    Score
    7/10
    bootkitdefense_evasiondiscoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks