General

  • Target

    84d198418631bec0449961f931328624_JaffaCakes118

  • Size

    3.2MB

  • Sample

    240810-e7y25awdkn

  • MD5

    84d198418631bec0449961f931328624

  • SHA1

    6337fbe091a2a0c6b50114971e63e267a06a058a

  • SHA256

    d2d2400f422420e526c0b981fbc1aa2d908415cec27e652b6ee674c6a8fd7c36

  • SHA512

    9ed12cbf13a41f939b0e1362353a75dbdc6162529a03dcad2d68e77ee50619a5a5485204931d7cba740899ba7ce57bbd558a28c6d94446b119daad2e43846133

  • SSDEEP

    49152:HdVmnOutC2UgBqCo4yXmEumVMc8EF4s0xpsDEiq/vkSxeAhZuvaJyn7sex:H7mOOCdGRmCJEF4VqDZwvXLM/7sex

Malware Config

Targets

    • Target

      84d198418631bec0449961f931328624_JaffaCakes118

    • Size

      3.2MB

    • MD5

      84d198418631bec0449961f931328624

    • SHA1

      6337fbe091a2a0c6b50114971e63e267a06a058a

    • SHA256

      d2d2400f422420e526c0b981fbc1aa2d908415cec27e652b6ee674c6a8fd7c36

    • SHA512

      9ed12cbf13a41f939b0e1362353a75dbdc6162529a03dcad2d68e77ee50619a5a5485204931d7cba740899ba7ce57bbd558a28c6d94446b119daad2e43846133

    • SSDEEP

      49152:HdVmnOutC2UgBqCo4yXmEumVMc8EF4s0xpsDEiq/vkSxeAhZuvaJyn7sex:H7mOOCdGRmCJEF4VqDZwvXLM/7sex

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks