General
-
Target
86d8e172c58eb766bc795a7eb46f4e7b_JaffaCakes118
-
Size
300KB
-
Sample
240810-t7nnqasbqe
-
MD5
86d8e172c58eb766bc795a7eb46f4e7b
-
SHA1
875d7988a578cffbc172a527403ab8c61cb36298
-
SHA256
644da2013b1d020811de0eb7cc746b0172ed13a412a44f224088ab09695cfe6d
-
SHA512
27b1e03eb8b2b96dcd3655c2e86769cb8fb0054815973450a284c4309cd9b7ef29655d8e85377b676bed0f3638ac835292aa0002686549bbdeb54354fcdb9fe9
-
SSDEEP
6144:4O4MEQ2feXdRCBVL278fD/jkG+EcEj743JEiWLfV:8Z4qVrfD/jkDgj7432
Malware Config
Targets
-
-
Target
86d8e172c58eb766bc795a7eb46f4e7b_JaffaCakes118
-
Size
300KB
-
MD5
86d8e172c58eb766bc795a7eb46f4e7b
-
SHA1
875d7988a578cffbc172a527403ab8c61cb36298
-
SHA256
644da2013b1d020811de0eb7cc746b0172ed13a412a44f224088ab09695cfe6d
-
SHA512
27b1e03eb8b2b96dcd3655c2e86769cb8fb0054815973450a284c4309cd9b7ef29655d8e85377b676bed0f3638ac835292aa0002686549bbdeb54354fcdb9fe9
-
SSDEEP
6144:4O4MEQ2feXdRCBVL278fD/jkG+EcEj743JEiWLfV:8Z4qVrfD/jkDgj7432
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1