General
-
Target
8b568f9d04a8ee4970115260f7fe9cb8_JaffaCakes118
-
Size
530KB
-
Sample
240811-v97eaazdqr
-
MD5
8b568f9d04a8ee4970115260f7fe9cb8
-
SHA1
aa498a7dacedb52bdf2097ce3eb66d8c26a89071
-
SHA256
6014dad96a3a2291d8ab2262ed42ffd7cc933b111beb2948cdacf9c3073b83f3
-
SHA512
084cb703aee32fde3c0b00925460e5fdd5be5e322987e9d102eb4244a2ac33b4bd3148c7b39552e2e4488286fc90306616d5bd206da21fc5258101535c8930bb
-
SSDEEP
6144:jPniWB+JFBN+doZ9mfAQayNDj/wD3HPh9mZNekaNOJmxYbjonwtogFk+hcNCS39H:jv+JFBbTQFe59ujzC+iySlbFE0ISitq
Malware Config
Targets
-
-
Target
8b568f9d04a8ee4970115260f7fe9cb8_JaffaCakes118
-
Size
530KB
-
MD5
8b568f9d04a8ee4970115260f7fe9cb8
-
SHA1
aa498a7dacedb52bdf2097ce3eb66d8c26a89071
-
SHA256
6014dad96a3a2291d8ab2262ed42ffd7cc933b111beb2948cdacf9c3073b83f3
-
SHA512
084cb703aee32fde3c0b00925460e5fdd5be5e322987e9d102eb4244a2ac33b4bd3148c7b39552e2e4488286fc90306616d5bd206da21fc5258101535c8930bb
-
SSDEEP
6144:jPniWB+JFBN+doZ9mfAQayNDj/wD3HPh9mZNekaNOJmxYbjonwtogFk+hcNCS39H:jv+JFBbTQFe59ujzC+iySlbFE0ISitq
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
System Binary Proxy Execution: Verclsid
Adversaries may abuse Verclsid to proxy execution of malicious code.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1