General
-
Target
94bec218a195458cdda123860f623557_JaffaCakes118
-
Size
185KB
-
Sample
240813-zznlms1brn
-
MD5
94bec218a195458cdda123860f623557
-
SHA1
a81497dedcbd8e50d3fa2464eb9d406fff5b4d53
-
SHA256
c535cd3d3513af88830ba7c1733e59f48731a0aeb66e9affa425594698649a5c
-
SHA512
b54905cb63c0c385fbd6e879ef6c2d85a40fefc4d6a978d93937f3f7ea4c3bdc9a88a8aab57c466740dba6441fe92fe033920e34e69c2f7db5f4fbd31ac034f2
-
SSDEEP
3072:kcPczY9zvkUD2piBhNZAxdJIeQ7hqrw1o98PsMBv3MCmJpwkIIUGzq+:ksc89zrRfKx/8GcsMBvMCmJprUgq
Malware Config
Targets
-
-
Target
94bec218a195458cdda123860f623557_JaffaCakes118
-
Size
185KB
-
MD5
94bec218a195458cdda123860f623557
-
SHA1
a81497dedcbd8e50d3fa2464eb9d406fff5b4d53
-
SHA256
c535cd3d3513af88830ba7c1733e59f48731a0aeb66e9affa425594698649a5c
-
SHA512
b54905cb63c0c385fbd6e879ef6c2d85a40fefc4d6a978d93937f3f7ea4c3bdc9a88a8aab57c466740dba6441fe92fe033920e34e69c2f7db5f4fbd31ac034f2
-
SSDEEP
3072:kcPczY9zvkUD2piBhNZAxdJIeQ7hqrw1o98PsMBv3MCmJpwkIIUGzq+:ksc89zrRfKx/8GcsMBvMCmJprUgq
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1