Overview

overview

7

Static

static

3

a198950390...18.exe

windows7-x64

a198950390...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a19895039082b338e260700f570b8cef_JaffaCakes118

  • Size

    97KB

  • Sample

    240817-htjbassgqe

  • MD5

    a19895039082b338e260700f570b8cef

  • SHA1

    0b7a56899efaa2e6a9b8adfc42c0920fed948874

  • SHA256

    a26aee51b0209aaacd80330576d7a5b0db0638b92fce80b8bedc616c25534aaa

  • SHA512

    389baeebdb4fe2e199103e1c3e41e378c6cde32ced0cd0e79ecf3b7e70e0064a74dafb284cf4ba957d7dfc95f738b707375ed7facf7e7634f616e5f6bdf1af27

  • SSDEEP

    1536:NOqoQxQqZXvtPSB2MD/SDWS846Q9lGVVeusG5zhDuI4YGpylO:k091taVjGT8hEseuV1w9pylO

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      a19895039082b338e260700f570b8cef_JaffaCakes118

    • Size

      97KB

    • MD5

      a19895039082b338e260700f570b8cef

    • SHA1

      0b7a56899efaa2e6a9b8adfc42c0920fed948874

    • SHA256

      a26aee51b0209aaacd80330576d7a5b0db0638b92fce80b8bedc616c25534aaa

    • SHA512

      389baeebdb4fe2e199103e1c3e41e378c6cde32ced0cd0e79ecf3b7e70e0064a74dafb284cf4ba957d7dfc95f738b707375ed7facf7e7634f616e5f6bdf1af27

    • SSDEEP

      1536:NOqoQxQqZXvtPSB2MD/SDWS846Q9lGVVeusG5zhDuI4YGpylO:k091taVjGT8hEseuV1w9pylO

    Score
    7/10
    bootkitdiscoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks