General
-
Target
a3573c69097a3cb16aeef32f471d3e59_JaffaCakes118
-
Size
1.0MB
-
Sample
240817-vbksmawbrd
-
MD5
a3573c69097a3cb16aeef32f471d3e59
-
SHA1
b49b36f4f6e7aedf926467c13e6474b227092ed9
-
SHA256
c73e340bbe794dbf37662394aebde7de77649f6b5e422c443b86f5a1f1f7ab4e
-
SHA512
31ca953e701a457154bde59020ddeceee3adc0f2eacd73e2e9454e186b95a6bffbdd45d99e9b4bd8164950b0c96613939d245ee33ae0bdec02574b1d4109ef6f
-
SSDEEP
24576:0VMM5Si97gDwpG9LmctpwL7K1f7eADraRhcpl1i8hUfTt:MMniNEwpG9LDZx7eAD2zSji8hUfTt
Malware Config
Targets
-
-
Target
a3573c69097a3cb16aeef32f471d3e59_JaffaCakes118
-
Size
1.0MB
-
MD5
a3573c69097a3cb16aeef32f471d3e59
-
SHA1
b49b36f4f6e7aedf926467c13e6474b227092ed9
-
SHA256
c73e340bbe794dbf37662394aebde7de77649f6b5e422c443b86f5a1f1f7ab4e
-
SHA512
31ca953e701a457154bde59020ddeceee3adc0f2eacd73e2e9454e186b95a6bffbdd45d99e9b4bd8164950b0c96613939d245ee33ae0bdec02574b1d4109ef6f
-
SSDEEP
24576:0VMM5Si97gDwpG9LmctpwL7K1f7eADraRhcpl1i8hUfTt:MMniNEwpG9LDZx7eAD2zSji8hUfTt
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1