General
-
Target
a5873a61d08b07cd270a691f412d961a_JaffaCakes118
-
Size
119KB
-
Sample
240818-fyjfrazgkk
-
MD5
a5873a61d08b07cd270a691f412d961a
-
SHA1
4f9b1f81dbab348b0a0d8affae4d7bae9cc7ca32
-
SHA256
97ee0eacc76ef32143fbf4f5d34aaa945bd9fd7343a15ce6e55f4de6f58d3403
-
SHA512
2d73b0f6609de116f2714b6c886096e5af289ab5bd9f40db0e2250024edbb0cf55107d36c4f5f6cb7c79ec19bc19d1d539800b8accffa631e50f412e848edd3a
-
SSDEEP
3072:Xv+Exfaz5SbRKCg3AGyxlNEj+VwlM4U+xRe:f+rI0CJGyxleyweN+x
Malware Config
Targets
-
-
Target
a5873a61d08b07cd270a691f412d961a_JaffaCakes118
-
Size
119KB
-
MD5
a5873a61d08b07cd270a691f412d961a
-
SHA1
4f9b1f81dbab348b0a0d8affae4d7bae9cc7ca32
-
SHA256
97ee0eacc76ef32143fbf4f5d34aaa945bd9fd7343a15ce6e55f4de6f58d3403
-
SHA512
2d73b0f6609de116f2714b6c886096e5af289ab5bd9f40db0e2250024edbb0cf55107d36c4f5f6cb7c79ec19bc19d1d539800b8accffa631e50f412e848edd3a
-
SSDEEP
3072:Xv+Exfaz5SbRKCg3AGyxlNEj+VwlM4U+xRe:f+rI0CJGyxleyweN+x
Score10/10-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Pre-OS Boot
1Bootkit
1