General
-
Target
b93c73b5398041f5bfd1e9c7cd55da1e_JaffaCakes118
-
Size
34KB
-
Sample
240822-1f4desygng
-
MD5
b93c73b5398041f5bfd1e9c7cd55da1e
-
SHA1
350cb7ffb8da0c650b7efd0518a8dbcef5be2c7a
-
SHA256
62c5f7935b77d45778bb5a12a8db19dc330bc049d8672656287b73ca63964f99
-
SHA512
85b1bf1f31740e8e0335d72df20147e372085c017f25607ff7aa4ff412e15787be1c6496f7775f82f416bbd8ba694bc5f90bad22f3f55ba7974e1ff872890d3f
-
SSDEEP
768:0DXXMb9eT0uCqMblI4Os8FpP28MxHZRBvj8Oghoob:UA9eT0rRI4Os8zaHZ/gGy
Malware Config
Targets
-
-
Target
b93c73b5398041f5bfd1e9c7cd55da1e_JaffaCakes118
-
Size
34KB
-
MD5
b93c73b5398041f5bfd1e9c7cd55da1e
-
SHA1
350cb7ffb8da0c650b7efd0518a8dbcef5be2c7a
-
SHA256
62c5f7935b77d45778bb5a12a8db19dc330bc049d8672656287b73ca63964f99
-
SHA512
85b1bf1f31740e8e0335d72df20147e372085c017f25607ff7aa4ff412e15787be1c6496f7775f82f416bbd8ba694bc5f90bad22f3f55ba7974e1ff872890d3f
-
SSDEEP
768:0DXXMb9eT0uCqMblI4Os8FpP28MxHZRBvj8Oghoob:UA9eT0rRI4Os8zaHZ/gGy
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1