Overview

overview

7

Static

static

3

b6d1632b12...18.exe

windows7-x64

7

b6d1632b12...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6d1632b12c224a4fd26c724fcff89c7_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240822-h8zltsvdng

  • MD5

    b6d1632b12c224a4fd26c724fcff89c7

  • SHA1

    08595c10c3c689de8da913e862874c33e3855cad

  • SHA256

    3aa3285762a82f5bfc77503a660b95ed7c6eabb8a63fd41a6b525f63a3cb085f

  • SHA512

    b482533e222a3aeb0cf7dc56c0bc978ba01ce6c20cf2677df4c961f733e01444518e8bc6c72d73c1baae62a7ba2679df0d57b1fd4ffa1cac11b52cde0b0b5737

  • SSDEEP

    49152:K1JwL2lsV2QUxMwwk9szuNy41uaGE+umvrhzAJ:t2lsgQMwSszZBEdQhkJ

Score
7/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      b6d1632b12c224a4fd26c724fcff89c7_JaffaCakes118

    • Size

      1.7MB

    • MD5

      b6d1632b12c224a4fd26c724fcff89c7

    • SHA1

      08595c10c3c689de8da913e862874c33e3855cad

    • SHA256

      3aa3285762a82f5bfc77503a660b95ed7c6eabb8a63fd41a6b525f63a3cb085f

    • SHA512

      b482533e222a3aeb0cf7dc56c0bc978ba01ce6c20cf2677df4c961f733e01444518e8bc6c72d73c1baae62a7ba2679df0d57b1fd4ffa1cac11b52cde0b0b5737

    • SSDEEP

      49152:K1JwL2lsV2QUxMwwk9szuNy41uaGE+umvrhzAJ:t2lsgQMwSszZBEdQhkJ

    Score
    7/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks