Overview

overview

10

Static

static

1

bb91e76821...18.exe

windows7-x64

10

bb91e76821...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb91e76821ac6ea5bf6081f6eae44f12_JaffaCakes118

  • Size

    46KB

  • Sample

    240823-nq9a7sthnn

  • MD5

    bb91e76821ac6ea5bf6081f6eae44f12

  • SHA1

    5b7ca07c52bce52bad6087f91129db6100cecc30

  • SHA256

    93b67e8549f519f940b379d4509d2e3f2ec8bc812252f0a141120062316b2d20

  • SHA512

    9cc1e61b368afc5c5baca53ef7b02954fd470c799c576762e9fadd739cf197f51a58392e4f8fefa7eeea05ed2a85c93a0f9d49058755488170526ad7fa11670f

  • SSDEEP

    768:N0yZ9pQiKtPz5l2PYXahnqcS6eC4L269ShZTVuPpYRbwQGaPuUxzGwNtQ0YrSTX4:aytQRPzGnBS6eC4Lb9kTVuxY5mamNwNK

Score
10/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      bb91e76821ac6ea5bf6081f6eae44f12_JaffaCakes118

    • Size

      46KB

    • MD5

      bb91e76821ac6ea5bf6081f6eae44f12

    • SHA1

      5b7ca07c52bce52bad6087f91129db6100cecc30

    • SHA256

      93b67e8549f519f940b379d4509d2e3f2ec8bc812252f0a141120062316b2d20

    • SHA512

      9cc1e61b368afc5c5baca53ef7b02954fd470c799c576762e9fadd739cf197f51a58392e4f8fefa7eeea05ed2a85c93a0f9d49058755488170526ad7fa11670f

    • SSDEEP

      768:N0yZ9pQiKtPz5l2PYXahnqcS6eC4L269ShZTVuPpYRbwQGaPuUxzGwNtQ0YrSTX4:aytQRPzGnBS6eC4Lb9kTVuxY5mamNwNK

    Score
    10/10
    bootkitdiscoverypersistencespywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks