Overview

overview

7

Static

static

3

bec42daba4...18.exe

windows7-x64

7

bec42daba4...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bec42daba42fae73c7afa75869bb06e0_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240824-rj8mwatepc

  • MD5

    bec42daba42fae73c7afa75869bb06e0

  • SHA1

    81fcfd166a880dd3ea000e07fcf6c20cfd453611

  • SHA256

    661f115ac13fe374e36ab608673328ad9b77414f789d3bb487dd8fb5958ba4e9

  • SHA512

    ff65eb301cbc3ddeb19da72643dd629866d48e65c8e0d1d5abc05cc984bd4db7b3efc835331c15321cb67ea10781e8f2df54ae408e037b5ac3c3eb6b524da970

  • SSDEEP

    49152:YN9QQkFFqrJ4yLi/qK26ViI+JKSUvn0Afb37cYJ6Luveul6qgl:YNjSTyLi/qKpiIRvnj37cYYLu266fl

Score
7/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      bec42daba42fae73c7afa75869bb06e0_JaffaCakes118

    • Size

      2.5MB

    • MD5

      bec42daba42fae73c7afa75869bb06e0

    • SHA1

      81fcfd166a880dd3ea000e07fcf6c20cfd453611

    • SHA256

      661f115ac13fe374e36ab608673328ad9b77414f789d3bb487dd8fb5958ba4e9

    • SHA512

      ff65eb301cbc3ddeb19da72643dd629866d48e65c8e0d1d5abc05cc984bd4db7b3efc835331c15321cb67ea10781e8f2df54ae408e037b5ac3c3eb6b524da970

    • SSDEEP

      49152:YN9QQkFFqrJ4yLi/qK26ViI+JKSUvn0Afb37cYJ6Luveul6qgl:YNjSTyLi/qKpiIRvnj37cYYLu266fl

    Score
    7/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks