General
-
Target
cfa46756f48cd8c22ee8b4dcbef6c041_JaffaCakes118
-
Size
236KB
-
Sample
240906-qrzjhaydrq
-
MD5
cfa46756f48cd8c22ee8b4dcbef6c041
-
SHA1
88ad0d6ea2e8fb8233a85121c0cb1aa5a95789fa
-
SHA256
bb86822aa6e578cee02486e1b348e319b45dc8785335689d5cb82aeb3b55d901
-
SHA512
1435e7f967294e9c043d79a4184c9c13a6da3c5f23b4cedb68f2394e6011f828771b8a4bafc06f1724653e7ebbe50c86e1744214b6d9491a432eca37d2313676
-
SSDEEP
6144:fn7XgdScCdmGLfuvEJeBOvV22wr4Gem0aoVoZhx7QdPDkk:f7ddF0UdzWq
Malware Config
Targets
-
-
Target
cfa46756f48cd8c22ee8b4dcbef6c041_JaffaCakes118
-
Size
236KB
-
MD5
cfa46756f48cd8c22ee8b4dcbef6c041
-
SHA1
88ad0d6ea2e8fb8233a85121c0cb1aa5a95789fa
-
SHA256
bb86822aa6e578cee02486e1b348e319b45dc8785335689d5cb82aeb3b55d901
-
SHA512
1435e7f967294e9c043d79a4184c9c13a6da3c5f23b4cedb68f2394e6011f828771b8a4bafc06f1724653e7ebbe50c86e1744214b6d9491a432eca37d2313676
-
SSDEEP
6144:fn7XgdScCdmGLfuvEJeBOvV22wr4Gem0aoVoZhx7QdPDkk:f7ddF0UdzWq
Score8/10-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1