Overview

overview

7

Static

static

3

d3fa291174...18.exe

windows7-x64

7

d3fa291174...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3fa291174e309fa1ea320dc1c642d12_JaffaCakes118

  • Size

    477KB

  • Sample

    240908-ksemtsyfmc

  • MD5

    d3fa291174e309fa1ea320dc1c642d12

  • SHA1

    6d499b7238e802949a3ebda53721d3ae41a68794

  • SHA256

    213b26ae2636e5fdfebcae7723fab4d523de2406155e198f299eb8edbfe58581

  • SHA512

    5b800301578a975635cd374b7d2fc89e887ff856291c3512e7c7e8536e0dafe65ee6293192b4cc9a5ed50de96b277f9de73c16e69d815f9d0b561357b1acd7e4

  • SSDEEP

    12288:FsvU983wtVMtIaMjY6r+kRkBb63vd1Mp8upU5ks4FW:FF2wsOt+w2Y1Mp8ul4

Score
7/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      d3fa291174e309fa1ea320dc1c642d12_JaffaCakes118

    • Size

      477KB

    • MD5

      d3fa291174e309fa1ea320dc1c642d12

    • SHA1

      6d499b7238e802949a3ebda53721d3ae41a68794

    • SHA256

      213b26ae2636e5fdfebcae7723fab4d523de2406155e198f299eb8edbfe58581

    • SHA512

      5b800301578a975635cd374b7d2fc89e887ff856291c3512e7c7e8536e0dafe65ee6293192b4cc9a5ed50de96b277f9de73c16e69d815f9d0b561357b1acd7e4

    • SSDEEP

      12288:FsvU983wtVMtIaMjY6r+kRkBb63vd1Mp8upU5ks4FW:FF2wsOt+w2Y1Mp8ul4

    Score
    7/10
    bootkitdefense_evasiondiscoverypersistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks