Overview

overview

6

Static

static

3

d9bb944871...18.exe

windows7-x64

6

d9bb944871...18.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    d9bb9448711800f570dcd1aa8a23f317_JaffaCakes118

  • Size

    294KB

  • Sample

    240911-gkpahswfjf

  • MD5

    d9bb9448711800f570dcd1aa8a23f317

  • SHA1

    ef5d94ed91ccc62cbcfdb4c72ffa749aafffb161

  • SHA256

    470423ce37f308b482db0580d1a6c34a1bce37458be4283ee281ed6638af9a89

  • SHA512

    1066bc37cb6b5f3e15d63411c5cf2efb9c3ee48ceab71bf6fc705a444674c41bd3b12944ef00edc6121118896f4b955f361da25a27ba478152ad3af159ac4ebf

  • SSDEEP

    6144:ThBW+3oEyO++3WfK24ojRpD+hPnVW5GJZ2tNYLj8MfsVe:ThISom94OojjYVzYKj86sw

Score
6/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      d9bb9448711800f570dcd1aa8a23f317_JaffaCakes118

    • Size

      294KB

    • MD5

      d9bb9448711800f570dcd1aa8a23f317

    • SHA1

      ef5d94ed91ccc62cbcfdb4c72ffa749aafffb161

    • SHA256

      470423ce37f308b482db0580d1a6c34a1bce37458be4283ee281ed6638af9a89

    • SHA512

      1066bc37cb6b5f3e15d63411c5cf2efb9c3ee48ceab71bf6fc705a444674c41bd3b12944ef00edc6121118896f4b955f361da25a27ba478152ad3af159ac4ebf

    • SSDEEP

      6144:ThBW+3oEyO++3WfK24ojRpD+hPnVW5GJZ2tNYLj8MfsVe:ThISom94OojjYVzYKj86sw

    Score
    6/10
    bootkitdiscoverypersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks