Overview

overview

7

Static

static

3

dc635d8e01...18.exe

windows7-x64

7

dc635d8e01...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    dc635d8e01f7682e43d456ed9714783d_JaffaCakes118

  • Size

    320KB

  • Sample

    240912-rgt2psyakk

  • MD5

    dc635d8e01f7682e43d456ed9714783d

  • SHA1

    1b21a52d0e0b5b1adb4d3082e752f5f567a782be

  • SHA256

    a9ccc3797fe0e389f89d63454b550f2fea892f7a90a3560d2402ad2d21ed7c93

  • SHA512

    074d4c3fcc3049c827e530b315b180bca7ca0c02dea02e80a4174ffff4bc51ae1262119a7b455ede98825bce3f041acce042c3e9f1fe446567285048e48f4b43

  • SSDEEP

    6144:fOKnLyziWpaZOa7jUl6vfUdzhCuXK4TMPYnsqnqmbTBl4pa8Dzr:WYWpaICj0hCuXKhqnlqf

Score
7/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      dc635d8e01f7682e43d456ed9714783d_JaffaCakes118

    • Size

      320KB

    • MD5

      dc635d8e01f7682e43d456ed9714783d

    • SHA1

      1b21a52d0e0b5b1adb4d3082e752f5f567a782be

    • SHA256

      a9ccc3797fe0e389f89d63454b550f2fea892f7a90a3560d2402ad2d21ed7c93

    • SHA512

      074d4c3fcc3049c827e530b315b180bca7ca0c02dea02e80a4174ffff4bc51ae1262119a7b455ede98825bce3f041acce042c3e9f1fe446567285048e48f4b43

    • SSDEEP

      6144:fOKnLyziWpaZOa7jUl6vfUdzhCuXK4TMPYnsqnqmbTBl4pa8Dzr:WYWpaICj0hCuXKhqnlqf

    Score
    7/10
    bootkitdiscoverypersistencespywarestealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks