General
-
Target
e37eb3092d8fa42f9ae201a0228e4100_JaffaCakes118
-
Size
568KB
-
Sample
240915-2hf7cawblf
-
MD5
e37eb3092d8fa42f9ae201a0228e4100
-
SHA1
8b3ded6ed64bb66ca7e5cdab8958646fa978aa75
-
SHA256
b14e71d5bcad365216db8480e29b7b8dc8182c07e72a287fa470e08de0d9c20e
-
SHA512
df14d17dca662b29317c11adba30a945a364d17bc0516edb6224c8874c17d8cfdad671ad8ab433aaf8b76137d62d82cfd88c52943ed3e9c4c0ab8d51cfb45ea3
-
SSDEEP
12288:dPg3IWCxPUcpBhHtMBA07i2bGSJxAAITfhnFVel9AMi:dg2tUcpRVai2z0xdnFVel9c
Static task
static1
Behavioral task
behavioral1
Sample
e37eb3092d8fa42f9ae201a0228e4100_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
latentbot
1xxxdarkxxx.zapto.org
2xxxdarkxxx.zapto.org
3xxxdarkxxx.zapto.org
4xxxdarkxxx.zapto.org
5xxxdarkxxx.zapto.org
6xxxdarkxxx.zapto.org
7xxxdarkxxx.zapto.org
8xxxdarkxxx.zapto.org
Targets
-
-
Target
e37eb3092d8fa42f9ae201a0228e4100_JaffaCakes118
-
Size
568KB
-
MD5
e37eb3092d8fa42f9ae201a0228e4100
-
SHA1
8b3ded6ed64bb66ca7e5cdab8958646fa978aa75
-
SHA256
b14e71d5bcad365216db8480e29b7b8dc8182c07e72a287fa470e08de0d9c20e
-
SHA512
df14d17dca662b29317c11adba30a945a364d17bc0516edb6224c8874c17d8cfdad671ad8ab433aaf8b76137d62d82cfd88c52943ed3e9c4c0ab8d51cfb45ea3
-
SSDEEP
12288:dPg3IWCxPUcpBhHtMBA07i2bGSJxAAITfhnFVel9AMi:dg2tUcpRVai2z0xdnFVel9c
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1