General
-
Target
ea4be2817857764ac3df9541f9c71b12_JaffaCakes118
-
Size
2.2MB
-
Sample
240919-bbpa9ssdqh
-
MD5
ea4be2817857764ac3df9541f9c71b12
-
SHA1
4b0c9f4e47a72102fca25abdc58b45bd63e68502
-
SHA256
b1eb7e0621e6a732eb4d6f68dcfc8ae863691850fe550e9fa932457d342d5ef1
-
SHA512
56795a85db721716dd659fed3c3f13f653cc9bcdc04b7ac9bcc9643441007ea5a852b4b94fb81e55b0354b50e42f66e3cb0ffbbe9e6517d034bd052810c2b650
-
SSDEEP
49152:o2OOenGxGipXs22a/tgrYJUGfZC3wA6EylfwEaFWM:COenWhXvttLxC3sEwwMM
Malware Config
Targets
-
-
Target
ea4be2817857764ac3df9541f9c71b12_JaffaCakes118
-
Size
2.2MB
-
MD5
ea4be2817857764ac3df9541f9c71b12
-
SHA1
4b0c9f4e47a72102fca25abdc58b45bd63e68502
-
SHA256
b1eb7e0621e6a732eb4d6f68dcfc8ae863691850fe550e9fa932457d342d5ef1
-
SHA512
56795a85db721716dd659fed3c3f13f653cc9bcdc04b7ac9bcc9643441007ea5a852b4b94fb81e55b0354b50e42f66e3cb0ffbbe9e6517d034bd052810c2b650
-
SSDEEP
49152:o2OOenGxGipXs22a/tgrYJUGfZC3wA6EylfwEaFWM:COenWhXvttLxC3sEwwMM
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-