General
-
Target
eab429edb8a22092fe6469802e444c97_JaffaCakes118
-
Size
204KB
-
Sample
240919-gkkx4atglp
-
MD5
eab429edb8a22092fe6469802e444c97
-
SHA1
f3ebbe625144e0cbb02df56aef900985afaeddb6
-
SHA256
5ccd27d1c608e1a48ab6e7f7f83891853fff8390ca4bd5645e307908e66d03a4
-
SHA512
c76bc4e5205bfbf74b3bf0e0bddd4a2dbf232b48f55e5a02f943749390d29619661595e6110180402e1b985a52fa0e9039ddd5caec7d4b2427e57f027f7a2a6c
-
SSDEEP
6144:oF9HRYUxZlmDllACI+yI/7vSVD8BUEe36Pobn0fd:o0lbIaW8u36QD
Malware Config
Targets
-
-
Target
eab429edb8a22092fe6469802e444c97_JaffaCakes118
-
Size
204KB
-
MD5
eab429edb8a22092fe6469802e444c97
-
SHA1
f3ebbe625144e0cbb02df56aef900985afaeddb6
-
SHA256
5ccd27d1c608e1a48ab6e7f7f83891853fff8390ca4bd5645e307908e66d03a4
-
SHA512
c76bc4e5205bfbf74b3bf0e0bddd4a2dbf232b48f55e5a02f943749390d29619661595e6110180402e1b985a52fa0e9039ddd5caec7d4b2427e57f027f7a2a6c
-
SSDEEP
6144:oF9HRYUxZlmDllACI+yI/7vSVD8BUEe36Pobn0fd:o0lbIaW8u36QD
Score10/10-
UAC bypass
-
Windows security bypass
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Pre-OS Boot
1Bootkit
1