511132cac2b56f90b8e600eb1a71bcd0efcaafb7810257fb4d393f4be58b2f5e | Triage

Submit
Reports

Overview

overview

Static

static

7

ee1688de2b...18.exe

windows7-x64

ee1688de2b...18.exe

windows10-2004-x64

Sharing

General

Target

ee1688de2b64a3936f74f74abb3563d6_JaffaCakes118
Size

424KB
Sample

240920-v2sk6ayemk
MD5

ee1688de2b64a3936f74f74abb3563d6
SHA1

897e17d5772f02051789e451a71a906f028fd67e
SHA256

511132cac2b56f90b8e600eb1a71bcd0efcaafb7810257fb4d393f4be58b2f5e
SHA512

700abbc123369d65c8a3c42bc6cd5e7563e5341032fb783d2793cc64fddaf9135bed497eb571919115f710f6eeb60a0a60308f6cad6154daea0517e90dd98414
SSDEEP

12288:QEJjzjvAIEoRaUQZZoNGI/TW2woGi8wxXyoS:QIbAIEzUNG4bwoj8wx

Score

10^/10

bootkit discovery evasion execution persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ee1688de2b64a3936f74f74abb3563d6_JaffaCakes118.exe

Resource

win7-20240903-en

bootkit discovery evasion execution persistence spyware stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee1688de2b64a3936f74f74abb3563d6_JaffaCakes118.exe

Resource

win10v2004-20240802-en

bootkit discovery evasion execution persistence spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee1688de2b64a3936f74f74abb3563d6_JaffaCakes118
- Size
  
  424KB
- MD5
  
  ee1688de2b64a3936f74f74abb3563d6
- SHA1
  
  897e17d5772f02051789e451a71a906f028fd67e
- SHA256
  
  511132cac2b56f90b8e600eb1a71bcd0efcaafb7810257fb4d393f4be58b2f5e
- SHA512
  
  700abbc123369d65c8a3c42bc6cd5e7563e5341032fb783d2793cc64fddaf9135bed497eb571919115f710f6eeb60a0a60308f6cad6154daea0517e90dd98414
- SSDEEP
  
  12288:QEJjzjvAIEoRaUQZZoNGI/TW2woGi8wxXyoS:QIbAIEzUNG4bwoj8wx
Score

10^/10

bootkit discovery evasion execution persistence spyware stealer upx
- Disables service(s)
  evasion execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

bootkitdiscoveryevasionexecutionpersistencespywarestealerupx

behavioral2

bootkitdiscoveryevasionexecutionpersistencespywarestealerupx

© 2018-2025

Terms | Privacy