General
-
Target
ef5c9ea13b8cf5878c61463b8ded87c4_JaffaCakes118
-
Size
31KB
-
Sample
240921-jscmsssbnq
-
MD5
ef5c9ea13b8cf5878c61463b8ded87c4
-
SHA1
0a67c0c5522dca55e1f29e8fe660cd9c4e421bf7
-
SHA256
922f2745781bc2b026bb42c2df2b8061c2001d42b40976f1ebe39f2a42eb9b23
-
SHA512
fe0c2d2ceb3da2190e20edbf829cd5c9122d804bbb25435f935e792a3adc0835fa8dbe58aeeb251da4dbf2d4d45004ad584a0f446a151efbe228595be0579e6e
-
SSDEEP
768:Z2/jGtJX6hAIO+AWz/aSCHTzmcML4tnNR7d4FTYGiPiGNwz3:8GPFIOWhMT6cMLgnzB4NY6
Malware Config
Targets
-
-
Target
ef5c9ea13b8cf5878c61463b8ded87c4_JaffaCakes118
-
Size
31KB
-
MD5
ef5c9ea13b8cf5878c61463b8ded87c4
-
SHA1
0a67c0c5522dca55e1f29e8fe660cd9c4e421bf7
-
SHA256
922f2745781bc2b026bb42c2df2b8061c2001d42b40976f1ebe39f2a42eb9b23
-
SHA512
fe0c2d2ceb3da2190e20edbf829cd5c9122d804bbb25435f935e792a3adc0835fa8dbe58aeeb251da4dbf2d4d45004ad584a0f446a151efbe228595be0579e6e
-
SSDEEP
768:Z2/jGtJX6hAIO+AWz/aSCHTzmcML4tnNR7d4FTYGiPiGNwz3:8GPFIOWhMT6cMLgnzB4NY6
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1