General
-
Target
f6f9da97731210a9b27bab988a5c74f0_JaffaCakes118
-
Size
217KB
-
Sample
240925-2b4n3athrc
-
MD5
f6f9da97731210a9b27bab988a5c74f0
-
SHA1
8f4284d9cfe122a67cb4a746602df56282266269
-
SHA256
2749fd490022eb004c7ade33aaaa270b7ab9ca19b7167149d3974083ab8539b4
-
SHA512
d1554283c554241d15bd31d088fe61a05497fd8d8cc04407400dd6a756f7df6cc31dc75d02975a90ee342b28550457b8632dd821704ff2a5e15f6d68ff97430b
-
SSDEEP
6144:BuWWRywe4o2J1WYfnBpTJ5jOxOn3dvkpTO5o:M/rea1ZH956M3d+S
Malware Config
Targets
-
-
Target
f6f9da97731210a9b27bab988a5c74f0_JaffaCakes118
-
Size
217KB
-
MD5
f6f9da97731210a9b27bab988a5c74f0
-
SHA1
8f4284d9cfe122a67cb4a746602df56282266269
-
SHA256
2749fd490022eb004c7ade33aaaa270b7ab9ca19b7167149d3974083ab8539b4
-
SHA512
d1554283c554241d15bd31d088fe61a05497fd8d8cc04407400dd6a756f7df6cc31dc75d02975a90ee342b28550457b8632dd821704ff2a5e15f6d68ff97430b
-
SSDEEP
6144:BuWWRywe4o2J1WYfnBpTJ5jOxOn3dvkpTO5o:M/rea1ZH956M3d+S
Score10/10-
Modifies security service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1