Overview

overview

7

Static

static

3

101902fc66...18.exe

windows7-x64

7

101902fc66...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    101902fc66b0cb3466fa10a06279abe9_JaffaCakes118

  • Size

    272KB

  • Sample

    241003-xa2qvszhkn

  • MD5

    101902fc66b0cb3466fa10a06279abe9

  • SHA1

    5a18a6a68113fcd89734adbf6b28f75485369fa5

  • SHA256

    e130a1944cee1aa735eb7b0192cf8f86b8b4c1c9ba272b8312a4230853c9e451

  • SHA512

    980db88a774f549d114f36ee5fa9171c9e761b43dbdb6baa4700702731d05cc73c2f1c26eb12ed7b971edb04b83ecd5c147071ccb4983cf6cf0498df6df55db3

  • SSDEEP

    6144:m1tPJmIuHYCPx2/JGkPXQSQiErjwo9aXs1jLaGQyR5YETD8i6z:mtBmXh6QiE3MXsB5QyR5YETDW

Score
7/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      101902fc66b0cb3466fa10a06279abe9_JaffaCakes118

    • Size

      272KB

    • MD5

      101902fc66b0cb3466fa10a06279abe9

    • SHA1

      5a18a6a68113fcd89734adbf6b28f75485369fa5

    • SHA256

      e130a1944cee1aa735eb7b0192cf8f86b8b4c1c9ba272b8312a4230853c9e451

    • SHA512

      980db88a774f549d114f36ee5fa9171c9e761b43dbdb6baa4700702731d05cc73c2f1c26eb12ed7b971edb04b83ecd5c147071ccb4983cf6cf0498df6df55db3

    • SSDEEP

      6144:m1tPJmIuHYCPx2/JGkPXQSQiErjwo9aXs1jLaGQyR5YETD8i6z:mtBmXh6QiE3MXsB5QyR5YETDW

    Score
    7/10
    bootkitdiscoverypersistencespywarestealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks