Overview

overview

7

Static

static

1

167b2e4547...18.exe

windows7-x64

7

167b2e4547...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    167b2e4547779a8ab4999dcb139dd6df_JaffaCakes118

  • Size

    7.7MB

  • Sample

    241005-gymc3szdjn

  • MD5

    167b2e4547779a8ab4999dcb139dd6df

  • SHA1

    864825ebd2883e9d70a4e5ae27951e96357b060d

  • SHA256

    712dae78fed3260bf1777392dc3ebb5d0eb84db165887098646ed6ba1dea519f

  • SHA512

    8696d9938fe983eb7018bf7b266c29f7e68da1fc32623e3430d29d6c08f522be2917ae3b305f5a31698443527f209d44b6de10771afdea45932c8337eb1f7d27

  • SSDEEP

    196608:q4lVrq9+AzRA/Pob+fK3QKnePsf400h74ZZesa4WGLvzCcy:h20Pi400hkLHa4Webvy

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      167b2e4547779a8ab4999dcb139dd6df_JaffaCakes118

    • Size

      7.7MB

    • MD5

      167b2e4547779a8ab4999dcb139dd6df

    • SHA1

      864825ebd2883e9d70a4e5ae27951e96357b060d

    • SHA256

      712dae78fed3260bf1777392dc3ebb5d0eb84db165887098646ed6ba1dea519f

    • SHA512

      8696d9938fe983eb7018bf7b266c29f7e68da1fc32623e3430d29d6c08f522be2917ae3b305f5a31698443527f209d44b6de10771afdea45932c8337eb1f7d27

    • SSDEEP

      196608:q4lVrq9+AzRA/Pob+fK3QKnePsf400h74ZZesa4WGLvzCcy:h20Pi400hkLHa4Webvy

    Score
    7/10
    bootkitdiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks