Overview

overview

8

Static

static

3

2ec52fafa5...18.exe

windows7-x64

8

2ec52fafa5...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2ec52fafa581bb2cdd9036ac207488d5_JaffaCakes118

  • Size

    173KB

  • Sample

    241009-lj35havdmn

  • MD5

    2ec52fafa581bb2cdd9036ac207488d5

  • SHA1

    992330db478393a0556ebaa9f25806935f7795cb

  • SHA256

    b1b7526eca4e6e3fb457ee3786b8bb8266d359ea7f3e8a774230b82c8338b2a1

  • SHA512

    6b487b4b3448f2cbf0aa1c9365f3e6512c2c5193de9e47a363c8547ab63b1e1b380f9d66d7f3fce62b4aac5989a298a1781ea78018f29d2a38daa5a8e40c28ae

  • SSDEEP

    3072:H0Gu9BlfzWIbXWW+w0JP5JsD+LIz6mgYPMukLXi8rzJDQlhuPbdl:U/0uYhBuyXzZQlh2f

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      2ec52fafa581bb2cdd9036ac207488d5_JaffaCakes118

    • Size

      173KB

    • MD5

      2ec52fafa581bb2cdd9036ac207488d5

    • SHA1

      992330db478393a0556ebaa9f25806935f7795cb

    • SHA256

      b1b7526eca4e6e3fb457ee3786b8bb8266d359ea7f3e8a774230b82c8338b2a1

    • SHA512

      6b487b4b3448f2cbf0aa1c9365f3e6512c2c5193de9e47a363c8547ab63b1e1b380f9d66d7f3fce62b4aac5989a298a1781ea78018f29d2a38daa5a8e40c28ae

    • SSDEEP

      3072:H0Gu9BlfzWIbXWW+w0JP5JsD+LIz6mgYPMukLXi8rzJDQlhuPbdl:U/0uYhBuyXzZQlh2f

    Score
    8/10
    bootkitdiscoverypersistence

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks