Overview

overview

8

Static

static

3

2f1b0e3f6c...18.dll

windows7-x64

8

2f1b0e3f6c...18.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2f1b0e3f6cdd7ba84cc282e50a379f57_JaffaCakes118

  • Size

    828KB

  • Sample

    241009-lzr26sxblr

  • MD5

    2f1b0e3f6cdd7ba84cc282e50a379f57

  • SHA1

    86245a08e00b2f97af5181ff41faaec2d4cc5421

  • SHA256

    06ce15e9c046465a531ae821622931cbf0f6c67f09c0b6d2fe78e6e056a3bb1c

  • SHA512

    76a0eae041efe1e8582d823a177031c14475f8712df4e5cb7d634f5eb8abbefcbef6518faa6e91ef9df08a75047fd83560e41a5dcd54a52d320800fd1d5f13a1

  • SSDEEP

    24576:TpwpanZCbazJDx0brzGtGPfJo8Z8MbK8N7VFj6:CpVOztGvitif

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      2f1b0e3f6cdd7ba84cc282e50a379f57_JaffaCakes118

    • Size

      828KB

    • MD5

      2f1b0e3f6cdd7ba84cc282e50a379f57

    • SHA1

      86245a08e00b2f97af5181ff41faaec2d4cc5421

    • SHA256

      06ce15e9c046465a531ae821622931cbf0f6c67f09c0b6d2fe78e6e056a3bb1c

    • SHA512

      76a0eae041efe1e8582d823a177031c14475f8712df4e5cb7d634f5eb8abbefcbef6518faa6e91ef9df08a75047fd83560e41a5dcd54a52d320800fd1d5f13a1

    • SSDEEP

      24576:TpwpanZCbazJDx0brzGtGPfJo8Z8MbK8N7VFj6:CpVOztGvitif

    Score
    8/10
    bootkitdiscoverypersistence

    • Blocklisted process makes network request

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks