General
-
Target
37f825985d0c3409aa3abe49f735705d_JaffaCakes118
-
Size
239KB
-
Sample
241012-cplb7s1hnn
-
MD5
37f825985d0c3409aa3abe49f735705d
-
SHA1
77fc7455e7c9c0aa470edc4c9b018b706cb2577e
-
SHA256
f6decd4391704d83524fa20280542db91d00209b6d132c25366470e2579ebd8f
-
SHA512
6ffbd40956e9257e84280797ad2c45028041311c8bb20dc6bb086b1eb65f925f95103450e5487be458fe43880712d1cca29e3a9b5fdd80624232babe96cbc7ff
-
SSDEEP
6144:zSQEbb+rrkAF6aw7zpQuVrj98gWNlPTGQQm6agrd9/:ib+rrkAr2zeuV+NtTird9/
Malware Config
Targets
-
-
Target
37f825985d0c3409aa3abe49f735705d_JaffaCakes118
-
Size
239KB
-
MD5
37f825985d0c3409aa3abe49f735705d
-
SHA1
77fc7455e7c9c0aa470edc4c9b018b706cb2577e
-
SHA256
f6decd4391704d83524fa20280542db91d00209b6d132c25366470e2579ebd8f
-
SHA512
6ffbd40956e9257e84280797ad2c45028041311c8bb20dc6bb086b1eb65f925f95103450e5487be458fe43880712d1cca29e3a9b5fdd80624232babe96cbc7ff
-
SSDEEP
6144:zSQEbb+rrkAF6aw7zpQuVrj98gWNlPTGQQm6agrd9/:ib+rrkAr2zeuV+NtTird9/
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1