Overview

overview

7

Static

static

3

3e1af4946c...18.exe

windows7-x64

7

3e1af4946c...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e1af4946c8d0b69a266ae2c4ae345bf_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241013-gb8b2a1hjf

  • MD5

    3e1af4946c8d0b69a266ae2c4ae345bf

  • SHA1

    407a93cc7b0163d0425e80837a2eadbed2de2585

  • SHA256

    919d80eec6432b955f3e39aaf824f18aab7796f78efe160d51c9b271f4ea7b4e

  • SHA512

    4453841b15abd0c4c26cedf4ea0e8f0a490020a5c0ac2662cf24c709874cca4d5c6c388f2695396191114f361fd4ea091db41314b4a5ab0b5a3f44a4609ed1f6

  • SSDEEP

    24576:0dS/Az/wwDq2Y1RbJHHRcpJxohHKjQBkrHcvXD:0dBEwDqZXxkohqjQys

Score
7/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      3e1af4946c8d0b69a266ae2c4ae345bf_JaffaCakes118

    • Size

      1.0MB

    • MD5

      3e1af4946c8d0b69a266ae2c4ae345bf

    • SHA1

      407a93cc7b0163d0425e80837a2eadbed2de2585

    • SHA256

      919d80eec6432b955f3e39aaf824f18aab7796f78efe160d51c9b271f4ea7b4e

    • SHA512

      4453841b15abd0c4c26cedf4ea0e8f0a490020a5c0ac2662cf24c709874cca4d5c6c388f2695396191114f361fd4ea091db41314b4a5ab0b5a3f44a4609ed1f6

    • SSDEEP

      24576:0dS/Az/wwDq2Y1RbJHHRcpJxohHKjQBkrHcvXD:0dBEwDqZXxkohqjQys

    Score
    7/10
    bootkitdiscoveryevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks