Overview

overview

8

Static

static

3

3ee5875e4d...18.exe

windows7-x64

8

3ee5875e4d...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ee5875e4d761cc15c359307051d6094_JaffaCakes118

  • Size

    436KB

  • Sample

    241013-kqbs6asdjp

  • MD5

    3ee5875e4d761cc15c359307051d6094

  • SHA1

    739f5361a4ba29b129b8de8548fb4ce96ffe040c

  • SHA256

    d30812ff4075b9c72786ac2f06ea2c066de2d0c1b136cb752447e9682339745d

  • SHA512

    4f721838a6d01043524d1ee015bd6f87d1ed2e2b0317c883a880f8cc62db53629a9178560b1ea03db7c06fa2dc97890473237fa6a0499b451c420911a3c37f39

  • SSDEEP

    12288:ZHd6c8b4q+RkPGiaRgw4anGe4JvfUK6M6t:ld6c44bpNhdGJJvfUMg

Score
8/10
adwarebootkitdiscoverypersistencestealer

Malware Config

Targets

    • Target

      3ee5875e4d761cc15c359307051d6094_JaffaCakes118

    • Size

      436KB

    • MD5

      3ee5875e4d761cc15c359307051d6094

    • SHA1

      739f5361a4ba29b129b8de8548fb4ce96ffe040c

    • SHA256

      d30812ff4075b9c72786ac2f06ea2c066de2d0c1b136cb752447e9682339745d

    • SHA512

      4f721838a6d01043524d1ee015bd6f87d1ed2e2b0317c883a880f8cc62db53629a9178560b1ea03db7c06fa2dc97890473237fa6a0499b451c420911a3c37f39

    • SSDEEP

      12288:ZHd6c8b4q+RkPGiaRgw4anGe4JvfUK6M6t:ld6c44bpNhdGJJvfUMg

    Score
    8/10
    adwarebootkitdiscoverypersistencestealer

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks