General
-
Target
4a1db48566086fbf8018fe15a73261c4_JaffaCakes118
-
Size
867KB
-
Sample
241015-1fhrqaseqk
-
MD5
4a1db48566086fbf8018fe15a73261c4
-
SHA1
38221581efc349603c49658e44f94b7cf1b9298a
-
SHA256
b910d89b26b57d025ef659bc9a3f231b215ddee58d2b7a4a5746785104869ff2
-
SHA512
d143a08b9200dcf7b21d88339b8fbda33f3169d7f0effb4f563a94110b4075df8c650651ee7d7fd50adc1f2c56817fd26bb06fec84a7a54e2c6d6ea33040b39e
-
SSDEEP
24576:WN+q4yP7Dl2bLbGHoLeMYaEShf1KBr/OS+4PZA9ARJkDL:o+bWl2LBsfROqP+6If
Behavioral task
behavioral1
Sample
4a1db48566086fbf8018fe15a73261c4_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4a1db48566086fbf8018fe15a73261c4_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4a1db48566086fbf8018fe15a73261c4_JaffaCakes118
-
Size
867KB
-
MD5
4a1db48566086fbf8018fe15a73261c4
-
SHA1
38221581efc349603c49658e44f94b7cf1b9298a
-
SHA256
b910d89b26b57d025ef659bc9a3f231b215ddee58d2b7a4a5746785104869ff2
-
SHA512
d143a08b9200dcf7b21d88339b8fbda33f3169d7f0effb4f563a94110b4075df8c650651ee7d7fd50adc1f2c56817fd26bb06fec84a7a54e2c6d6ea33040b39e
-
SSDEEP
24576:WN+q4yP7Dl2bLbGHoLeMYaEShf1KBr/OS+4PZA9ARJkDL:o+bWl2LBsfROqP+6If
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1