General
-
Target
4a54e45dc195233401ec57f77e5696f6_JaffaCakes118
-
Size
2.0MB
-
Sample
241015-2kxbca1bre
-
MD5
4a54e45dc195233401ec57f77e5696f6
-
SHA1
8927b24257a945508545503bd1e6c714b952d066
-
SHA256
b0d846525a7799b4a33e1675c65b5aad7170a4ea59f6007f07f2987a3f8fe4be
-
SHA512
d36aee2d92fc353186b8a0980f2c6f95d6c5183c4152415aed3be0ab588501d790e090bb83426819a3bc337c9385ee3343e92c0c61445299eeaf386e65830143
-
SSDEEP
49152:OK+02Mj4Oc2PB28P9hK5NT+0PbCDWIG6QgYVmyp:OK+0iao8FhTvu6QgYMyp
Static task
static1
Behavioral task
behavioral1
Sample
4a54e45dc195233401ec57f77e5696f6_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4a54e45dc195233401ec57f77e5696f6_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4a54e45dc195233401ec57f77e5696f6_JaffaCakes118
-
Size
2.0MB
-
MD5
4a54e45dc195233401ec57f77e5696f6
-
SHA1
8927b24257a945508545503bd1e6c714b952d066
-
SHA256
b0d846525a7799b4a33e1675c65b5aad7170a4ea59f6007f07f2987a3f8fe4be
-
SHA512
d36aee2d92fc353186b8a0980f2c6f95d6c5183c4152415aed3be0ab588501d790e090bb83426819a3bc337c9385ee3343e92c0c61445299eeaf386e65830143
-
SSDEEP
49152:OK+02Mj4Oc2PB28P9hK5NT+0PbCDWIG6QgYVmyp:OK+0iao8FhTvu6QgYMyp
Score8/10-
Drops file in Drivers directory
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-