General

  • Target

    4a54e45dc195233401ec57f77e5696f6_JaffaCakes118

  • Size

    2.0MB

  • Sample

    241015-2kxbca1bre

  • MD5

    4a54e45dc195233401ec57f77e5696f6

  • SHA1

    8927b24257a945508545503bd1e6c714b952d066

  • SHA256

    b0d846525a7799b4a33e1675c65b5aad7170a4ea59f6007f07f2987a3f8fe4be

  • SHA512

    d36aee2d92fc353186b8a0980f2c6f95d6c5183c4152415aed3be0ab588501d790e090bb83426819a3bc337c9385ee3343e92c0c61445299eeaf386e65830143

  • SSDEEP

    49152:OK+02Mj4Oc2PB28P9hK5NT+0PbCDWIG6QgYVmyp:OK+0iao8FhTvu6QgYMyp

Malware Config

Targets

    • Target

      4a54e45dc195233401ec57f77e5696f6_JaffaCakes118

    • Size

      2.0MB

    • MD5

      4a54e45dc195233401ec57f77e5696f6

    • SHA1

      8927b24257a945508545503bd1e6c714b952d066

    • SHA256

      b0d846525a7799b4a33e1675c65b5aad7170a4ea59f6007f07f2987a3f8fe4be

    • SHA512

      d36aee2d92fc353186b8a0980f2c6f95d6c5183c4152415aed3be0ab588501d790e090bb83426819a3bc337c9385ee3343e92c0c61445299eeaf386e65830143

    • SSDEEP

      49152:OK+02Mj4Oc2PB28P9hK5NT+0PbCDWIG6QgYVmyp:OK+0iao8FhTvu6QgYMyp

    • Drops file in Drivers directory

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks