General

  • Target

    49bc7dc0032684afc07eee886f9ec8d7_JaffaCakes118

  • Size

    190KB

  • Sample

    241015-yqgajatglc

  • MD5

    49bc7dc0032684afc07eee886f9ec8d7

  • SHA1

    e6af10a00872264227d193a8eada8f4210563bbe

  • SHA256

    b49b362d92b254cfd5b26dbce1fc6a76c15dd4a50be7dc45bbb6bcd1980843c5

  • SHA512

    86eb46e92c64673d987228ceacd1fee3de2cfe5295f790f51bf1f9ec6242728c6c8acc924b058a3372b5cec7989442bf9a55a3cd4e75359294567283ce0e16ac

  • SSDEEP

    3072:A9lA123y7w9qNRHLRAK01KYEs6c4dMbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhG:A9lA189qNR9701KY76ewvP6bQ7yMP+DB

Malware Config

Targets

    • Target

      49bc7dc0032684afc07eee886f9ec8d7_JaffaCakes118

    • Size

      190KB

    • MD5

      49bc7dc0032684afc07eee886f9ec8d7

    • SHA1

      e6af10a00872264227d193a8eada8f4210563bbe

    • SHA256

      b49b362d92b254cfd5b26dbce1fc6a76c15dd4a50be7dc45bbb6bcd1980843c5

    • SHA512

      86eb46e92c64673d987228ceacd1fee3de2cfe5295f790f51bf1f9ec6242728c6c8acc924b058a3372b5cec7989442bf9a55a3cd4e75359294567283ce0e16ac

    • SSDEEP

      3072:A9lA123y7w9qNRHLRAK01KYEs6c4dMbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhG:A9lA189qNR9701KY76ewvP6bQ7yMP+DB

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks