General

  • Target

    4b0fae714497cb3a60037e8f543d8ae9_JaffaCakes118

  • Size

    423KB

  • Sample

    241016-c5l9faycqc

  • MD5

    4b0fae714497cb3a60037e8f543d8ae9

  • SHA1

    8e53ff1ec3abcfe5cff2fe45c5feeef24a4ec918

  • SHA256

    829e8c5cb3aa8455f983872bb992e2e92966b940745e597c10742258c10b4173

  • SHA512

    c75e9b46087bde983bd56dfa88d2d706e0d135b487e9689c9cf2a05df97067771b6d81cd920c879fd2f604f545f8d1fa0308fa83d00ed80099f1a55088ae4b5e

  • SSDEEP

    6144:csgZ0IeJo5wTNxC5yuQJjXOQbJJ7TN26lELeuWcr+KYJccBWRXTH:MZ0254rucLJnlYeirGBBWRb

Malware Config

Targets

    • Target

      4b0fae714497cb3a60037e8f543d8ae9_JaffaCakes118

    • Size

      423KB

    • MD5

      4b0fae714497cb3a60037e8f543d8ae9

    • SHA1

      8e53ff1ec3abcfe5cff2fe45c5feeef24a4ec918

    • SHA256

      829e8c5cb3aa8455f983872bb992e2e92966b940745e597c10742258c10b4173

    • SHA512

      c75e9b46087bde983bd56dfa88d2d706e0d135b487e9689c9cf2a05df97067771b6d81cd920c879fd2f604f545f8d1fa0308fa83d00ed80099f1a55088ae4b5e

    • SSDEEP

      6144:csgZ0IeJo5wTNxC5yuQJjXOQbJJ7TN26lELeuWcr+KYJccBWRXTH:MZ0254rucLJnlYeirGBBWRb

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      wy.exe

    • Size

      1.9MB

    • MD5

      b18c3fbda7f860cacd7009ca0b0a50c2

    • SHA1

      2a5ee5d73b29dc2e072b25192acdf18931acc1c8

    • SHA256

      5850211530459f873ca0310c2221e113580ddc51bc2a211fd5d62d3c1f9834eb

    • SHA512

      c9bb7421c001d45f2362199b2ec6f6cd7f0a59a62ecbcd870212f32f2e2f9e21b95ccaef5ef085737bf94229f404c3e72146bfa49de69a2714593158658ef667

    • SSDEEP

      12288:8gKkcfmINnWutwH1CBRwJOUCC4YNe5O/GtFatedo/awd7Z0/:5imINDKVnOTC/M/Hatedo/bE

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks