General
-
Target
4d147b7a06d119a79cedb2aedfe252f9_JaffaCakes118
-
Size
2.9MB
-
Sample
241016-qqkc7a1hja
-
MD5
4d147b7a06d119a79cedb2aedfe252f9
-
SHA1
fb25f7a211c6fdd682221b88246687e3d80c5735
-
SHA256
b5f245d1a37e528c3d9f8367c7d6f6bce90edd6cd4a75f20aa85b723462f3949
-
SHA512
c2f109c1e93f56924478e3ad547d728b7e8c14a01dde827af10d7f1e02db31442357a9583482f5d26fe096e767577af659bf7f3777e5202ac72e977c5832fad4
-
SSDEEP
49152:g4s53EYORioVKLR7KOkMuETHWXHUh4cQArkVWBd0MJ9oiaN:xWdbWXHzxMJjaN
Static task
static1
Behavioral task
behavioral1
Sample
4d147b7a06d119a79cedb2aedfe252f9_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
4d147b7a06d119a79cedb2aedfe252f9_JaffaCakes118
-
Size
2.9MB
-
MD5
4d147b7a06d119a79cedb2aedfe252f9
-
SHA1
fb25f7a211c6fdd682221b88246687e3d80c5735
-
SHA256
b5f245d1a37e528c3d9f8367c7d6f6bce90edd6cd4a75f20aa85b723462f3949
-
SHA512
c2f109c1e93f56924478e3ad547d728b7e8c14a01dde827af10d7f1e02db31442357a9583482f5d26fe096e767577af659bf7f3777e5202ac72e977c5832fad4
-
SSDEEP
49152:g4s53EYORioVKLR7KOkMuETHWXHUh4cQArkVWBd0MJ9oiaN:xWdbWXHzxMJjaN
-
Modifies security service
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1