General

  • Target

    4f07f680176fd270e11e175614d590e9_JaffaCakes118

  • Size

    187KB

  • Sample

    241016-zxyzlawerk

  • MD5

    4f07f680176fd270e11e175614d590e9

  • SHA1

    c1afef4bd8eace84c8ffca1c2c4afb8636ddf12e

  • SHA256

    f2967a77251732f2472f8063692f5c126125dd5386a62a1a130d6b35c7a3729f

  • SHA512

    5b2046b420987f6e0296687347379fab3117fe1331e72bcb551b43ea3e28c60f942ed9de233891549d3dd4479021bb768d38c396c946336449dc3058e7efa604

  • SSDEEP

    3072:XB4N5tlfILPZJUaFPmgRMNlPTGQQm6ytwZEsrYkK4cuUgW693fCHQW:R4LmLf98gWNlPTGQQm6agrdu+f

Malware Config

Targets

    • Target

      4f07f680176fd270e11e175614d590e9_JaffaCakes118

    • Size

      187KB

    • MD5

      4f07f680176fd270e11e175614d590e9

    • SHA1

      c1afef4bd8eace84c8ffca1c2c4afb8636ddf12e

    • SHA256

      f2967a77251732f2472f8063692f5c126125dd5386a62a1a130d6b35c7a3729f

    • SHA512

      5b2046b420987f6e0296687347379fab3117fe1331e72bcb551b43ea3e28c60f942ed9de233891549d3dd4479021bb768d38c396c946336449dc3058e7efa604

    • SSDEEP

      3072:XB4N5tlfILPZJUaFPmgRMNlPTGQQm6ytwZEsrYkK4cuUgW693fCHQW:R4LmLf98gWNlPTGQQm6agrdu+f

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks