General

  • Target

    5003c5673c08278f3d95eddd000a9864_JaffaCakes118

  • Size

    3.4MB

  • Sample

    241017-bd84fsxaqn

  • MD5

    5003c5673c08278f3d95eddd000a9864

  • SHA1

    5aae74fa3173d72bed756d77620cc2c57df2d20e

  • SHA256

    6b7adbf5d4477933d39c9c9c2cac7e67a0bed10882ed02fffc6f3316829a9903

  • SHA512

    2a2f19b5ad6a40d278f6399ce932067f61cbf5f567b2392217fe7cd88d08c2b2a3eb2159e09ca52cb11e7d3a251477bbce6a12487547e16fd02364d15b424239

  • SSDEEP

    98304:5yJk3T4OuYGaWU2FG98z3DbVEke/B02O60e:5y04OZRWU2FG+Bte5pOA

Malware Config

Targets

    • Target

      5003c5673c08278f3d95eddd000a9864_JaffaCakes118

    • Size

      3.4MB

    • MD5

      5003c5673c08278f3d95eddd000a9864

    • SHA1

      5aae74fa3173d72bed756d77620cc2c57df2d20e

    • SHA256

      6b7adbf5d4477933d39c9c9c2cac7e67a0bed10882ed02fffc6f3316829a9903

    • SHA512

      2a2f19b5ad6a40d278f6399ce932067f61cbf5f567b2392217fe7cd88d08c2b2a3eb2159e09ca52cb11e7d3a251477bbce6a12487547e16fd02364d15b424239

    • SSDEEP

      98304:5yJk3T4OuYGaWU2FG98z3DbVEke/B02O60e:5y04OZRWU2FG+Bte5pOA

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks