General

  • Target

    503b154050ce76040ccb90509af08ded_JaffaCakes118

  • Size

    2.9MB

  • Sample

    241017-cbzmnswdqc

  • MD5

    503b154050ce76040ccb90509af08ded

  • SHA1

    852915fe0319821b44c14d0d8c3a888fa4345d57

  • SHA256

    b5f3f9c38941a80a482fec7f66183828add12d9115c824b78c89ffbaae951996

  • SHA512

    5a31418b3e7c1b27e910a6f664252c30d502cb550df943cef10893c1980df77ff1e06a6a0649cd8f0ab2e6c0e4fc754c4b6a8a3e508c26d00824d8ca58c2eabb

  • SSDEEP

    3072:/BvoI005zo/QmqkeYwlun+hCzqr1L8g/JcY4g0mp:ll5zo/QfP+Chwg/2g9

Malware Config

Targets

    • Target

      503b154050ce76040ccb90509af08ded_JaffaCakes118

    • Size

      2.9MB

    • MD5

      503b154050ce76040ccb90509af08ded

    • SHA1

      852915fe0319821b44c14d0d8c3a888fa4345d57

    • SHA256

      b5f3f9c38941a80a482fec7f66183828add12d9115c824b78c89ffbaae951996

    • SHA512

      5a31418b3e7c1b27e910a6f664252c30d502cb550df943cef10893c1980df77ff1e06a6a0649cd8f0ab2e6c0e4fc754c4b6a8a3e508c26d00824d8ca58c2eabb

    • SSDEEP

      3072:/BvoI005zo/QmqkeYwlun+hCzqr1L8g/JcY4g0mp:ll5zo/QfP+Chwg/2g9

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks