General

  • Target

    508d0af28c3805047684894cd155a141_JaffaCakes118

  • Size

    469KB

  • Sample

    241017-d4ezeatenl

  • MD5

    508d0af28c3805047684894cd155a141

  • SHA1

    ba85106a6484b8b0496be23a83159d7ebbe3a902

  • SHA256

    3d70057e5ecc7ae7d4963dc153060fbbb36f433a895b751923a8d982dc5c51cb

  • SHA512

    4777e8621dd4619cc60633c356b461df6aaa67b0f764662878fe673ecf2da47760345729f9dd6d6ba8b6e63ce055e6f7ca6cdcb3d9d87ad98b4fad336504b36e

  • SSDEEP

    6144:2bNcn0X3VZ89mk7e1PA/6uisTIyt4yWqIE8rO1TCWP/eXj4g4jm9GTS:U789msibQIc4nqI5mTCS/eXjL6Du

Malware Config

Targets

    • Target

      508d0af28c3805047684894cd155a141_JaffaCakes118

    • Size

      469KB

    • MD5

      508d0af28c3805047684894cd155a141

    • SHA1

      ba85106a6484b8b0496be23a83159d7ebbe3a902

    • SHA256

      3d70057e5ecc7ae7d4963dc153060fbbb36f433a895b751923a8d982dc5c51cb

    • SHA512

      4777e8621dd4619cc60633c356b461df6aaa67b0f764662878fe673ecf2da47760345729f9dd6d6ba8b6e63ce055e6f7ca6cdcb3d9d87ad98b4fad336504b36e

    • SSDEEP

      6144:2bNcn0X3VZ89mk7e1PA/6uisTIyt4yWqIE8rO1TCWP/eXj4g4jm9GTS:U789msibQIc4nqI5mTCS/eXjL6Du

    • Disables service(s)

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks