General

  • Target

    50dbaa452bdabcae1a363f2c0db2933f_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241017-f4bcbsxdjk

  • MD5

    50dbaa452bdabcae1a363f2c0db2933f

  • SHA1

    542c6d81843b5c92e689a491b6e78e60f985b9ab

  • SHA256

    84a007319eb0450731db6baac24d1045846da67af4ec8f8305651e2ba8e4277f

  • SHA512

    f7d0bc49b3c54824cb58f54c29d7b5205f61a7ab0702dcfa8f2e70c13ad3f2eb63cdcbe02edc254adcfb0419113890fd0364e4b4375a554fa6049e94c28989d6

  • SSDEEP

    49152:j3B1nHNpJL76/UnJcFTrPUZPmuN889BzJMQIf:jxhHNnKcZOux9fMQi

Malware Config

Targets

    • Target

      0EBE6A~1.EXE

    • Size

      244KB

    • MD5

      0ebe6ab79b52e3c4e9603dfd32d9c2d2

    • SHA1

      d0468c93c697abb3721d055a1b937a86c0b66b64

    • SHA256

      7cf371d44c7b339f545a405262b3803675356cd5e60795eaab75c3292b7ff0f6

    • SHA512

      4d2ad555c25ac9655da7e2c3bcdfc81458b6a351633e73081bc500d5b8bbf8a9d839d7ddaa34efbd31eabc510e16c917b887d4cd507744db6210122b4b1ddbb8

    • SSDEEP

      3072:n4YLnt4iDPaUSS3JfqhdK4TqbFjvnO5+ficHmKs8KWlqEV2v4hE3DxlyTEW:4YSi/Df1FTOw/HmV8R4EV04hUDD6

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • Target

      gifan.exe

    • Size

      4.5MB

    • MD5

      4e06b2b983dc1f7bfb832a58655dd725

    • SHA1

      e9269a45ef584226af0d84f2322e5f11a8e1dffa

    • SHA256

      9d0ddcc1d97c74cab71e22504fc1dc8517da525aa2e8a5a2b621dade6245cc68

    • SHA512

      4b002d53cb08641573c05adf17c6b6b8240eb9e1b523f9fa415fee7b275a4a36f26433674f20c27663f34d90bb9d9bde7d5418f7ccf9da07cf41879b79db485d

    • SSDEEP

      98304:mTc//////HSlIWYL2nanPdpXtj3Bot9szJQdtxYVOR2/HVQFe+D1Vn:GnanPdpdj3S9KseeVn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks