General

  • Target

    50c887c7490edeb65313045e8d8d485f_JaffaCakes118

  • Size

    5.2MB

  • Sample

    241017-fnjzjawgnk

  • MD5

    50c887c7490edeb65313045e8d8d485f

  • SHA1

    52a49ac841a22514a12528265d9d0427e40baa80

  • SHA256

    5dbc4918e8ecd9bccce189ea068322ac10b0e47c38c4a20b709467d5bad2ad32

  • SHA512

    f663ed4c5cc911d8b1237f7f7643f413436fd10a02e78388b65403a3bd5350982d42792736ac6add4ecab0b599425994db43c5381a116a7c38c7725bae2667e5

  • SSDEEP

    98304:NSfv4/+1l1r7E+fyouj5dQz4hCRgrYz1dNGpEcOrrzvoWxKZAS7s5J/xh8xuJ5p5:NSD31PfNujkzUCSE5dN/fzzaOxh8xIb5

Malware Config

Targets

    • Target

      50c887c7490edeb65313045e8d8d485f_JaffaCakes118

    • Size

      5.2MB

    • MD5

      50c887c7490edeb65313045e8d8d485f

    • SHA1

      52a49ac841a22514a12528265d9d0427e40baa80

    • SHA256

      5dbc4918e8ecd9bccce189ea068322ac10b0e47c38c4a20b709467d5bad2ad32

    • SHA512

      f663ed4c5cc911d8b1237f7f7643f413436fd10a02e78388b65403a3bd5350982d42792736ac6add4ecab0b599425994db43c5381a116a7c38c7725bae2667e5

    • SSDEEP

      98304:NSfv4/+1l1r7E+fyouj5dQz4hCRgrYz1dNGpEcOrrzvoWxKZAS7s5J/xh8xuJ5p5:NSD31PfNujkzUCSE5dN/fzzaOxh8xIb5

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks