Overview

overview

7

Static

static

3

6db54668b8...18.exe

windows7-x64

7

6db54668b8...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6db54668b8e6b8bae2796c3d10d5fcb1_JaffaCakes118

  • Size

    924KB

  • Sample

    241023-jbljdazdrl

  • MD5

    6db54668b8e6b8bae2796c3d10d5fcb1

  • SHA1

    b3dd071fe15c2ce3a7706d21309eeb98c21fef55

  • SHA256

    e337849f207f3294d7a4f1141f81aadca78d26a25944759fa73bc378464b6a67

  • SHA512

    bdb2b2320b713663acefa11e8ef225a7312d5735470d94abd8a3361c4eb226ec7c1619f050261fcceb59b8c04b16aac0880f5ba7d79420561ea7902aa7966dbe

  • SSDEEP

    24576:jtTZybAX4wvsuSrQKriOJaKZxNQOyGI0fCy6sX:pTH4J9OOUKZxeRGICJ6sX

Score
7/10
bootkitdiscoverypersistencevmprotect

Malware Config

Targets

    • Target

      6db54668b8e6b8bae2796c3d10d5fcb1_JaffaCakes118

    • Size

      924KB

    • MD5

      6db54668b8e6b8bae2796c3d10d5fcb1

    • SHA1

      b3dd071fe15c2ce3a7706d21309eeb98c21fef55

    • SHA256

      e337849f207f3294d7a4f1141f81aadca78d26a25944759fa73bc378464b6a67

    • SHA512

      bdb2b2320b713663acefa11e8ef225a7312d5735470d94abd8a3361c4eb226ec7c1619f050261fcceb59b8c04b16aac0880f5ba7d79420561ea7902aa7966dbe

    • SSDEEP

      24576:jtTZybAX4wvsuSrQKriOJaKZxNQOyGI0fCy6sX:pTH4J9OOUKZxeRGICJ6sX

    Score
    7/10
    bootkitdiscoverypersistencevmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks