General

  • Target

    8324d774a874783ea0f7cb51bcc84058_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241031-qly1saxmc1

  • MD5

    8324d774a874783ea0f7cb51bcc84058

  • SHA1

    6959ea2f731c7c3d3bbd93af3420ab353fdfc305

  • SHA256

    dff8655fff45215c0814b6f819b6a9dfb87e99ea9197323f0c41e7c0a3ce18bb

  • SHA512

    7b9ec5bea2418cfa974b50ab24229c46bd4fe4e389cedefdf87c3f932bce815d9b878c3448b637d00afaad5449d436033659cf3789c7aa7f7b2391332b34022a

  • SSDEEP

    24576:qEUaWisA/Tj1/hEmT+VVZ80oStpXrN1An7KtsZFAsJ:qta5hEmCVVhrtN1A7ZAsJ

Malware Config

Targets

    • Target

      8324d774a874783ea0f7cb51bcc84058_JaffaCakes118

    • Size

      1.0MB

    • MD5

      8324d774a874783ea0f7cb51bcc84058

    • SHA1

      6959ea2f731c7c3d3bbd93af3420ab353fdfc305

    • SHA256

      dff8655fff45215c0814b6f819b6a9dfb87e99ea9197323f0c41e7c0a3ce18bb

    • SHA512

      7b9ec5bea2418cfa974b50ab24229c46bd4fe4e389cedefdf87c3f932bce815d9b878c3448b637d00afaad5449d436033659cf3789c7aa7f7b2391332b34022a

    • SSDEEP

      24576:qEUaWisA/Tj1/hEmT+VVZ80oStpXrN1An7KtsZFAsJ:qta5hEmCVVhrtN1A7ZAsJ

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks