General
-
Target
8324d774a874783ea0f7cb51bcc84058_JaffaCakes118
-
Size
1.0MB
-
Sample
241031-qly1saxmc1
-
MD5
8324d774a874783ea0f7cb51bcc84058
-
SHA1
6959ea2f731c7c3d3bbd93af3420ab353fdfc305
-
SHA256
dff8655fff45215c0814b6f819b6a9dfb87e99ea9197323f0c41e7c0a3ce18bb
-
SHA512
7b9ec5bea2418cfa974b50ab24229c46bd4fe4e389cedefdf87c3f932bce815d9b878c3448b637d00afaad5449d436033659cf3789c7aa7f7b2391332b34022a
-
SSDEEP
24576:qEUaWisA/Tj1/hEmT+VVZ80oStpXrN1An7KtsZFAsJ:qta5hEmCVVhrtN1A7ZAsJ
Static task
static1
Behavioral task
behavioral1
Sample
8324d774a874783ea0f7cb51bcc84058_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8324d774a874783ea0f7cb51bcc84058_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8324d774a874783ea0f7cb51bcc84058_JaffaCakes118
-
Size
1.0MB
-
MD5
8324d774a874783ea0f7cb51bcc84058
-
SHA1
6959ea2f731c7c3d3bbd93af3420ab353fdfc305
-
SHA256
dff8655fff45215c0814b6f819b6a9dfb87e99ea9197323f0c41e7c0a3ce18bb
-
SHA512
7b9ec5bea2418cfa974b50ab24229c46bd4fe4e389cedefdf87c3f932bce815d9b878c3448b637d00afaad5449d436033659cf3789c7aa7f7b2391332b34022a
-
SSDEEP
24576:qEUaWisA/Tj1/hEmT+VVZ80oStpXrN1An7KtsZFAsJ:qta5hEmCVVhrtN1A7ZAsJ
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1