General

  • Target

    839c29fc7614aa77cb4d7c05b58d2c17_JaffaCakes118

  • Size

    215KB

  • Sample

    241031-xhgewszrgv

  • MD5

    839c29fc7614aa77cb4d7c05b58d2c17

  • SHA1

    b15977cdfb4ca7521d5b20da025d210aba1b3887

  • SHA256

    366c255a589f1601ec3c38066a16b3d93ef165cd497656b904b25f0de53a2da8

  • SHA512

    c1cccc8adda0158d5f387105eb1efc4096c339c2c57a5ec05a3a9c673cee316fd80fe9dca6797455ae45a41010e5eee58799a5d24a056ebb2c70ecb89351c439

  • SSDEEP

    6144:iv/TOUTKYtSaGkSqbPbifdXwvP6bQ7yMP+DE827WyNtz:M7OU3SaGkdbDiy6b7MP+Dd2SUz

Malware Config

Targets

    • Target

      839c29fc7614aa77cb4d7c05b58d2c17_JaffaCakes118

    • Size

      215KB

    • MD5

      839c29fc7614aa77cb4d7c05b58d2c17

    • SHA1

      b15977cdfb4ca7521d5b20da025d210aba1b3887

    • SHA256

      366c255a589f1601ec3c38066a16b3d93ef165cd497656b904b25f0de53a2da8

    • SHA512

      c1cccc8adda0158d5f387105eb1efc4096c339c2c57a5ec05a3a9c673cee316fd80fe9dca6797455ae45a41010e5eee58799a5d24a056ebb2c70ecb89351c439

    • SSDEEP

      6144:iv/TOUTKYtSaGkSqbPbifdXwvP6bQ7yMP+DE827WyNtz:M7OU3SaGkdbDiy6b7MP+Dd2SUz

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks