Overview

overview

7

Static

static

3

846d0f27da...18.exe

windows7-x64

7

846d0f27da...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    846d0f27dae05edfc9f245dc4df3e7b3_JaffaCakes118

  • Size

    3.4MB

  • Sample

    241101-pezhas1ckl

  • MD5

    846d0f27dae05edfc9f245dc4df3e7b3

  • SHA1

    56a79e31a59c153e3a6f8d43ac9f007217dc1106

  • SHA256

    b83207436a9b759ae57669db44bb501ce8321370caec88e3949abd660037e00c

  • SHA512

    450aab625f1c299204ac55b8636680a0837c601ca20c6041ca82bf7e6019fc83df48c328b746936da66130a846503beaff860176af8e9365c76575cacc345dcd

  • SSDEEP

    49152:FuXtVeKk34HR2vjylPttd7K19Hp65/0bVQoQl9LLCXVAXOLtVsGy57U8s3pYOT3d:Fud8Jct5EHpEie9X0kqVHyJk3T4Ouc

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      846d0f27dae05edfc9f245dc4df3e7b3_JaffaCakes118

    • Size

      3.4MB

    • MD5

      846d0f27dae05edfc9f245dc4df3e7b3

    • SHA1

      56a79e31a59c153e3a6f8d43ac9f007217dc1106

    • SHA256

      b83207436a9b759ae57669db44bb501ce8321370caec88e3949abd660037e00c

    • SHA512

      450aab625f1c299204ac55b8636680a0837c601ca20c6041ca82bf7e6019fc83df48c328b746936da66130a846503beaff860176af8e9365c76575cacc345dcd

    • SSDEEP

      49152:FuXtVeKk34HR2vjylPttd7K19Hp65/0bVQoQl9LLCXVAXOLtVsGy57U8s3pYOT3d:Fud8Jct5EHpEie9X0kqVHyJk3T4Ouc

    Score
    7/10
    bootkitdiscoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks