Overview

overview

10

Static

static

1

JaffaCakes...4d.exe

windows7-x64

10

JaffaCakes...4d.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_278b149e1ad153373e8f0dd292baa94d

  • Size

    44KB

  • Sample

    250125-dbl71stkdr

  • MD5

    278b149e1ad153373e8f0dd292baa94d

  • SHA1

    57ac1a905d37a126313b545878dc9bccd7493522

  • SHA256

    e1b3b8aa163cc3113095714cd370dd11e6b9647356d73d49d0bebacff951005c

  • SHA512

    b7950d86d19cebaee62f119238cf02b5b6a7af8694174922277e091f5c65b704d63d7efdafe2dfed85aa0755af597961ad2505ecc1b43b3b1d3f67387102bd8a

  • SSDEEP

    768:ULq06gCeVaKY7HxxgycnVMh9BwyGK2Bn0nFgJhcthlVCUJeKJkuN+ALAx9b:vFK88/Oh9BwV6nKJhcayx8AU3b

Score
10/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      JaffaCakes118_278b149e1ad153373e8f0dd292baa94d

    • Size

      44KB

    • MD5

      278b149e1ad153373e8f0dd292baa94d

    • SHA1

      57ac1a905d37a126313b545878dc9bccd7493522

    • SHA256

      e1b3b8aa163cc3113095714cd370dd11e6b9647356d73d49d0bebacff951005c

    • SHA512

      b7950d86d19cebaee62f119238cf02b5b6a7af8694174922277e091f5c65b704d63d7efdafe2dfed85aa0755af597961ad2505ecc1b43b3b1d3f67387102bd8a

    • SSDEEP

      768:ULq06gCeVaKY7HxxgycnVMh9BwyGK2Bn0nFgJhcthlVCUJeKJkuN+ALAx9b:vFK88/Oh9BwV6nKJhcayx8AU3b

    Score
    10/10
    bootkitdiscoverypersistencespywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks