Overview

overview

8

Static

static

3

JaffaCakes...0e.exe

windows7-x64

8

JaffaCakes...0e.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8accaad48b5d0717faaadea3a807130e

  • Size

    540KB

  • Sample

    250328-sse8csxycx

  • MD5

    8accaad48b5d0717faaadea3a807130e

  • SHA1

    305406c9c27790babd9c6af28aaaa56fc97c8484

  • SHA256

    363b14fb3589a66906cd84b837a5379d711bf02500ffc7448862ffeae5433ba8

  • SHA512

    d7faa94d3bb2dfba9fa5d8f649e88af8086bb7d544897ac05d1e5f5bb63b93a6c6902094d2c429b8a296ad57a26a56ab2c0b8ade46376f53b8d6b80a35a336d8

  • SSDEEP

    12288:m09PO3yf8V4K4QkyYGEZjL9tQ9FZXQo/1iwPEH/JANmdoj:m4O3m834ukP9tQ9FZXQS19SxPg

Score
8/10
adwarebootkitdiscoverypersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_8accaad48b5d0717faaadea3a807130e

    • Size

      540KB

    • MD5

      8accaad48b5d0717faaadea3a807130e

    • SHA1

      305406c9c27790babd9c6af28aaaa56fc97c8484

    • SHA256

      363b14fb3589a66906cd84b837a5379d711bf02500ffc7448862ffeae5433ba8

    • SHA512

      d7faa94d3bb2dfba9fa5d8f649e88af8086bb7d544897ac05d1e5f5bb63b93a6c6902094d2c429b8a296ad57a26a56ab2c0b8ade46376f53b8d6b80a35a336d8

    • SSDEEP

      12288:m09PO3yf8V4K4QkyYGEZjL9tQ9FZXQo/1iwPEH/JANmdoj:m4O3m834ukP9tQ9FZXQS19SxPg

    Score
    8/10
    adwarebootkitdiscoverypersistencestealer

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks