General

  • Target

    JaffaCakes118_04abac11e57512945a1655c9e7f94a80

  • Size

    577KB

  • Sample

    250515-p7w8msgp6y

  • MD5

    04abac11e57512945a1655c9e7f94a80

  • SHA1

    fb3aaa19f0135544d5dd3e7d57100f6527aac283

  • SHA256

    d49cee9281badeabb4be8733e62371dfedc5b81db4379c7c12f71b03f8180780

  • SHA512

    d9be2202be5a0ff4ea0f7e046c93e3976705989c63fb27253d107e764920e364d93463a704f9dc631caffda730ff6599e5a63c99b05c01cb2e1ad35843f8fbf2

  • SSDEEP

    6144:2tWWm6p9cYuIChqbBgUajtx1gqJsZcwLN6xc1/Sb+X5GUiuRgXB5aO:2qc+D3dMZr0fKJGUX4aO

Malware Config

Targets

    • Target

      JaffaCakes118_04abac11e57512945a1655c9e7f94a80

    • Size

      577KB

    • MD5

      04abac11e57512945a1655c9e7f94a80

    • SHA1

      fb3aaa19f0135544d5dd3e7d57100f6527aac283

    • SHA256

      d49cee9281badeabb4be8733e62371dfedc5b81db4379c7c12f71b03f8180780

    • SHA512

      d9be2202be5a0ff4ea0f7e046c93e3976705989c63fb27253d107e764920e364d93463a704f9dc631caffda730ff6599e5a63c99b05c01cb2e1ad35843f8fbf2

    • SSDEEP

      6144:2tWWm6p9cYuIChqbBgUajtx1gqJsZcwLN6xc1/Sb+X5GUiuRgXB5aO:2qc+D3dMZr0fKJGUX4aO

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks