16cb13bd319fbead043c5ebe6be2a3b8e2ee02bf5c3da907a2c2e34374467d43 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

1aa0378195...18.exe

windows7-x64

9

1aa0378195...18.exe

windows10-2004-x64

9

Sharing

General

Target

1aa0378195cf94c8cbaf9f21e84dbead_JaffaCakes118
Size

185KB
Sample

240701-khcqgsverq
MD5

1aa0378195cf94c8cbaf9f21e84dbead
SHA1

7e9b81ccdbfb28aa8b87e8ad31f571143719511e
SHA256

16cb13bd319fbead043c5ebe6be2a3b8e2ee02bf5c3da907a2c2e34374467d43
SHA512

b5036203be69ed7147cb90eaa22aeb4f3654d23e4a18392a064a558ffc2432a47808b36e1005cc9e695014f483c76c01c91e42d4cb7427e14e873e39074b87ee
SSDEEP

3072:gcJx2eJZUMcIUaFPmgRMNlPTGQQm6ytwZEsrYkK4kH5N5:gcJxbJiM598gWNlPTGQQm6agrdU5z

Score

9^/10

bootkit collection persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1aa0378195cf94c8cbaf9f21e84dbead_JaffaCakes118.exe

Resource

win7-20240611-en

bootkit collection persistence

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

1aa0378195cf94c8cbaf9f21e84dbead_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  1aa0378195cf94c8cbaf9f21e84dbead_JaffaCakes118
- Size
  
  185KB
- MD5
  
  1aa0378195cf94c8cbaf9f21e84dbead
- SHA1
  
  7e9b81ccdbfb28aa8b87e8ad31f571143719511e
- SHA256
  
  16cb13bd319fbead043c5ebe6be2a3b8e2ee02bf5c3da907a2c2e34374467d43
- SHA512
  
  b5036203be69ed7147cb90eaa22aeb4f3654d23e4a18392a064a558ffc2432a47808b36e1005cc9e695014f483c76c01c91e42d4cb7427e14e873e39074b87ee
- SSDEEP
  
  3072:gcJx2eJZUMcIUaFPmgRMNlPTGQQm6ytwZEsrYkK4kH5N5:gcJxbJiM598gWNlPTGQQm6agrdU5z
Score

9^/10

bootkit collection persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Accesses Microsoft Outlook accounts
  collection
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitcollectionpersistence

behavioral2

© 2018-2024

Terms | Privacy