Overview

overview

8

Static

static

3

1ae66a9fc4...18.exe

windows7-x64

8

1ae66a9fc4...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ae66a9fc43550f3965858f268a81d43_JaffaCakes118

  • Size

    1018KB

  • Sample

    240701-l8994svhpc

  • MD5

    1ae66a9fc43550f3965858f268a81d43

  • SHA1

    1c17f4c3fa901f12315385d41fddfa8be13535a8

  • SHA256

    733940668a1cf9f3f7daa4389c58e3e7cb6e15bafa49d7361e048e9057c20871

  • SHA512

    16fb55447a148867b78c2ef8be1f55a1eddd08e340bfd11203551247fc2c6b2240383b37ac44dbcc2bade42ecb3fcbd2461e33144d5f48ed28626836e826f0a7

  • SSDEEP

    24576:di3jMktyafwc0jNM/LRXdBBWlmTxOnkZBalRfBY8:cWaGNK6aOnaBmfBp

Score
8/10
bootkitevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      1ae66a9fc43550f3965858f268a81d43_JaffaCakes118

    • Size

      1018KB

    • MD5

      1ae66a9fc43550f3965858f268a81d43

    • SHA1

      1c17f4c3fa901f12315385d41fddfa8be13535a8

    • SHA256

      733940668a1cf9f3f7daa4389c58e3e7cb6e15bafa49d7361e048e9057c20871

    • SHA512

      16fb55447a148867b78c2ef8be1f55a1eddd08e340bfd11203551247fc2c6b2240383b37ac44dbcc2bade42ecb3fcbd2461e33144d5f48ed28626836e826f0a7

    • SSDEEP

      24576:di3jMktyafwc0jNM/LRXdBBWlmTxOnkZBalRfBY8:cWaGNK6aOnaBmfBp

    Score
    8/10
    bootkitevasionexecutionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks