95e0eb9ade042b604397c894fcb29d883bb462eca99f6f223bc35ed41d9ad6b2 | Triage

Sharing

General

Target

eb5c2d455451813691f701edd077ec53_JaffaCakes118
Size

20KB
Sample

240410-smcv2sff5t
MD5

eb5c2d455451813691f701edd077ec53
SHA1

965da3fc0ae7b26b47b36dbdeb5b6e5dae150835
SHA256

95e0eb9ade042b604397c894fcb29d883bb462eca99f6f223bc35ed41d9ad6b2
SHA512

357e05fb954c7b105b3584a0177c3e42c638e421bbaffbf6a2f3c1349a5269fde0059569a1fb56e4217f3e1e02dcb7103b3fe3c61e23dbe4a1f080b9b94c51c8
SSDEEP

384:P7EHu4OTwvihNqplFxe2r7CHJ4Rm+li4VHve0nCKeVOD6r3GK28oIEmGxDFKgBa:AOXwafmFchJ4RRi4V2HxVIwo7be

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  eb5c2d455451813691f701edd077ec53_JaffaCakes118
- Size
  
  20KB
- MD5
  
  eb5c2d455451813691f701edd077ec53
- SHA1
  
  965da3fc0ae7b26b47b36dbdeb5b6e5dae150835
- SHA256
  
  95e0eb9ade042b604397c894fcb29d883bb462eca99f6f223bc35ed41d9ad6b2
- SHA512
  
  357e05fb954c7b105b3584a0177c3e42c638e421bbaffbf6a2f3c1349a5269fde0059569a1fb56e4217f3e1e02dcb7103b3fe3c61e23dbe4a1f080b9b94c51c8
- SSDEEP
  
  384:P7EHu4OTwvihNqplFxe2r7CHJ4Rm+li4VHve0nCKeVOD6r3GK28oIEmGxDFKgBa:AOXwafmFchJ4RRi4V2HxVIwo7be
Score

6^/10

bootkit persistence
- Program crash
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence