8f0de9561c819a2ac7f490afebea87ac5a80fdc6af0877210e3601ad89de8310 | Triage

Sharing

General

Target

f982412c1068c62c74e66e33d22f126c_JaffaCakes118
Size

190KB
Sample

240419-e46ykahh31
MD5

f982412c1068c62c74e66e33d22f126c
SHA1

2abac49c1945c84afbf043294caedb466ecc9a6c
SHA256

8f0de9561c819a2ac7f490afebea87ac5a80fdc6af0877210e3601ad89de8310
SHA512

54afecfa208207f1605382fdbb907e4f0f58d30fb7a749cf91a5a31ec23ff7968ca85cf17543f06c57e0b683c6274c8ebb224d1f72df6d1b0dc52a0543b44a6e
SSDEEP

3072:mnb3hr6gHOACLkhR8xD/5TaBOR5OE1EM2jASY1atZgn37zpnop2WtXvs3R:o3hr6gH3N4xD/lay92NgvpnoJtEh

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  f982412c1068c62c74e66e33d22f126c_JaffaCakes118
- Size
  
  190KB
- MD5
  
  f982412c1068c62c74e66e33d22f126c
- SHA1
  
  2abac49c1945c84afbf043294caedb466ecc9a6c
- SHA256
  
  8f0de9561c819a2ac7f490afebea87ac5a80fdc6af0877210e3601ad89de8310
- SHA512
  
  54afecfa208207f1605382fdbb907e4f0f58d30fb7a749cf91a5a31ec23ff7968ca85cf17543f06c57e0b683c6274c8ebb224d1f72df6d1b0dc52a0543b44a6e
- SSDEEP
  
  3072:mnb3hr6gHOACLkhR8xD/5TaBOR5OE1EM2jASY1atZgn37zpnop2WtXvs3R:o3hr6gH3N4xD/lay92NgvpnoJtEh
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2