ed116545c2c8f18593a5fbcb3e936afa7043d44a30df4a6a664c4dcd7b3cc6a2 | Triage

Sharing

General

Target

f9c0eb8920e7212654aa31b63770c5f9_JaffaCakes118
Size

80KB
Sample

240419-hq6x7abd42
MD5

f9c0eb8920e7212654aa31b63770c5f9
SHA1

23490137f1202ba75760b796d7f67aeda7bcb6fa
SHA256

ed116545c2c8f18593a5fbcb3e936afa7043d44a30df4a6a664c4dcd7b3cc6a2
SHA512

8a93ad224068e65d59a11c2ce117863b4e24dcdbd0391bd6cd31e0fd6ccfe415ecd06c3606c9fe494b7dfa74b0870f8e12e25f6a626993d6f6d016ef1a5400c8
SSDEEP

1536:6EAJrzR8jHnimbTgvzt6/OT725mj+7M2F+o:lAJB8zimbTgvF2g+XMo

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  f9c0eb8920e7212654aa31b63770c5f9_JaffaCakes118
- Size
  
  80KB
- MD5
  
  f9c0eb8920e7212654aa31b63770c5f9
- SHA1
  
  23490137f1202ba75760b796d7f67aeda7bcb6fa
- SHA256
  
  ed116545c2c8f18593a5fbcb3e936afa7043d44a30df4a6a664c4dcd7b3cc6a2
- SHA512
  
  8a93ad224068e65d59a11c2ce117863b4e24dcdbd0391bd6cd31e0fd6ccfe415ecd06c3606c9fe494b7dfa74b0870f8e12e25f6a626993d6f6d016ef1a5400c8
- SSDEEP
  
  1536:6EAJrzR8jHnimbTgvzt6/OT725mj+7M2F+o:lAJB8zimbTgvF2g+XMo
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2