8c154bd0f008bd298a786a52e4915796479048e7f0fb2572502718479710d867 | Triage

Sharing

General

Target

f9f5dfaab2bd72ea038d269f223c7001_JaffaCakes118
Size

192KB
Sample

240419-kx6xwadc85
MD5

f9f5dfaab2bd72ea038d269f223c7001
SHA1

accb1550992f39f50d135471caf291943c763576
SHA256

8c154bd0f008bd298a786a52e4915796479048e7f0fb2572502718479710d867
SHA512

9eb511d4d0a13e0b48b6998eafd654110b7026052f98c10bc71ffae78096b07f17d6a07ce6c4f95e03f90eaf476aad4abcfb15a00606b13dfd13b4c70ccc2131
SSDEEP

3072:j//6dBd2dxxqNe9aQ2/d+y/mAHPieGf1HTX3nN2UqnH4AK/1JjKLw+vIP9:j//YcxZynHP18VN2/HW1J6vIP9

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  f9f5dfaab2bd72ea038d269f223c7001_JaffaCakes118
- Size
  
  192KB
- MD5
  
  f9f5dfaab2bd72ea038d269f223c7001
- SHA1
  
  accb1550992f39f50d135471caf291943c763576
- SHA256
  
  8c154bd0f008bd298a786a52e4915796479048e7f0fb2572502718479710d867
- SHA512
  
  9eb511d4d0a13e0b48b6998eafd654110b7026052f98c10bc71ffae78096b07f17d6a07ce6c4f95e03f90eaf476aad4abcfb15a00606b13dfd13b4c70ccc2131
- SSDEEP
  
  3072:j//6dBd2dxxqNe9aQ2/d+y/mAHPieGf1HTX3nN2UqnH4AK/1JjKLw+vIP9:j//YcxZynHP18VN2/HW1J6vIP9
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence