60b7902dab5ecf0ab3550f3af139d18f5ad29e69b4e05e8799903df55c1137c8 | Triage

Sharing

General

Target

fa6b1a8e5c3c6532d34489e59f690e81_JaffaCakes118
Size

80KB
Sample

240419-qxxl4aeg2v
MD5

fa6b1a8e5c3c6532d34489e59f690e81
SHA1

b9b574aa97adc214d7c30e02c6703a07f1685d2a
SHA256

60b7902dab5ecf0ab3550f3af139d18f5ad29e69b4e05e8799903df55c1137c8
SHA512

dddb40bcd20341c6d87de383fa58244be75419d56cfc48ab483c5b0664449f46cb153e7d0dc19abe71bc4c598110ba8a3b342778391dc9c539a7218220409532
SSDEEP

1536:yrhmnsgv/lC5qegCRd6A2b8bYc+nfbjNH1HKhLG:Gsjv9C0DOd6A22YcwfNHYhLG

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  fa6b1a8e5c3c6532d34489e59f690e81_JaffaCakes118
- Size
  
  80KB
- MD5
  
  fa6b1a8e5c3c6532d34489e59f690e81
- SHA1
  
  b9b574aa97adc214d7c30e02c6703a07f1685d2a
- SHA256
  
  60b7902dab5ecf0ab3550f3af139d18f5ad29e69b4e05e8799903df55c1137c8
- SHA512
  
  dddb40bcd20341c6d87de383fa58244be75419d56cfc48ab483c5b0664449f46cb153e7d0dc19abe71bc4c598110ba8a3b342778391dc9c539a7218220409532
- SSDEEP
  
  1536:yrhmnsgv/lC5qegCRd6A2b8bYc+nfbjNH1HKhLG:Gsjv9C0DOd6A22YcwfNHYhLG
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2