ba09708066c56e17d5b9ef925906747e4eb57e76eb198fe499b681ee9a220511 | Triage

Sharing

General

Target

fa80b45adbbcd84008a799fa141e6f4e_JaffaCakes118
Size

80KB
Sample

240419-rs73psef78
MD5

fa80b45adbbcd84008a799fa141e6f4e
SHA1

43d081ee360cae7e5ed826dc12a92c8b190160fe
SHA256

ba09708066c56e17d5b9ef925906747e4eb57e76eb198fe499b681ee9a220511
SHA512

4d7940eff2c4f1e7ef663426531442d918519cc543a5f9c988e84703f5ff7e621f0258838aa6c802612430c976dac871a2a503402af2a4d1323b0adc634008da
SSDEEP

1536:/abAEMicBp29uFxple1iChr0l2hMTCldiiUrmVj1u0:CbAEzcBp4Inle1ihAywwIBu0

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  fa80b45adbbcd84008a799fa141e6f4e_JaffaCakes118
- Size
  
  80KB
- MD5
  
  fa80b45adbbcd84008a799fa141e6f4e
- SHA1
  
  43d081ee360cae7e5ed826dc12a92c8b190160fe
- SHA256
  
  ba09708066c56e17d5b9ef925906747e4eb57e76eb198fe499b681ee9a220511
- SHA512
  
  4d7940eff2c4f1e7ef663426531442d918519cc543a5f9c988e84703f5ff7e621f0258838aa6c802612430c976dac871a2a503402af2a4d1323b0adc634008da
- SSDEEP
  
  1536:/abAEMicBp29uFxple1iChr0l2hMTCldiiUrmVj1u0:CbAEzcBp4Inle1ihAywwIBu0
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2