8a3b08445a3d4057dd5496342f736263f6794ccefc2c789a9822a8d3460aac29 | Triage

Sharing

General

Target

fbabfba7bded26b69ecf73eff677123d_JaffaCakes118
Size

94KB
Sample

240420-cbyelsdd94
MD5

fbabfba7bded26b69ecf73eff677123d
SHA1

5924038442fa2c1638287eb16338d46a7282fd67
SHA256

8a3b08445a3d4057dd5496342f736263f6794ccefc2c789a9822a8d3460aac29
SHA512

335b033e9328bdc95753c7755dc6ad932200b7e9f0399690081fd5224289f86a4f87cf52e2ce477007c68b107d73f0642bea388e7f337cb2049e0f3dbb82a2de
SSDEEP

1536:9X+THOuC48SM9FqLx4FAbCXLCw2qxylIUmO9nX3QN1ZZxI4wF7jm:gTLCSSWWFAbc72Aye29nX3Qn7N

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  fbabfba7bded26b69ecf73eff677123d_JaffaCakes118
- Size
  
  94KB
- MD5
  
  fbabfba7bded26b69ecf73eff677123d
- SHA1
  
  5924038442fa2c1638287eb16338d46a7282fd67
- SHA256
  
  8a3b08445a3d4057dd5496342f736263f6794ccefc2c789a9822a8d3460aac29
- SHA512
  
  335b033e9328bdc95753c7755dc6ad932200b7e9f0399690081fd5224289f86a4f87cf52e2ce477007c68b107d73f0642bea388e7f337cb2049e0f3dbb82a2de
- SSDEEP
  
  1536:9X+THOuC48SM9FqLx4FAbCXLCw2qxylIUmO9nX3QN1ZZxI4wF7jm:gTLCSSWWFAbc72Aye29nX3Qn7N
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2