2a2810ff068467030f05624230fc590ac4e3ef2c9df76a4fe6d1feedf06f8344 | Triage

Sharing

General

Target

fbdda05780c0105abdd755fec2900580_JaffaCakes118
Size

432KB
Sample

240420-ef9pjsge7v
MD5

fbdda05780c0105abdd755fec2900580
SHA1

e463f3e0ddfcf8f340905027b596966e973f546a
SHA256

2a2810ff068467030f05624230fc590ac4e3ef2c9df76a4fe6d1feedf06f8344
SHA512

8440c10fdf797bfb757fd3deed51f48534eb7367d7bf76ac51dd6fc2c7be04292d831bd0d1c084d0abbea3ad75c26b7818e64db3b5d26f28ce5c7e133302eb99
SSDEEP

6144:BO+WwBZthD5J+x9dmKcMVqUl6c4jKMNvyX93dFoMrdUZnD698gWNlPTGQQm6agrG:tvZ/5J+Y1IlErvyX93dr+DVNtTird0

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fbdda05780c0105abdd755fec2900580_JaffaCakes118
- Size
  
  432KB
- MD5
  
  fbdda05780c0105abdd755fec2900580
- SHA1
  
  e463f3e0ddfcf8f340905027b596966e973f546a
- SHA256
  
  2a2810ff068467030f05624230fc590ac4e3ef2c9df76a4fe6d1feedf06f8344
- SHA512
  
  8440c10fdf797bfb757fd3deed51f48534eb7367d7bf76ac51dd6fc2c7be04292d831bd0d1c084d0abbea3ad75c26b7818e64db3b5d26f28ce5c7e133302eb99
- SSDEEP
  
  6144:BO+WwBZthD5J+x9dmKcMVqUl6c4jKMNvyX93dFoMrdUZnD698gWNlPTGQQm6agrG:tvZ/5J+Y1IlErvyX93dr+DVNtTird0
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2