a3fc7582c0a09e1b3f2b82a9a2941c12cb076c84cbfe811b2445de5bb4cc19b7 | Triage

Sharing

General

Target

fc22a53283a698ce6223d08254f7579e_JaffaCakes118
Size

296KB
Sample

240420-g79vqsaf48
MD5

fc22a53283a698ce6223d08254f7579e
SHA1

bd71da45daa316e78145fdffcb579229cefa0ae9
SHA256

a3fc7582c0a09e1b3f2b82a9a2941c12cb076c84cbfe811b2445de5bb4cc19b7
SHA512

9874f45e81db376a7e4d744a42a05699dfb34e5fc8a427110456dcdfe1374bd5f6dd4e4a28bb545a3041bb66cd8e275f7a96fdc81c5b7033a1da84dd0469856a
SSDEEP

6144:SijqqnucE1vRPeQnVW5GJZ2tNYLj8MfsoFaupxH/+MBTU0Y:SijfFE7PegVzYKj86soFaupJWP

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fc22a53283a698ce6223d08254f7579e_JaffaCakes118
- Size
  
  296KB
- MD5
  
  fc22a53283a698ce6223d08254f7579e
- SHA1
  
  bd71da45daa316e78145fdffcb579229cefa0ae9
- SHA256
  
  a3fc7582c0a09e1b3f2b82a9a2941c12cb076c84cbfe811b2445de5bb4cc19b7
- SHA512
  
  9874f45e81db376a7e4d744a42a05699dfb34e5fc8a427110456dcdfe1374bd5f6dd4e4a28bb545a3041bb66cd8e275f7a96fdc81c5b7033a1da84dd0469856a
- SSDEEP
  
  6144:SijqqnucE1vRPeQnVW5GJZ2tNYLj8MfsoFaupxH/+MBTU0Y:SijfFE7PegVzYKj86soFaupJWP
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2