Overview

overview

6

Static

static

3

fc101dd326...18.exe

windows7-x64

6

fc101dd326...18.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc101dd326c3d170efaaabdc42a610a0_JaffaCakes118

  • Size

    324KB

  • Sample

    240420-gjlg8sag3z

  • MD5

    fc101dd326c3d170efaaabdc42a610a0

  • SHA1

    c0d054a57e97de962bb78b29d0b21b3dc99e7fee

  • SHA256

    28580add41f33e2099027ae600a84122bedabf0324334834e165057233aa2e5d

  • SHA512

    fe4e4733281af1cedbd36287c9a0646c1f9ec139c833a8b9cad9f24bbc319f33de4e8ad5e35d0f2a3a4c02c9bed23db3aa387b358060dc19a34783c9991ad201

  • SSDEEP

    6144:W2gBgs+Nwat0XVr+6eUDd1wnaLfWEyOemkjNU1aTYONAcxbwOC8h5RdndVw+X0ot:wgs+Kat0XVr+6eUDd1kaLfWEyBmkjNUo

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      fc101dd326c3d170efaaabdc42a610a0_JaffaCakes118

    • Size

      324KB

    • MD5

      fc101dd326c3d170efaaabdc42a610a0

    • SHA1

      c0d054a57e97de962bb78b29d0b21b3dc99e7fee

    • SHA256

      28580add41f33e2099027ae600a84122bedabf0324334834e165057233aa2e5d

    • SHA512

      fe4e4733281af1cedbd36287c9a0646c1f9ec139c833a8b9cad9f24bbc319f33de4e8ad5e35d0f2a3a4c02c9bed23db3aa387b358060dc19a34783c9991ad201

    • SSDEEP

      6144:W2gBgs+Nwat0XVr+6eUDd1wnaLfWEyOemkjNU1aTYONAcxbwOC8h5RdndVw+X0ot:wgs+Kat0XVr+6eUDd1kaLfWEyBmkjNUo

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks