28580add41f33e2099027ae600a84122bedabf0324334834e165057233aa2e5d | Triage

Sharing

General

Target

fc101dd326c3d170efaaabdc42a610a0_JaffaCakes118
Size

324KB
Sample

240420-gjlg8sag3z
MD5

fc101dd326c3d170efaaabdc42a610a0
SHA1

c0d054a57e97de962bb78b29d0b21b3dc99e7fee
SHA256

28580add41f33e2099027ae600a84122bedabf0324334834e165057233aa2e5d
SHA512

fe4e4733281af1cedbd36287c9a0646c1f9ec139c833a8b9cad9f24bbc319f33de4e8ad5e35d0f2a3a4c02c9bed23db3aa387b358060dc19a34783c9991ad201
SSDEEP

6144:W2gBgs+Nwat0XVr+6eUDd1wnaLfWEyOemkjNU1aTYONAcxbwOC8h5RdndVw+X0ot:wgs+Kat0XVr+6eUDd1kaLfWEyBmkjNUo

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fc101dd326c3d170efaaabdc42a610a0_JaffaCakes118
- Size
  
  324KB
- MD5
  
  fc101dd326c3d170efaaabdc42a610a0
- SHA1
  
  c0d054a57e97de962bb78b29d0b21b3dc99e7fee
- SHA256
  
  28580add41f33e2099027ae600a84122bedabf0324334834e165057233aa2e5d
- SHA512
  
  fe4e4733281af1cedbd36287c9a0646c1f9ec139c833a8b9cad9f24bbc319f33de4e8ad5e35d0f2a3a4c02c9bed23db3aa387b358060dc19a34783c9991ad201
- SSDEEP
  
  6144:W2gBgs+Nwat0XVr+6eUDd1wnaLfWEyOemkjNU1aTYONAcxbwOC8h5RdndVw+X0ot:wgs+Kat0XVr+6eUDd1kaLfWEyBmkjNUo
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence