Overview

overview

7

Static

static

7

fc81ed5d1d...18.exe

windows7-x64

7

fc81ed5d1d...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc81ed5d1d68674edfd2fcd5091bed19_JaffaCakes118

  • Size

    341KB

  • Sample

    240420-l34v5sea45

  • MD5

    fc81ed5d1d68674edfd2fcd5091bed19

  • SHA1

    33ebe9b3143dee28364860a8d084894170cf7285

  • SHA256

    a77d5a7554d9d72a59f3f947a38d771f550a55ef982f827b44e90b91042c80d0

  • SHA512

    07bb880c496914613601fbc544494e7a94daafd8f6fc4d0c2a89cb9da79f08a9e76df522f100293bbe4f8b9b9983a1efa90036c33925dab1093f8fa204dba84c

  • SSDEEP

    6144:afZ/nwzIhoZib9i0ju9BKVoEZUWoORt8ErPQQexY9zpkxhi4SOnZh6Gz2:afpPOZiBiq3zxJYEWxWzGxQ6fL2

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      fc81ed5d1d68674edfd2fcd5091bed19_JaffaCakes118

    • Size

      341KB

    • MD5

      fc81ed5d1d68674edfd2fcd5091bed19

    • SHA1

      33ebe9b3143dee28364860a8d084894170cf7285

    • SHA256

      a77d5a7554d9d72a59f3f947a38d771f550a55ef982f827b44e90b91042c80d0

    • SHA512

      07bb880c496914613601fbc544494e7a94daafd8f6fc4d0c2a89cb9da79f08a9e76df522f100293bbe4f8b9b9983a1efa90036c33925dab1093f8fa204dba84c

    • SSDEEP

      6144:afZ/nwzIhoZib9i0ju9BKVoEZUWoORt8ErPQQexY9zpkxhi4SOnZh6Gz2:afpPOZiBiq3zxJYEWxWzGxQ6fL2

    Score
    7/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks