Overview

overview

7

Static

static

7

fc6d91e1e9...18.exe

windows7-x64

7

fc6d91e1e9...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc6d91e1e976ab2f1b2f27338c5a4b2b_JaffaCakes118

  • Size

    341KB

  • Sample

    240420-lamq6add24

  • MD5

    fc6d91e1e976ab2f1b2f27338c5a4b2b

  • SHA1

    3bfa54dd958fd3e551f98701f717f4202966e1c1

  • SHA256

    6952fa7d9abcf9595f4f0d2f4bf1370215eddbb4bef92f675c76e8484387bce5

  • SHA512

    d66f65b91692438ab4d28ca9121bea403ca3a66c1b5fce5db2e400df1ff8e3504f21d6a36d71b02a0eb92a6aa50569f8037921f66ad62e4f85bb56d56428fa78

  • SSDEEP

    6144:3fZ/nwzIhoZib9i0ju9BKVoEZUWC2cQb4c5hoejhCt/bjR36cgQCI:3fpPOZiBiq3zxC2lTBNCxbVQLI

Score
7/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      fc6d91e1e976ab2f1b2f27338c5a4b2b_JaffaCakes118

    • Size

      341KB

    • MD5

      fc6d91e1e976ab2f1b2f27338c5a4b2b

    • SHA1

      3bfa54dd958fd3e551f98701f717f4202966e1c1

    • SHA256

      6952fa7d9abcf9595f4f0d2f4bf1370215eddbb4bef92f675c76e8484387bce5

    • SHA512

      d66f65b91692438ab4d28ca9121bea403ca3a66c1b5fce5db2e400df1ff8e3504f21d6a36d71b02a0eb92a6aa50569f8037921f66ad62e4f85bb56d56428fa78

    • SSDEEP

      6144:3fZ/nwzIhoZib9i0ju9BKVoEZUWC2cQb4c5hoejhCt/bjR36cgQCI:3fpPOZiBiq3zxC2lTBNCxbVQLI

    Score
    7/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks