2d5f4518585e5c52ea7f0f6cdd855196c64e20731d94f847a3143a7b3643d47a | Triage

Sharing

General

Target

fce7329fd99700cb76fe3d6d6adefc89_JaffaCakes118
Size

905KB
Sample

240420-q5agjaaf6z
MD5

fce7329fd99700cb76fe3d6d6adefc89
SHA1

1564c0d4d88128e1761af223faddc39d7495388a
SHA256

2d5f4518585e5c52ea7f0f6cdd855196c64e20731d94f847a3143a7b3643d47a
SHA512

5ef3a3fb3338d4c3be09bb0902a6737811ccd9b56fd6e1f976b5ef4cdfad06a4fe60a30167b318f108a51e65717d81a581a4b1df55df94819c87f1087c53e414
SSDEEP

24576:DsM5537UoWR4fYzq6Hm1/3vi5bY8YxWrbzzzzzkzzzzztoPPaDs:R5NOKSc1/3vimxWrbzzzzzkzzzzztoPr

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fce7329fd99700cb76fe3d6d6adefc89_JaffaCakes118
- Size
  
  905KB
- MD5
  
  fce7329fd99700cb76fe3d6d6adefc89
- SHA1
  
  1564c0d4d88128e1761af223faddc39d7495388a
- SHA256
  
  2d5f4518585e5c52ea7f0f6cdd855196c64e20731d94f847a3143a7b3643d47a
- SHA512
  
  5ef3a3fb3338d4c3be09bb0902a6737811ccd9b56fd6e1f976b5ef4cdfad06a4fe60a30167b318f108a51e65717d81a581a4b1df55df94819c87f1087c53e414
- SSDEEP
  
  24576:DsM5537UoWR4fYzq6Hm1/3vi5bY8YxWrbzzzzzkzzzzztoPPaDs:R5NOKSc1/3vimxWrbzzzzzkzzzzztoPr
Score

7^/10

bootkit persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence