6372c677a0f7eb505f69cb8704e9e68366665909d48b229161620a04081deba3 | Triage

Sharing

General

Target

fd28a95e5073e8d09674dfc4435ab4f4_JaffaCakes118
Size

714KB
Sample

240420-t268wacf85
MD5

fd28a95e5073e8d09674dfc4435ab4f4
SHA1

3e657a490bf79ed4ed7bad73a6ef1161b4a6305a
SHA256

6372c677a0f7eb505f69cb8704e9e68366665909d48b229161620a04081deba3
SHA512

f851e1d64d063f6dac56d5a3a51ed41ab41ec43e0c8fef2f3ec9c47ee6e7e4a13056fd4827fed228cf12459dd0ab5e9ad96e2133c93b7ac2f5a862f9327ff4cc
SSDEEP

12288:yxGz3mDUXfy264kSxOxVOidvBRXjIjb0HR8c:y23HHkSxOZdpR/Cc

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fd28a95e5073e8d09674dfc4435ab4f4_JaffaCakes118
- Size
  
  714KB
- MD5
  
  fd28a95e5073e8d09674dfc4435ab4f4
- SHA1
  
  3e657a490bf79ed4ed7bad73a6ef1161b4a6305a
- SHA256
  
  6372c677a0f7eb505f69cb8704e9e68366665909d48b229161620a04081deba3
- SHA512
  
  f851e1d64d063f6dac56d5a3a51ed41ab41ec43e0c8fef2f3ec9c47ee6e7e4a13056fd4827fed228cf12459dd0ab5e9ad96e2133c93b7ac2f5a862f9327ff4cc
- SSDEEP
  
  12288:yxGz3mDUXfy264kSxOxVOidvBRXjIjb0HR8c:y23HHkSxOZdpR/Cc
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence