6f5ed6beb7f87524a78c5f78a2476dd05c0feef2b4abbfd8772ee1e1a5d1f953 | Triage

Sharing

General

Target

0320e9ed16db9cbc80db4cd14548b9e3_JaffaCakes118
Size

493KB
Sample

240427-ncgc9shh7x
MD5

0320e9ed16db9cbc80db4cd14548b9e3
SHA1

31f57a82188c116863be0aad4184814838b22fe2
SHA256

6f5ed6beb7f87524a78c5f78a2476dd05c0feef2b4abbfd8772ee1e1a5d1f953
SHA512

be4e745718d29c5017749788809e4d4bb2d371e88f17a09d06df5a52fda287bc6e97e12cd63b7b965fb01fbcbbd206a8cad7f3c5113cfa8648a5585d22b1c44d
SSDEEP

6144:3IJ/N5GXadtcJeUth55C+pvCAcRcCmAH4ttI/wonOSgy19ZWZKUlxfsf3tK8sbKZ:Yf5GKEgUycvCcCN/wZGWZ5l83tK8I+

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  0320e9ed16db9cbc80db4cd14548b9e3_JaffaCakes118
- Size
  
  493KB
- MD5
  
  0320e9ed16db9cbc80db4cd14548b9e3
- SHA1
  
  31f57a82188c116863be0aad4184814838b22fe2
- SHA256
  
  6f5ed6beb7f87524a78c5f78a2476dd05c0feef2b4abbfd8772ee1e1a5d1f953
- SHA512
  
  be4e745718d29c5017749788809e4d4bb2d371e88f17a09d06df5a52fda287bc6e97e12cd63b7b965fb01fbcbbd206a8cad7f3c5113cfa8648a5585d22b1c44d
- SSDEEP
  
  6144:3IJ/N5GXadtcJeUth55C+pvCAcRcCmAH4ttI/wonOSgy19ZWZKUlxfsf3tK8sbKZ:Yf5GKEgUycvCcCN/wZGWZ5l83tK8I+
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence