4d6aaaf8c089498d294e64be6887b499739083b48e29a6ae3cd25bb8f51dbfce | Triage

Sharing

General

Target

0c563dc8e536b084857a5d35e44a243f_JaffaCakes118
Size

727KB
Sample

240501-vhgdsadh68
MD5

0c563dc8e536b084857a5d35e44a243f
SHA1

a84a0a79d1ee3342f54a7b7d51a2147793d64bac
SHA256

4d6aaaf8c089498d294e64be6887b499739083b48e29a6ae3cd25bb8f51dbfce
SHA512

e98f28aa4d50434bfe4fe299cefd5adc79e49227fe44ece957917c87baf0cbf21745648e4927ca422f93d4afad06a2d9fe925342292a7987c47741f6bc892d03
SSDEEP

12288:LwECaUglPnFsk7P0UahDyDT1QBRXjIjp3F/n20LAHRN+1:LwEC70qkgUahDuWRc/n26CR81

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  0c563dc8e536b084857a5d35e44a243f_JaffaCakes118
- Size
  
  727KB
- MD5
  
  0c563dc8e536b084857a5d35e44a243f
- SHA1
  
  a84a0a79d1ee3342f54a7b7d51a2147793d64bac
- SHA256
  
  4d6aaaf8c089498d294e64be6887b499739083b48e29a6ae3cd25bb8f51dbfce
- SHA512
  
  e98f28aa4d50434bfe4fe299cefd5adc79e49227fe44ece957917c87baf0cbf21745648e4927ca422f93d4afad06a2d9fe925342292a7987c47741f6bc892d03
- SSDEEP
  
  12288:LwECaUglPnFsk7P0UahDyDT1QBRXjIjp3F/n20LAHRN+1:LwEC70qkgUahDuWRc/n26CR81
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence