0d5def3720993c7ff853209226c0becaee1a367ee2d69dae8cf9cb951602b4e6 | Triage

Sharing

General

Target

73c6da067fb3d334aff02a228f118992_JaffaCakes118
Size

2.0MB
Sample

240526-ayppwaha27
MD5

73c6da067fb3d334aff02a228f118992
SHA1

3ce65baab0d969339b658e3208efd1c4c4201415
SHA256

0d5def3720993c7ff853209226c0becaee1a367ee2d69dae8cf9cb951602b4e6
SHA512

518f6fd0f02423dae19464d3cec6c5dead56278b351ccc4cc48ba7a0e5106d034bc158d13d9877cd0a2e6a9acae83d8465f6dc7605469ff696dddd15081fddf9
SSDEEP

49152:68uup8JQPIFz41BR3bbpePvcdNKEBOZ8VcjbDhYRtWaETOZ8DMul:68uup8JQPC41BR3MsNKEcZ8VOscaY

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  73c6da067fb3d334aff02a228f118992_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  73c6da067fb3d334aff02a228f118992
- SHA1
  
  3ce65baab0d969339b658e3208efd1c4c4201415
- SHA256
  
  0d5def3720993c7ff853209226c0becaee1a367ee2d69dae8cf9cb951602b4e6
- SHA512
  
  518f6fd0f02423dae19464d3cec6c5dead56278b351ccc4cc48ba7a0e5106d034bc158d13d9877cd0a2e6a9acae83d8465f6dc7605469ff696dddd15081fddf9
- SSDEEP
  
  49152:68uup8JQPIFz41BR3bbpePvcdNKEBOZ8VcjbDhYRtWaETOZ8DMul:68uup8JQPC41BR3MsNKEcZ8VOscaY
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  19KB
- MD5
  
  35d7b29c3ed690a8b0cd323917677b42
- SHA1
  
  ad74d2babe09f94838e408c8f9f77b6b56c644f5
- SHA256
  
  714bd22a836a7f164b848541b8bf8ac80a20ff38e10e412bf9ef518620a80b8c
- SHA512
  
  abc6f37b7306de737adf998607e81304ecc1589ac8e3164651b237def11b424a190e84608f4f6ce44a63ce225d93be7c617a736c82fb6b9077c5222c2e17b67d
- SSDEEP
  
  384:4JoiO8V2upW7vQjS//nYPLQa6jvjeMN+:4JzO8V2uovQjoym
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/insthelper.dll
- Size
  
  774KB
- MD5
  
  8bcd300c69b67e78b09cf07aecfa14fb
- SHA1
  
  d92bdb71d8b8477a3f0838360191aecc459a3c09
- SHA256
  
  d62d59db60544bd44db6d710f3b6d48608bee022d908dc46d16885e79dd1ca0d
- SHA512
  
  393667c3423ed6defeca5c7c51c3244106ebb737398b34822a38edf9fa68cead72016a77c29d4f47d0c5c784c6339e8080d3b35eb17d325658a951c464951cf4
- SSDEEP
  
  24576:Hur3XYYvDFTBs8N2x0y7J07fGYQ0gD8H9V2SM+5byEziR1BRWptMYabpeB:jp8JQPIFz41BR3bbpeB
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/reportsetup.dll
- Size
  
  309KB
- MD5
  
  52c3b9ac0484ece3b524a9526272f88e
- SHA1
  
  c07268de6a13290acbf58ec5ef75e2468533d791
- SHA256
  
  210876c0ff70ffaa88a05f9ef794a96136549f4168e940e256fb4ac85b0fff71
- SHA512
  
  da7710404e5630509eeaf9e318e2a4a2d9c4f269aee6cdce5d2a8f128094e7c92940312fda9913f5c44dce5159b59159f40137ddb2e7975e450f30c6a7b24f47
- SSDEEP
  
  6144:9TTPaNT41SBzliGz6WXKzoOCEIMzjKTBR2Z4kgg6D/Uuc:NrmT4uxiGz6WazojEfnKT/2Z4nD/Uuc
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8