65735437b08748338332a8a0358059124390893e4701b710e089b29fbe260f8b | Triage

Sharing

General

Target

7463562023896487cd7b55599db9dfb5_JaffaCakes118
Size

505KB
Sample

240526-flbv5sfg31
MD5

7463562023896487cd7b55599db9dfb5
SHA1

0d56e71b30dfd3e6dc1adae22f6ffa6aa2655480
SHA256

65735437b08748338332a8a0358059124390893e4701b710e089b29fbe260f8b
SHA512

9de8d303ec98e8d490a7d836d8cd2bc1f35cbf35a42baca6865f0de7e1c92ab76254a8a18deab9e24f38456b95485f452cf47904e43dfc17b2ec099f2e97c5e7
SSDEEP

6144:Exd0r+zwr2rNy8daL6ku/GWSHaXCMMN+3rhmBF9Z9wBjufk41SWJir5GY/F9g:gdHsr2rNv6aGTSIF9YU84IZr5G49g

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  7463562023896487cd7b55599db9dfb5_JaffaCakes118
- Size
  
  505KB
- MD5
  
  7463562023896487cd7b55599db9dfb5
- SHA1
  
  0d56e71b30dfd3e6dc1adae22f6ffa6aa2655480
- SHA256
  
  65735437b08748338332a8a0358059124390893e4701b710e089b29fbe260f8b
- SHA512
  
  9de8d303ec98e8d490a7d836d8cd2bc1f35cbf35a42baca6865f0de7e1c92ab76254a8a18deab9e24f38456b95485f452cf47904e43dfc17b2ec099f2e97c5e7
- SSDEEP
  
  6144:Exd0r+zwr2rNy8daL6ku/GWSHaXCMMN+3rhmBF9Z9wBjufk41SWJir5GY/F9g:gdHsr2rNv6aGTSIF9YU84IZr5G49g
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence