53a7a2dc2c68e8d951408cc7e9c5861a218ebdfa4c8c764944aba18a579103b5 | Triage

Sharing

General

Target

097e63402bea084b2cabd589a91a2694_JaffaCakes118
Size

373KB
Sample

240624-tke33a1bpd
MD5

097e63402bea084b2cabd589a91a2694
SHA1

e5e3c37f9ec5ced36c02d8f3b4dd878c5a95dd27
SHA256

53a7a2dc2c68e8d951408cc7e9c5861a218ebdfa4c8c764944aba18a579103b5
SHA512

5023b684371378b05cfde51eefc721676f8a029b52d0fa41100a85a57b9cd7d76162db6404d1533d63f64aa2c054292e98f878ed74899b0a10f826bd5d431836
SSDEEP

6144:0d4gFGIBFF2x2lOa/jCktNNYQ1nHjKZ7EleehDnE8L42nVW5GJZ2tNYLj8MfsYIv:0dRZBFUszxtNNYQ1HjKAeCDnEuVzYKjm

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  097e63402bea084b2cabd589a91a2694_JaffaCakes118
- Size
  
  373KB
- MD5
  
  097e63402bea084b2cabd589a91a2694
- SHA1
  
  e5e3c37f9ec5ced36c02d8f3b4dd878c5a95dd27
- SHA256
  
  53a7a2dc2c68e8d951408cc7e9c5861a218ebdfa4c8c764944aba18a579103b5
- SHA512
  
  5023b684371378b05cfde51eefc721676f8a029b52d0fa41100a85a57b9cd7d76162db6404d1533d63f64aa2c054292e98f878ed74899b0a10f826bd5d431836
- SSDEEP
  
  6144:0d4gFGIBFF2x2lOa/jCktNNYQ1nHjKZ7EleehDnE8L42nVW5GJZ2tNYLj8MfsYIv:0dRZBFUszxtNNYQ1HjKAeCDnEuVzYKjm
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2