19ada27a167c969f0a16f8000b2428a7d6dc997ea822ffe393becdfb48514b6b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

210549ea4039c46bb881755f6b3a8332_JaffaCakes118
Size

429KB
Sample

240703-enakes1anj
MD5

210549ea4039c46bb881755f6b3a8332
SHA1

a36622b9407c206f4ae24b2c850269e793a6a655
SHA256

19ada27a167c969f0a16f8000b2428a7d6dc997ea822ffe393becdfb48514b6b
SHA512

7908a5d083934872e92e11c8595a64318a7f243ca1a704f9c1b56b3ff38bcdf4f1b6e1516ee1da656ac9a220f54f77277da2930a5a7fed85d4a72d8cc77b98f3
SSDEEP

6144:LPnQWkBXeh5rncXuYn/TMsWyuN4+euudt/YwN1+OSkMTeoYQn3Pxn1cx8Yt6UIIr:LnoX9eY/UyuNUtQw7+OSkMlT/zcx8PUZ

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  210549ea4039c46bb881755f6b3a8332_JaffaCakes118
- Size
  
  429KB
- MD5
  
  210549ea4039c46bb881755f6b3a8332
- SHA1
  
  a36622b9407c206f4ae24b2c850269e793a6a655
- SHA256
  
  19ada27a167c969f0a16f8000b2428a7d6dc997ea822ffe393becdfb48514b6b
- SHA512
  
  7908a5d083934872e92e11c8595a64318a7f243ca1a704f9c1b56b3ff38bcdf4f1b6e1516ee1da656ac9a220f54f77277da2930a5a7fed85d4a72d8cc77b98f3
- SSDEEP
  
  6144:LPnQWkBXeh5rncXuYn/TMsWyuN4+euudt/YwN1+OSkMTeoYQn3Pxn1cx8Yt6UIIr:LnoX9eY/UyuNUtQw7+OSkMlT/zcx8PUZ
Score

7^/10

bootkit persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence