f0663131f9056fa93e0aaa8c118135fa80993ef88ef6df7149ead74e65008084 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

21e3b4588d...18.exe

windows7-x64

7

21e3b4588d...18.exe

windows10-2004-x64

7

Sharing

General

Target

21e3b4588d96defeee61f6fbb93a9c25_JaffaCakes118
Size

236KB
Sample

240703-lmp22swgpf
MD5

21e3b4588d96defeee61f6fbb93a9c25
SHA1

c9408388f3402c383054d7a9814a6dab29527cc0
SHA256

f0663131f9056fa93e0aaa8c118135fa80993ef88ef6df7149ead74e65008084
SHA512

3edb0666e31fb95c0e6a5e6d624ec575d1af15ebb46ecb6456cbb1649f3b5542b4f8784b23f8a7d94dbf35855a481196acff917c2a2c677b3291aec65ac9fdd4
SSDEEP

6144:T03XFuM4nLSgTh2IcymPCHWIlm1Fa1asHPncBJ0Gy5JlVnAISK:Tc1udnLSg03ymK2Ilm1F4a4kT0fJlVnD

Score

7^/10

bootkit persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

21e3b4588d96defeee61f6fbb93a9c25_JaffaCakes118.exe

Resource

win7-20240508-en

bootkit persistence upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

21e3b4588d96defeee61f6fbb93a9c25_JaffaCakes118.exe

Resource

win10v2004-20240611-en

bootkit persistence upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  21e3b4588d96defeee61f6fbb93a9c25_JaffaCakes118
- Size
  
  236KB
- MD5
  
  21e3b4588d96defeee61f6fbb93a9c25
- SHA1
  
  c9408388f3402c383054d7a9814a6dab29527cc0
- SHA256
  
  f0663131f9056fa93e0aaa8c118135fa80993ef88ef6df7149ead74e65008084
- SHA512
  
  3edb0666e31fb95c0e6a5e6d624ec575d1af15ebb46ecb6456cbb1649f3b5542b4f8784b23f8a7d94dbf35855a481196acff917c2a2c677b3291aec65ac9fdd4
- SSDEEP
  
  6144:T03XFuM4nLSgTh2IcymPCHWIlm1Fa1asHPncBJ0Gy5JlVnAISK:Tc1udnLSg03ymK2Ilm1F4a4kT0fJlVnD
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

© 2018-2025

Terms | Privacy