810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45 | Triage

Sharing

General

Target

2317f826534fde1723fecdc925185f8e_JaffaCakes118
Size

438KB
Sample

240703-vam7csyemm
MD5

2317f826534fde1723fecdc925185f8e
SHA1

9eb2d5f2005b15db9b357c13ad3b8d14b0bfe400
SHA256

810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45
SHA512

ab3770052ec3328664148aa1c3ddb2ae637b89b7b9f987a158dd4d6190d4d8c2801e5e1d329419400fbed28a63e14e473f9a36d69b09ddca80795708543649af
SSDEEP

6144:cRRJnML+pdyFnKZ9fF/d5RsggXeNHmyLSpoLVDijud98gWNlPTGQQm6agrds:cLpA+pMFnKJ/5rgXMbSgGjukNtTirds

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  2317f826534fde1723fecdc925185f8e_JaffaCakes118
- Size
  
  438KB
- MD5
  
  2317f826534fde1723fecdc925185f8e
- SHA1
  
  9eb2d5f2005b15db9b357c13ad3b8d14b0bfe400
- SHA256
  
  810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45
- SHA512
  
  ab3770052ec3328664148aa1c3ddb2ae637b89b7b9f987a158dd4d6190d4d8c2801e5e1d329419400fbed28a63e14e473f9a36d69b09ddca80795708543649af
- SSDEEP
  
  6144:cRRJnML+pdyFnKZ9fF/d5RsggXeNHmyLSpoLVDijud98gWNlPTGQQm6agrds:cLpA+pMFnKJ/5rgXMbSgGjukNtTirds
Score

7^/10

bootkit persistence
- Deletes itself
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2