60d577305e44ad18f69668a7cc94d1f1e443679f617a0e2a64c2f815dd36a4f5 | Triage

Sharing

General

Target

24041253e112a67f1fe46cb8c3383d00_JaffaCakes118
Size

313KB
Sample

240704-atj9lathqk
MD5

24041253e112a67f1fe46cb8c3383d00
SHA1

4789403e21263ae5177f894e27b90369b46b4b2b
SHA256

60d577305e44ad18f69668a7cc94d1f1e443679f617a0e2a64c2f815dd36a4f5
SHA512

15ee315a51ddfe70fd8e341ba8059192f6d0ea4fe0ddfbe0f22a6f88b10b89d31e4bbe96197a8c93169028d26d16df273882f42ef94a0d653569c21505a71c76
SSDEEP

6144:7VDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOam8y:7hedmUWY2W1K3DnsZCcH

Score

10^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  24041253e112a67f1fe46cb8c3383d00_JaffaCakes118
- Size
  
  313KB
- MD5
  
  24041253e112a67f1fe46cb8c3383d00
- SHA1
  
  4789403e21263ae5177f894e27b90369b46b4b2b
- SHA256
  
  60d577305e44ad18f69668a7cc94d1f1e443679f617a0e2a64c2f815dd36a4f5
- SHA512
  
  15ee315a51ddfe70fd8e341ba8059192f6d0ea4fe0ddfbe0f22a6f88b10b89d31e4bbe96197a8c93169028d26d16df273882f42ef94a0d653569c21505a71c76
- SSDEEP
  
  6144:7VDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOam8y:7hedmUWY2W1K3DnsZCcH
Score

10^/10

bootkit persistence evasion
- Modifies firewall policy service
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2