327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9 | Triage

Sharing

General

Target

2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118
Size

774KB
Sample

240709-lvlplazfph
MD5

2fe58dd25783b4e054be8ad1697e2223
SHA1

633ddb68881701ad3c56ea9d214bdae3285dd3c1
SHA256

327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9
SHA512

9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f
SSDEEP

24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP

Score

7^/10

bootkit evasion persistence

Malware Config

Targets

- Target
  
  2fe58dd25783b4e054be8ad1697e2223_JaffaCakes118
- Size
  
  774KB
- MD5
  
  2fe58dd25783b4e054be8ad1697e2223
- SHA1
  
  633ddb68881701ad3c56ea9d214bdae3285dd3c1
- SHA256
  
  327dd0e8aba6eaeabf6892329ed66a751a4ca2c8c0a3e371347c2e9f336b97d9
- SHA512
  
  9693003867f102087ec808c397264b8a726cf5cf38578848f7f6a3c3deb14796aa428541aeff9118c1d2251f73026805820198155a228938e3be72141349551f
- SSDEEP
  
  24576:/qds2kT4wnpGFoM/dYIAlakpkSVlTEdP:/p6sgYIqlTTEdP
Score

7^/10

bootkit evasion persistence
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2