4edf0b64427d7bdb64a89e3729355696da23771e2873e101407a7a3350f30509 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31185ae710547e873699d739d2d069e2_JaffaCakes118
Size

286KB
Sample

240709-ts6wrathjd
MD5

31185ae710547e873699d739d2d069e2
SHA1

5ef465fb33b17d6d351ba2126651556d59f6067a
SHA256

4edf0b64427d7bdb64a89e3729355696da23771e2873e101407a7a3350f30509
SHA512

e2417725d998aa8ed08aaebc05a3c65d2f1ad679af4ea1d90b51370c3e0a86a8f0d51524fb2ddaaf0d67eee5a2d19812d5bb5ae4a1fef5a431d5cebe3b5e17ca
SSDEEP

6144:zVDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOa:zhedmUWY2W1K3DnsZCc

Score

7^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  31185ae710547e873699d739d2d069e2_JaffaCakes118
- Size
  
  286KB
- MD5
  
  31185ae710547e873699d739d2d069e2
- SHA1
  
  5ef465fb33b17d6d351ba2126651556d59f6067a
- SHA256
  
  4edf0b64427d7bdb64a89e3729355696da23771e2873e101407a7a3350f30509
- SHA512
  
  e2417725d998aa8ed08aaebc05a3c65d2f1ad679af4ea1d90b51370c3e0a86a8f0d51524fb2ddaaf0d67eee5a2d19812d5bb5ae4a1fef5a431d5cebe3b5e17ca
- SSDEEP
  
  6144:zVDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOa:zhedmUWY2W1K3DnsZCc
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2