32ad245e6aa653dea1218f7aab97c29e341fb05b8ef87f3f9d2ef905ffc50e49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35682e97f016fc035d9cd9df39674d66_JaffaCakes118
Size

57KB
Sample

240710-teh8jayfqc
MD5

35682e97f016fc035d9cd9df39674d66
SHA1

e34ff3bb6c6649832a983157c752301fe4dfe6ec
SHA256

32ad245e6aa653dea1218f7aab97c29e341fb05b8ef87f3f9d2ef905ffc50e49
SHA512

8d3b7a6afb174785a3495559c951826ff8ae6f235ff4a7f24bcd4b8e2fe9f79d51dbaead8ebc0830b550826de54d8965af5d3d7f3b9a75a2b7d9cddc56d29946
SSDEEP

768:Wl6EKoT6U80wHuSWhGVE0JRqKuF3XvH3lS9lYj3gy2ln8D4P9Czg4uQQRg4y:Wl6KSHfWEEykKa3tRClo4PNHQQRg4y

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  35682e97f016fc035d9cd9df39674d66_JaffaCakes118
- Size
  
  57KB
- MD5
  
  35682e97f016fc035d9cd9df39674d66
- SHA1
  
  e34ff3bb6c6649832a983157c752301fe4dfe6ec
- SHA256
  
  32ad245e6aa653dea1218f7aab97c29e341fb05b8ef87f3f9d2ef905ffc50e49
- SHA512
  
  8d3b7a6afb174785a3495559c951826ff8ae6f235ff4a7f24bcd4b8e2fe9f79d51dbaead8ebc0830b550826de54d8965af5d3d7f3b9a75a2b7d9cddc56d29946
- SSDEEP
  
  768:Wl6EKoT6U80wHuSWhGVE0JRqKuF3XvH3lS9lYj3gy2ln8D4P9Czg4uQQRg4y:Wl6KSHfWEEykKa3tRClo4PNHQQRg4y
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2