8f4930187f63b7374142d36faeea1a99159057f7d1e5a0ad6ddee29a71538a5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38917714bf8b1fe5e0c424c915352678_JaffaCakes118
Size

84KB
Sample

240711-lfmncazgmm
MD5

38917714bf8b1fe5e0c424c915352678
SHA1

8702a98dc479767c241a962d9bb69e8c5871ff9b
SHA256

8f4930187f63b7374142d36faeea1a99159057f7d1e5a0ad6ddee29a71538a5b
SHA512

71504fa1a5838b1b80edabf140d334bd66a6d8f693448e9c04aaaf21bfbd477a480a501f03dfe44f2833cd9e65099a3f107776db50fbce9a394c7cd880bc6569
SSDEEP

1536:6R3yO7fvL5zeTpylG+CaYjNIK0hiAqPyZkm:E7b5iTslHY5KiAZkm

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  38917714bf8b1fe5e0c424c915352678_JaffaCakes118
- Size
  
  84KB
- MD5
  
  38917714bf8b1fe5e0c424c915352678
- SHA1
  
  8702a98dc479767c241a962d9bb69e8c5871ff9b
- SHA256
  
  8f4930187f63b7374142d36faeea1a99159057f7d1e5a0ad6ddee29a71538a5b
- SHA512
  
  71504fa1a5838b1b80edabf140d334bd66a6d8f693448e9c04aaaf21bfbd477a480a501f03dfe44f2833cd9e65099a3f107776db50fbce9a394c7cd880bc6569
- SSDEEP
  
  1536:6R3yO7fvL5zeTpylG+CaYjNIK0hiAqPyZkm:E7b5iTslHY5KiAZkm
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2