189488f8ae7d093ef29133f7ee9c2575a3500e986b635fef1431bbdce95a7d0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f5cce77fb8bbc7d0cfa53c5e13d89cc_JaffaCakes118
Size

206KB
Sample

240712-3vedyswekm
MD5

3f5cce77fb8bbc7d0cfa53c5e13d89cc
SHA1

36bdad2686310f037d811faa936e524373128148
SHA256

189488f8ae7d093ef29133f7ee9c2575a3500e986b635fef1431bbdce95a7d0d
SHA512

d745bbdfd1dd6a7122e8b5f6ca864c2b0697197ea0ec23dc5ee2e551ce4c29606cfd4bdbf9070f76e239f1efd1100892c8480c8c54c86417fb75b7af8c20bbef
SSDEEP

6144:oHoax7tqBnTXxJwvP6bQ7yMP+DE827GBe:oIbBns6b7MP+Dd2i4

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  3f5cce77fb8bbc7d0cfa53c5e13d89cc_JaffaCakes118
- Size
  
  206KB
- MD5
  
  3f5cce77fb8bbc7d0cfa53c5e13d89cc
- SHA1
  
  36bdad2686310f037d811faa936e524373128148
- SHA256
  
  189488f8ae7d093ef29133f7ee9c2575a3500e986b635fef1431bbdce95a7d0d
- SHA512
  
  d745bbdfd1dd6a7122e8b5f6ca864c2b0697197ea0ec23dc5ee2e551ce4c29606cfd4bdbf9070f76e239f1efd1100892c8480c8c54c86417fb75b7af8c20bbef
- SSDEEP
  
  6144:oHoax7tqBnTXxJwvP6bQ7yMP+DE827GBe:oIbBns6b7MP+Dd2i4
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2