d3c0f3bea64ed5b4a0cf35bd029d835e0b919e29196a4969172ee9994b090db9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409e1eaca78bb613f6bfd8dd0f2ee1af_JaffaCakes118
Size

225KB
Sample

240713-hlxtqazgnr
MD5

409e1eaca78bb613f6bfd8dd0f2ee1af
SHA1

aefc82839987c31b142d2485b841705dbee65a3d
SHA256

d3c0f3bea64ed5b4a0cf35bd029d835e0b919e29196a4969172ee9994b090db9
SHA512

63350b32904fc7195cd9ba88ad81afcdb9b37d631405b150dfb140eaa90f0e89e19ad7ba55ce7c2739d9b3cbf88eb0b4431e02de629898e6534f8f359c2b0b94
SSDEEP

6144:Kvp8bu0A88x7Jqc5wvP6bQ7yMP+DE827GCz8:KH0L8lJqcS6b7MP+Dd27z8

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  409e1eaca78bb613f6bfd8dd0f2ee1af_JaffaCakes118
- Size
  
  225KB
- MD5
  
  409e1eaca78bb613f6bfd8dd0f2ee1af
- SHA1
  
  aefc82839987c31b142d2485b841705dbee65a3d
- SHA256
  
  d3c0f3bea64ed5b4a0cf35bd029d835e0b919e29196a4969172ee9994b090db9
- SHA512
  
  63350b32904fc7195cd9ba88ad81afcdb9b37d631405b150dfb140eaa90f0e89e19ad7ba55ce7c2739d9b3cbf88eb0b4431e02de629898e6534f8f359c2b0b94
- SSDEEP
  
  6144:Kvp8bu0A88x7Jqc5wvP6bQ7yMP+DE827GCz8:KH0L8lJqcS6b7MP+Dd27z8
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2