7a5f97a5551a53e8fc056c0ad5738b2fd345bfda21b1cc081ac3eb7819da3da4 | Triage

Sharing

General

Target

412a0ca8a2fe01aa10bb92c834e12bf1_JaffaCakes118
Size

3.8MB
Sample

240713-lrvs4awcjr
MD5

412a0ca8a2fe01aa10bb92c834e12bf1
SHA1

7f3817ca318eb098d5809cdebb2a59b48f656194
SHA256

7a5f97a5551a53e8fc056c0ad5738b2fd345bfda21b1cc081ac3eb7819da3da4
SHA512

823d1eec00bd73e368b960651bbe45993fc769256879737574d578630289e1d64fb61045894e3d8607496c30c94d1e72af9f7918a287ac65fbb835ed632f5ef0
SSDEEP

98304:lyKazJNbr8Xd0dseRpXEFVSQ8ZHHSFDdSQgvztiJ1RHXV+sJ4gg:wzJNbr8Xd+seDgVhCnSFDdSQUhil38qK

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Gamestart.exe
- Size
  
  1.6MB
- MD5
  
  636403c0bab70c5e196d8ac598fb6d2f
- SHA1
  
  1d4df6876fdc5d2b53d4a0f1cc50aca4a87bf28a
- SHA256
  
  3f1110e1f78ff2f1a983ad893d3c7838da8048485d3af97e7d068433d0705359
- SHA512
  
  b8f3b3d4f3b7d7f1c0675c9dc48790ef8005ffd9e7819b363651585f3fa4b12f4eadd4c616e8ff0f2b667d691cdf68baaced1e60e7589c4ab587b12083dfb8a6
- SSDEEP
  
  24576:XgK5mTqk8oIWwHZSlioOKKhuwx0gPTvufUbZ1YOtLlqfUY/48jRT+JLlkESmiyCc:wzc1Lpuwx0mZGMEUY/48jRTqL2ESnW
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence