c6d7e482304fa69f65b2d1174de0c3d78626a2ff281a2c7409f2ed62b24f70e4 | Triage

Sharing

General

Target

4536204a0a5f0a71411de1ea45d513cb_JaffaCakes118
Size

877KB
Sample

240714-la58havbql
MD5

4536204a0a5f0a71411de1ea45d513cb
SHA1

4309492d1a65395cad8eb56426e63d697cc081c0
SHA256

c6d7e482304fa69f65b2d1174de0c3d78626a2ff281a2c7409f2ed62b24f70e4
SHA512

29d90abde3e3dbca38095041843772d475e4fdb8e322007205ea4e6c1fd1af9dcc0a75039bd2e2752f3c97015fe7717f3f11e2f2a31239f8543d671820dac40a
SSDEEP

24576:Z1KZ0TNIQiMg459tRmTKr5XagsToBSFu0VR:TKZUNIXmoWtagsTrFu0z

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  5ikaixin/5ikaixin.exe
- Size
  
  763KB
- MD5
  
  cc58b72828bf422d1c30fce56085cd6c
- SHA1
  
  2d07b55f83766ffbe2d5b7b14dceea5bff8bb2fb
- SHA256
  
  57be2af751989a6b86c745631e5f69c6c93ab37aed1d1604bef0e1aa127c6343
- SHA512
  
  042f7d918244ef141c2c01b4b69fa6803c4967d4ce74967d5ce251f8e0fbb3bf7da4ff16245bd2f4f8a5efed246c8aa66242fc35f0aa36e4eaf33a92c0f10418
- SSDEEP
  
  12288:JJFZqYMOaQ0q9nV/zsnK23KHVI6nodVdyMLiqyVcxwtVxgpMiuzOT643dw2ctw/d:fFZqhOBnVyK23C6OoYMLiVcKtVx4MiuS
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  5ikaixin/卸载.exe
- Size
  
  28KB
- MD5
  
  c40ad837bfcb32485e124c791a2cef02
- SHA1
  
  232f3384649ad15bbefd43d8d6c162001a7652e9
- SHA256
  
  f58183eebd8fb8ccdc2f51b3acc01f48087815306c373ff1015905f596f35b71
- SHA512
  
  4ae8f487374aea5f3e8ba70fd575be0350b481400c17e6d86eeab44307411b371031be4f495cca2a8f7d92e8b3469c90f4e025d4a41c342477c3e6a3c050ed29
- SSDEEP
  
  384:uVP0UMUg7PJQt6LSGEXzzoUpVl8DK04s/yMPVP0:uVP/myuj4zzoOXmGE7VP
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4