13174a50a32ecc5f4a52281b1ffde7cb590c64f34c84534fa702d0bd649af45c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b38dc3f12cf5206a429f50c2b2eb07d_JaffaCakes118
Size

451KB
Sample

240715-yy9l2sxcml
MD5

4b38dc3f12cf5206a429f50c2b2eb07d
SHA1

09731a4792b21191fb0f4edabe4305785205dcf2
SHA256

13174a50a32ecc5f4a52281b1ffde7cb590c64f34c84534fa702d0bd649af45c
SHA512

48d000bd6400f00f2cd5b3efc15d8f85b52129fbb8493fcb5a338185412404e190131f1cc32f9e0ee85768c1a50221fdf80a4a2d7f3afdb1611c6a4e66550b78
SSDEEP

6144:a6f/84pSDFmVds7dR9kmYiuH6lhfQZ42jvvpxC8VJnGn7mgiqDKNuSM:3/7SD+dshRemDSZ5vvtVknfXeNq

Score

7^/10

bootkit persistence upx

Malware Config

Targets

- Target
  
  4b38dc3f12cf5206a429f50c2b2eb07d_JaffaCakes118
- Size
  
  451KB
- MD5
  
  4b38dc3f12cf5206a429f50c2b2eb07d
- SHA1
  
  09731a4792b21191fb0f4edabe4305785205dcf2
- SHA256
  
  13174a50a32ecc5f4a52281b1ffde7cb590c64f34c84534fa702d0bd649af45c
- SHA512
  
  48d000bd6400f00f2cd5b3efc15d8f85b52129fbb8493fcb5a338185412404e190131f1cc32f9e0ee85768c1a50221fdf80a4a2d7f3afdb1611c6a4e66550b78
- SSDEEP
  
  6144:a6f/84pSDFmVds7dR9kmYiuH6lhfQZ42jvvpxC8VJnGn7mgiqDKNuSM:3/7SD+dshRemDSZ5vvtVknfXeNq
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx