909be7eaf035cf9ea1e5364c4efc217e030bd237dac4a417efc1ec5a06a1ffbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bea799350fa5f781fbcf4cd8010cf1e_JaffaCakes118
Size

1.3MB
Sample

240719-phcspstgla
MD5

5bea799350fa5f781fbcf4cd8010cf1e
SHA1

629df4dd24ccf58e8d01182de37aef5fca1316f2
SHA256

909be7eaf035cf9ea1e5364c4efc217e030bd237dac4a417efc1ec5a06a1ffbc
SHA512

6446bf8f8c6bfc0acfe845f99bd6567ff7efc26f70477292e1adc2dc383aecd7e3a749d6edb2fba0da6d354607a0e6246897e941d3fe9d6655b6f2909827879e
SSDEEP

12288:L494xOTZzCrBKzirABYP/qwtZH6Y6gVtKtpm01M3oaj+nlLxIaRfbYWMvzGEvP0u:094Ulzm4zGJtZTZVtKa0nFnxjDBmzJ3l

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  5bea799350fa5f781fbcf4cd8010cf1e_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5bea799350fa5f781fbcf4cd8010cf1e
- SHA1
  
  629df4dd24ccf58e8d01182de37aef5fca1316f2
- SHA256
  
  909be7eaf035cf9ea1e5364c4efc217e030bd237dac4a417efc1ec5a06a1ffbc
- SHA512
  
  6446bf8f8c6bfc0acfe845f99bd6567ff7efc26f70477292e1adc2dc383aecd7e3a749d6edb2fba0da6d354607a0e6246897e941d3fe9d6655b6f2909827879e
- SSDEEP
  
  12288:L494xOTZzCrBKzirABYP/qwtZH6Y6gVtKtpm01M3oaj+nlLxIaRfbYWMvzGEvP0u:094Ulzm4zGJtZTZVtKa0nFnxjDBmzJ3l
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence