e709e6d40a47e56750f4c43e119021e9807d82e2b46b9a2fb925c945bd7d8a31 | Triage

Sharing

General

Target

61a013f39ea79a22c5fd0bc4c778d36e_JaffaCakes118
Size

225KB
Sample

240721-19cgssxeqe
MD5

61a013f39ea79a22c5fd0bc4c778d36e
SHA1

a4d9bd1d371d591e3108b13e530ed18efa539c3c
SHA256

e709e6d40a47e56750f4c43e119021e9807d82e2b46b9a2fb925c945bd7d8a31
SHA512

03e645fcb3b29aeb939631add17c23149397c049127dc81d2617e12c6d9b4dfe48a26798f94e3192303d9f23916030844945afb5bb1b761f596fba0e572cb1f6
SSDEEP

6144:rr1T53sflPSZWnVW5GJZ2tNYLj8MfstHhjqHT0YLo54j/P:rrralcOVzYKj86stBioY3jH

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  61a013f39ea79a22c5fd0bc4c778d36e_JaffaCakes118
- Size
  
  225KB
- MD5
  
  61a013f39ea79a22c5fd0bc4c778d36e
- SHA1
  
  a4d9bd1d371d591e3108b13e530ed18efa539c3c
- SHA256
  
  e709e6d40a47e56750f4c43e119021e9807d82e2b46b9a2fb925c945bd7d8a31
- SHA512
  
  03e645fcb3b29aeb939631add17c23149397c049127dc81d2617e12c6d9b4dfe48a26798f94e3192303d9f23916030844945afb5bb1b761f596fba0e572cb1f6
- SSDEEP
  
  6144:rr1T53sflPSZWnVW5GJZ2tNYLj8MfstHhjqHT0YLo54j/P:rrralcOVzYKj86stBioY3jH
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2