faf0ceda13dac84f214a74100974a88d95a78fa88b91d7bb170debe78a7226c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6964cb273c5d919c1ab5ddc3e3177f3e_JaffaCakes118
Size

326KB
Sample

240723-3gq6lavdnm
MD5

6964cb273c5d919c1ab5ddc3e3177f3e
SHA1

f42e283b258b2f701789e4685a614ad20c9b8100
SHA256

faf0ceda13dac84f214a74100974a88d95a78fa88b91d7bb170debe78a7226c0
SHA512

2a809deaceb069a60be8bc9e647871d73e154e3bc0d1f0f3dbac73297e56f7d5ec0f3644a12e43ecd8e0c130260237f635fea112e16e998f1d1cc162c364489b
SSDEEP

6144:VexJ8SpR7oxP3toXWAp9+cggZvXWSuLhamZHnVW5GJZ2tNYLj8MfsOF5COkp:VeDXP7oxFYp9+cgK+S5gVzYKj86szB

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  6964cb273c5d919c1ab5ddc3e3177f3e_JaffaCakes118
- Size
  
  326KB
- MD5
  
  6964cb273c5d919c1ab5ddc3e3177f3e
- SHA1
  
  f42e283b258b2f701789e4685a614ad20c9b8100
- SHA256
  
  faf0ceda13dac84f214a74100974a88d95a78fa88b91d7bb170debe78a7226c0
- SHA512
  
  2a809deaceb069a60be8bc9e647871d73e154e3bc0d1f0f3dbac73297e56f7d5ec0f3644a12e43ecd8e0c130260237f635fea112e16e998f1d1cc162c364489b
- SSDEEP
  
  6144:VexJ8SpR7oxP3toXWAp9+cggZvXWSuLhamZHnVW5GJZ2tNYLj8MfsOF5COkp:VeDXP7oxFYp9+cgK+S5gVzYKj86szB
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2