cc193206232adf835544c948ce0a4385f7bf575d9b9952ebeb1f91d1be6032ad | Triage

Sharing

General

Target

65d5d19393fb5059140f544cdc069acb_JaffaCakes118
Size

199KB
Sample

240723-c8jygstaqg
MD5

65d5d19393fb5059140f544cdc069acb
SHA1

5e61fb9e0b21fd0975bc18ad6cd96718e05e23d1
SHA256

cc193206232adf835544c948ce0a4385f7bf575d9b9952ebeb1f91d1be6032ad
SHA512

6cc69e9ed1767ba8ffb72d7fa593f63b6485e224f425fa01bdf5225ff78eceda1916b927ef7db699f5fb82abc497458ea769686d6e0e9098d2b5e2419a07caa1
SSDEEP

3072:nG7+lAApeQN5/ioqPTYalF0agXgDKNj9C0c17WIx4SLzNmTUbparjPQHOv:nG7tfQN5/inEaMadDKNa1aIvvozQHOv

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  65d5d19393fb5059140f544cdc069acb_JaffaCakes118
- Size
  
  199KB
- MD5
  
  65d5d19393fb5059140f544cdc069acb
- SHA1
  
  5e61fb9e0b21fd0975bc18ad6cd96718e05e23d1
- SHA256
  
  cc193206232adf835544c948ce0a4385f7bf575d9b9952ebeb1f91d1be6032ad
- SHA512
  
  6cc69e9ed1767ba8ffb72d7fa593f63b6485e224f425fa01bdf5225ff78eceda1916b927ef7db699f5fb82abc497458ea769686d6e0e9098d2b5e2419a07caa1
- SSDEEP
  
  3072:nG7+lAApeQN5/ioqPTYalF0agXgDKNj9C0c17WIx4SLzNmTUbparjPQHOv:nG7tfQN5/inEaMadDKNa1aIvvozQHOv
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2