a462055d6112016f3a76ade58964c9c47f59dc201df00c03c9291d84c87205ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71991bb3dc9f1a7284e440f43e1e693c_JaffaCakes118
Size

769KB
Sample

240725-2yjbmszhmn
MD5

71991bb3dc9f1a7284e440f43e1e693c
SHA1

d599d6ee64a388448d4eab8c8a5440e86f94a458
SHA256

a462055d6112016f3a76ade58964c9c47f59dc201df00c03c9291d84c87205ae
SHA512

cdda94ca6a88a067eea9576b473ae5f15d949abd3cfa1d0162055cbb376d8145e4ec11e14be0216b1197fd9ed52a35fe5950baf259b12fa0326ef4db94aa5c1f
SSDEEP

12288:m04rOR+KoJVN0y2h4mRM3Q3TzklyopkHK8ozAoUKwFtudjUPmJaw6oHmasjSk/L3:m0qORV2uamvXk8q8o70UMmpLHmas7

Score

7^/10

bootkit discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  71991bb3dc9f1a7284e440f43e1e693c_JaffaCakes118
- Size
  
  769KB
- MD5
  
  71991bb3dc9f1a7284e440f43e1e693c
- SHA1
  
  d599d6ee64a388448d4eab8c8a5440e86f94a458
- SHA256
  
  a462055d6112016f3a76ade58964c9c47f59dc201df00c03c9291d84c87205ae
- SHA512
  
  cdda94ca6a88a067eea9576b473ae5f15d949abd3cfa1d0162055cbb376d8145e4ec11e14be0216b1197fd9ed52a35fe5950baf259b12fa0326ef4db94aa5c1f
- SSDEEP
  
  12288:m04rOR+KoJVN0y2h4mRM3Q3TzklyopkHK8ozAoUKwFtudjUPmJaw6oHmasjSk/L3:m0qORV2uamvXk8q8o70UMmpLHmas7
Score

7^/10

bootkit evasion persistence trojan discovery
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

discoveryevasiontrojan