1f47d221cfb268ac31c0bd6ea893d205b818987a1529127af4793e3c1f509a92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76189d4dd3784335829038c244982223_JaffaCakes118
Size

188KB
Sample

240726-2zc61szfrk
MD5

76189d4dd3784335829038c244982223
SHA1

7c725db9041ea9c47895ae08dd8b07261a59e1ea
SHA256

1f47d221cfb268ac31c0bd6ea893d205b818987a1529127af4793e3c1f509a92
SHA512

9f79205be869eb28f79fb0a04d6ad1d10456e3222f7e060f6b5e653a820656016c7c1d8f3039d7e2c084219088d5c8730588aaa2808726f3ad1e6a4ea35289d6
SSDEEP

3072:jzD6kygw6yDEMdR8tVZnZspAQuJ/Po2vUM48a4kWDrguBPgEuzdBbCV/b3:u5HqtVLrQKXZ4XH+ES4Euza

Score

6^/10

bootkit defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  76189d4dd3784335829038c244982223_JaffaCakes118
- Size
  
  188KB
- MD5
  
  76189d4dd3784335829038c244982223
- SHA1
  
  7c725db9041ea9c47895ae08dd8b07261a59e1ea
- SHA256
  
  1f47d221cfb268ac31c0bd6ea893d205b818987a1529127af4793e3c1f509a92
- SHA512
  
  9f79205be869eb28f79fb0a04d6ad1d10456e3222f7e060f6b5e653a820656016c7c1d8f3039d7e2c084219088d5c8730588aaa2808726f3ad1e6a4ea35289d6
- SSDEEP
  
  3072:jzD6kygw6yDEMdR8tVZnZspAQuJ/Po2vUM48a4kWDrguBPgEuzdBbCV/b3:u5HqtVLrQKXZ4XH+ES4Euza
Score

6^/10

bootkit defense_evasion persistence discovery
- System Binary Proxy Execution: Verclsid
  Adversaries may abuse Verclsid to proxy execution of malicious code.
  defense_evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

System Binary Proxy Execution

Verclsid

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasionpersistence

behavioral2