addbbad646812b2b6293a445e85dcab9609885a465b82c64fa7cfd11755ffeff | Triage

Sharing

General

Target

7477edb1e17f291e4f06f8265c9b73d3_JaffaCakes118
Size

68KB
Sample

240726-rzg5vstepr
MD5

7477edb1e17f291e4f06f8265c9b73d3
SHA1

0794eafd9c4280d1836abafa9745eaa4d5d73951
SHA256

addbbad646812b2b6293a445e85dcab9609885a465b82c64fa7cfd11755ffeff
SHA512

2859753a593ed5ff604f726c83ae6b0854098e69e47b9ceffc3810ab54098a6f7aadb9dbdee3150567802f8c7622fda823ce3e52e182b90a130d3700432d17b6
SSDEEP

768:sVnGQUsD/b8635p94D+CrUG0sSOp5E9s9NAok5+UkIpsUVToBw8ORgo+tcwxagx4:MGQTNpy+ClFcK9rkU6ToBw8ogEqxTMz

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  7477edb1e17f291e4f06f8265c9b73d3_JaffaCakes118
- Size
  
  68KB
- MD5
  
  7477edb1e17f291e4f06f8265c9b73d3
- SHA1
  
  0794eafd9c4280d1836abafa9745eaa4d5d73951
- SHA256
  
  addbbad646812b2b6293a445e85dcab9609885a465b82c64fa7cfd11755ffeff
- SHA512
  
  2859753a593ed5ff604f726c83ae6b0854098e69e47b9ceffc3810ab54098a6f7aadb9dbdee3150567802f8c7622fda823ce3e52e182b90a130d3700432d17b6
- SSDEEP
  
  768:sVnGQUsD/b8635p94D+CrUG0sSOp5E9s9NAok5+UkIpsUVToBw8ORgo+tcwxagx4:MGQTNpy+ClFcK9rkU6ToBw8ogEqxTMz
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2