1539f947bb57e782a19cf8ad956108002cea71808861904eb6343c09f3a8e646 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

775911a6d4cae08d71eebfbdc072b54d_JaffaCakes118
Size

60KB
Sample

240727-h5wqrstfqk
MD5

775911a6d4cae08d71eebfbdc072b54d
SHA1

c24c6b571b0d5599e1ca670cbefe50b2f8cdbf1c
SHA256

1539f947bb57e782a19cf8ad956108002cea71808861904eb6343c09f3a8e646
SHA512

de44925d55442f3c058b8e0ba23ba85c284f751f94decfeb7a1ee39e4d4fc09cefc89b3a2f8e64c2a237750c40375cb40acf0ace0120abf7ddddf72b50c4738b
SSDEEP

768:lJTTXoi+4liEUkzw1/dBHrUAYz8vXzzQwmkhoXv7kCqRfe8c:lB8EUiGlUHagYoXiW8

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  775911a6d4cae08d71eebfbdc072b54d_JaffaCakes118
- Size
  
  60KB
- MD5
  
  775911a6d4cae08d71eebfbdc072b54d
- SHA1
  
  c24c6b571b0d5599e1ca670cbefe50b2f8cdbf1c
- SHA256
  
  1539f947bb57e782a19cf8ad956108002cea71808861904eb6343c09f3a8e646
- SHA512
  
  de44925d55442f3c058b8e0ba23ba85c284f751f94decfeb7a1ee39e4d4fc09cefc89b3a2f8e64c2a237750c40375cb40acf0ace0120abf7ddddf72b50c4738b
- SSDEEP
  
  768:lJTTXoi+4liEUkzw1/dBHrUAYz8vXzzQwmkhoXv7kCqRfe8c:lB8EUiGlUHagYoXiW8
Score

8^/10

bootkit discovery persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence