72e38e4c361460af9d57be0043bfe27d59ce6fe81448b5522660c1d2c51b45a7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

774aec59d3b68a4ed194bfa5917fa464_JaffaCakes118
Size

444KB
Sample

240727-htryfatapj
MD5

774aec59d3b68a4ed194bfa5917fa464
SHA1

10104eeaeda3f3c522c864dcb3b58998d6435a6b
SHA256

72e38e4c361460af9d57be0043bfe27d59ce6fe81448b5522660c1d2c51b45a7
SHA512

d5107b391d8e555cb8ab300974ac67ebb46ff803171d71f2b121b9f524641f0c9b1c8dfdc1aae0a063ebbd353a48791ce7cdeee49b6748c0f4d3b125221105b0
SSDEEP

12288:7oQQQRnU+Wggmzgj6vyZsMIpW9NlDFNAuBS9j:7oQQQREggkkGyDIw/lFNAuBS9

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  774aec59d3b68a4ed194bfa5917fa464_JaffaCakes118
- Size
  
  444KB
- MD5
  
  774aec59d3b68a4ed194bfa5917fa464
- SHA1
  
  10104eeaeda3f3c522c864dcb3b58998d6435a6b
- SHA256
  
  72e38e4c361460af9d57be0043bfe27d59ce6fe81448b5522660c1d2c51b45a7
- SHA512
  
  d5107b391d8e555cb8ab300974ac67ebb46ff803171d71f2b121b9f524641f0c9b1c8dfdc1aae0a063ebbd353a48791ce7cdeee49b6748c0f4d3b125221105b0
- SSDEEP
  
  12288:7oQQQRnU+Wggmzgj6vyZsMIpW9NlDFNAuBS9j:7oQQQREggkkGyDIw/lFNAuBS9
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence