75ad931e142b385add4803f6459888cbacb8bda0309893733444a9dde734c126 | Triage

Sharing

General

Target

896d9cd790caf614c30acf7b5037d5fb_JaffaCakes118
Size

236KB
Sample

240811-hr9epstdkc
MD5

896d9cd790caf614c30acf7b5037d5fb
SHA1

cedbb3fb89f7d59f840877e6d0513b247cafcf1f
SHA256

75ad931e142b385add4803f6459888cbacb8bda0309893733444a9dde734c126
SHA512

f822fabce88068558713c686365b30a74136595818ad4c62976b1863b6a77b88e1dbf90b9db816b6cb982177cd14f46c40f5ac5661f8dee5db5138d04f1ca633
SSDEEP

6144:Q1hnZRWC98gWNlPTGQQm6agrdjmG8RbwUhAW:CBZGNtTirdijTA

Score

8^/10

bootkit discovery evasion persistence

Malware Config

Targets

- Target
  
  896d9cd790caf614c30acf7b5037d5fb_JaffaCakes118
- Size
  
  236KB
- MD5
  
  896d9cd790caf614c30acf7b5037d5fb
- SHA1
  
  cedbb3fb89f7d59f840877e6d0513b247cafcf1f
- SHA256
  
  75ad931e142b385add4803f6459888cbacb8bda0309893733444a9dde734c126
- SHA512
  
  f822fabce88068558713c686365b30a74136595818ad4c62976b1863b6a77b88e1dbf90b9db816b6cb982177cd14f46c40f5ac5661f8dee5db5138d04f1ca633
- SSDEEP
  
  6144:Q1hnZRWC98gWNlPTGQQm6agrdjmG8RbwUhAW:CBZGNtTirdijTA
Score

8^/10

bootkit discovery evasion persistence
- Looks for VMWare Tools registry key
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

discoveryevasion