aada20fc793409485bfd42d0b2f302c415d81f78ca7643be537a66a8549bfbf2 | Triage

Sharing

General

Target

8e0686d8e00d106edcaeb3df171f5d90_JaffaCakes118
Size

144KB
Sample

240812-kdcvpashnq
MD5

8e0686d8e00d106edcaeb3df171f5d90
SHA1

1a1b0a5e558dc13061ccdea41bdf5c4d8d19f4d4
SHA256

aada20fc793409485bfd42d0b2f302c415d81f78ca7643be537a66a8549bfbf2
SHA512

759002e0348d5b135f3a138f207ecd06ff0c26ac569894e8afd17e68140c9f89c61ea0523be5c611ae31124a66dab877ef025bd2240c5e1009a014feede7df8f
SSDEEP

3072:kbilLKQnvXvplO5QNGtFjWJzyOELgrm+4/OQH:fhhl0Q4r+yOEjgK

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  8e0686d8e00d106edcaeb3df171f5d90_JaffaCakes118
- Size
  
  144KB
- MD5
  
  8e0686d8e00d106edcaeb3df171f5d90
- SHA1
  
  1a1b0a5e558dc13061ccdea41bdf5c4d8d19f4d4
- SHA256
  
  aada20fc793409485bfd42d0b2f302c415d81f78ca7643be537a66a8549bfbf2
- SHA512
  
  759002e0348d5b135f3a138f207ecd06ff0c26ac569894e8afd17e68140c9f89c61ea0523be5c611ae31124a66dab877ef025bd2240c5e1009a014feede7df8f
- SSDEEP
  
  3072:kbilLKQnvXvplO5QNGtFjWJzyOELgrm+4/OQH:fhhl0Q4r+yOEjgK
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence