9e290bfb66e017c1840ca7de9576d61b175f98e4f22f17e3e6dd91a763537489 | Triage

Sharing

General

Target

a1c2adef54f1b9d27a646bc90937fedd_JaffaCakes118
Size

120KB
Sample

240817-jwdz2avgnb
MD5

a1c2adef54f1b9d27a646bc90937fedd
SHA1

db85499052cf4483974a89b4f563e67a7cb918de
SHA256

9e290bfb66e017c1840ca7de9576d61b175f98e4f22f17e3e6dd91a763537489
SHA512

d73d8436fd05035db2c31e582376fbdfadec4d89f6f45969d7462c758bb66c2f1af50144b7c9c1a7e0454de93b1e7f351d499000f652b66380a09d142d1cc791
SSDEEP

3072:19IVCET5LjX2uzxMsU8POnPoL+QTeCx224Tem3:1uIEVTxe3nMrTeq224ym3

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  a1c2adef54f1b9d27a646bc90937fedd_JaffaCakes118
- Size
  
  120KB
- MD5
  
  a1c2adef54f1b9d27a646bc90937fedd
- SHA1
  
  db85499052cf4483974a89b4f563e67a7cb918de
- SHA256
  
  9e290bfb66e017c1840ca7de9576d61b175f98e4f22f17e3e6dd91a763537489
- SHA512
  
  d73d8436fd05035db2c31e582376fbdfadec4d89f6f45969d7462c758bb66c2f1af50144b7c9c1a7e0454de93b1e7f351d499000f652b66380a09d142d1cc791
- SSDEEP
  
  3072:19IVCET5LjX2uzxMsU8POnPoL+QTeCx224Tem3:1uIEVTxe3nMrTeq224ym3
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2