9f544620c43579ae1349ade88c4728db4924d02a39d325bc7b07441a43becc8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2c69c47677b3bdc38c688534784f61c_JaffaCakes118
Size

573KB
Sample

240817-q3s6vsydmc
MD5

a2c69c47677b3bdc38c688534784f61c
SHA1

4ac2a8de3bc5381069736518d606e4e68ab0e046
SHA256

9f544620c43579ae1349ade88c4728db4924d02a39d325bc7b07441a43becc8c
SHA512

ec61ace38a954ab69b609634b399b65a2eaabc4d9a19500326abc22456f02bca8b611687ff8a77f88e7bb7243c523b7f7b8dfa69d29f1ac56e0981d580db34d5
SSDEEP

12288:N+3biHS4ABpOJT+r1uOFIy59P8LeiRFMwtq4VzYKj86sLrt9:ebi0pOYsyLq5pYOcrt9

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  a2c69c47677b3bdc38c688534784f61c_JaffaCakes118
- Size
  
  573KB
- MD5
  
  a2c69c47677b3bdc38c688534784f61c
- SHA1
  
  4ac2a8de3bc5381069736518d606e4e68ab0e046
- SHA256
  
  9f544620c43579ae1349ade88c4728db4924d02a39d325bc7b07441a43becc8c
- SHA512
  
  ec61ace38a954ab69b609634b399b65a2eaabc4d9a19500326abc22456f02bca8b611687ff8a77f88e7bb7243c523b7f7b8dfa69d29f1ac56e0981d580db34d5
- SSDEEP
  
  12288:N+3biHS4ABpOJT+r1uOFIy59P8LeiRFMwtq4VzYKj86sLrt9:ebi0pOYsyLq5pYOcrt9
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2