cf57ea45d358ef7ffbd314ccb915fdeb4ecf7c4e0f2ed4640f479956414e0cdb | Triage

Sharing

General

Target

b1ba1b28e6302847c2867143e9fb609b_JaffaCakes118
Size

208KB
Sample

240821-chsgyayejq
MD5

b1ba1b28e6302847c2867143e9fb609b
SHA1

9256246584488df86f4600398c3a22eaa6199879
SHA256

cf57ea45d358ef7ffbd314ccb915fdeb4ecf7c4e0f2ed4640f479956414e0cdb
SHA512

44b8550e38235a101af17271fc0f6d88091779efcaacf89c47730d95bf66f898a992511d6ee6776890a984e4621435a374874b7826902db0a56d4b3031805aff
SSDEEP

6144:Wimk1XMGkHh7Ygg+egF/QPhC7SM2Z+3NQJ:b8GkHhEdYUh0SMe6QJ

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  b1ba1b28e6302847c2867143e9fb609b_JaffaCakes118
- Size
  
  208KB
- MD5
  
  b1ba1b28e6302847c2867143e9fb609b
- SHA1
  
  9256246584488df86f4600398c3a22eaa6199879
- SHA256
  
  cf57ea45d358ef7ffbd314ccb915fdeb4ecf7c4e0f2ed4640f479956414e0cdb
- SHA512
  
  44b8550e38235a101af17271fc0f6d88091779efcaacf89c47730d95bf66f898a992511d6ee6776890a984e4621435a374874b7826902db0a56d4b3031805aff
- SSDEEP
  
  6144:Wimk1XMGkHh7Ygg+egF/QPhC7SM2Z+3NQJ:b8GkHhEdYUh0SMe6QJ
Score

8^/10

bootkit discovery persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence