dabe68fe3c45193ce56fbaa189388acaaca341cb377837a042b9986725b569ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b235c4fde0e9fe6ced2872198831e15e_JaffaCakes118
Size

328KB
Sample

240821-fvnlasvepj
MD5

b235c4fde0e9fe6ced2872198831e15e
SHA1

ab1dc714edd07105d541aab818d3220c9472dea5
SHA256

dabe68fe3c45193ce56fbaa189388acaaca341cb377837a042b9986725b569ca
SHA512

62491d81645fe61234c351aae848575c37aae4112feaced63d4d0f07f11559e776a97de6bc7a8c82d176c0a8449a7fe816b65f7ae6754b3814b4dd2dbee7d552
SSDEEP

6144:Hfa6qJspTk9ZJntR++0V2NNsTy6rcVQDDt2wfv14TyQOI5JgpcvqNplcJML:Hfa6qyTk9DtR++DBVQHtl6T0Iw5pJL

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  b235c4fde0e9fe6ced2872198831e15e_JaffaCakes118
- Size
  
  328KB
- MD5
  
  b235c4fde0e9fe6ced2872198831e15e
- SHA1
  
  ab1dc714edd07105d541aab818d3220c9472dea5
- SHA256
  
  dabe68fe3c45193ce56fbaa189388acaaca341cb377837a042b9986725b569ca
- SHA512
  
  62491d81645fe61234c351aae848575c37aae4112feaced63d4d0f07f11559e776a97de6bc7a8c82d176c0a8449a7fe816b65f7ae6754b3814b4dd2dbee7d552
- SSDEEP
  
  6144:Hfa6qJspTk9ZJntR++0V2NNsTy6rcVQDDt2wfv14TyQOI5JgpcvqNplcJML:Hfa6qyTk9DtR++DBVQHtl6T0Iw5pJL
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2