d897b4a0542f45302a7d731a79297f4cdc1af581a95656ddf796db32de17e11e | Triage

Sharing

General

Target

b3374be854f03297523727b7a7396b30_JaffaCakes118
Size

348KB
Sample

240821-m6gepavdjg
MD5

b3374be854f03297523727b7a7396b30
SHA1

4312ac92056856520d022b333da5bc29b3e82ebb
SHA256

d897b4a0542f45302a7d731a79297f4cdc1af581a95656ddf796db32de17e11e
SHA512

be7e0c602bbf318705493c62ffa244c2687f1a04b7ddceb9f8b1b4b2f3bdc1ef9426c72361a786fe2802c75d380cbf3d6a4a9a2a55b110f476fa647b3a402556
SSDEEP

6144:ocN+oSW1raujBY+pSAojOfgVqlEE1kOxq8JBC2AcBQPk:tco9VBpSAojOf8iVJBBAcB

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  b3374be854f03297523727b7a7396b30_JaffaCakes118
- Size
  
  348KB
- MD5
  
  b3374be854f03297523727b7a7396b30
- SHA1
  
  4312ac92056856520d022b333da5bc29b3e82ebb
- SHA256
  
  d897b4a0542f45302a7d731a79297f4cdc1af581a95656ddf796db32de17e11e
- SHA512
  
  be7e0c602bbf318705493c62ffa244c2687f1a04b7ddceb9f8b1b4b2f3bdc1ef9426c72361a786fe2802c75d380cbf3d6a4a9a2a55b110f476fa647b3a402556
- SSDEEP
  
  6144:ocN+oSW1raujBY+pSAojOfgVqlEE1kOxq8JBC2AcBQPk:tco9VBpSAojOf8iVJBBAcB
Score

7^/10

bootkit discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2