e235771794f17da6f3db152b6dc0f427dd225ddf1259ff8058219e5f3cdad1b0 | Triage

Sharing

General

Target

bfc6b3ce89d91b563f32622f038721ee_JaffaCakes118
Size

124KB
Sample

240825-a1yessyend
MD5

bfc6b3ce89d91b563f32622f038721ee
SHA1

657befc83b9a0ef3b4819bd4825a160d040cb4f3
SHA256

e235771794f17da6f3db152b6dc0f427dd225ddf1259ff8058219e5f3cdad1b0
SHA512

160c37deb1a7da5bc616d1effc651dd3bfe54e1adacbe9ca2f59f961b4e63c8479d0967d9b47bf2c5ea7ea94dda1f6bb8da3d2dbb2fe20fe36ddedca0c46401e
SSDEEP

3072:/g5J72aj+vJASkktNOoXK033WOcqK54uVdgRIU8d:/SqJASBtgoa03lcF5e8

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  bfc6b3ce89d91b563f32622f038721ee_JaffaCakes118
- Size
  
  124KB
- MD5
  
  bfc6b3ce89d91b563f32622f038721ee
- SHA1
  
  657befc83b9a0ef3b4819bd4825a160d040cb4f3
- SHA256
  
  e235771794f17da6f3db152b6dc0f427dd225ddf1259ff8058219e5f3cdad1b0
- SHA512
  
  160c37deb1a7da5bc616d1effc651dd3bfe54e1adacbe9ca2f59f961b4e63c8479d0967d9b47bf2c5ea7ea94dda1f6bb8da3d2dbb2fe20fe36ddedca0c46401e
- SSDEEP
  
  3072:/g5J72aj+vJASkktNOoXK033WOcqK54uVdgRIU8d:/SqJASBtgoa03lcF5e8
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2