4c03d3ca2c1c123ed6cf97e0172c94093cd9febf46ecabe8c55c3e9450b24225 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bff23b6cddc0e047cb8b09bcf73ddfe0_JaffaCakes118
Size

124KB
Sample

240825-e3j3eavbnc
MD5

bff23b6cddc0e047cb8b09bcf73ddfe0
SHA1

ef3d4a8c5e52ced23fa5b1bcc3715362d15144d4
SHA256

4c03d3ca2c1c123ed6cf97e0172c94093cd9febf46ecabe8c55c3e9450b24225
SHA512

8a6a116355ab5871322db90e623284d1c0fb84611d1c38619cc208bef56f34a4805dfaef395208b3ed8b6cf92be1e8d304b5e84ea74e6acb3f62045bfff40053
SSDEEP

3072:L2aaHcNLJVqQKsEa/MH07o0vnCbjyw0V5eClEbi5:NzLJ8HalaSp5e8

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  bff23b6cddc0e047cb8b09bcf73ddfe0_JaffaCakes118
- Size
  
  124KB
- MD5
  
  bff23b6cddc0e047cb8b09bcf73ddfe0
- SHA1
  
  ef3d4a8c5e52ced23fa5b1bcc3715362d15144d4
- SHA256
  
  4c03d3ca2c1c123ed6cf97e0172c94093cd9febf46ecabe8c55c3e9450b24225
- SHA512
  
  8a6a116355ab5871322db90e623284d1c0fb84611d1c38619cc208bef56f34a4805dfaef395208b3ed8b6cf92be1e8d304b5e84ea74e6acb3f62045bfff40053
- SSDEEP
  
  3072:L2aaHcNLJVqQKsEa/MH07o0vnCbjyw0V5eClEbi5:NzLJ8HalaSp5e8
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2