a86da44862db5dcebd74768d468fab7346133e6ccc4d95d2759e2c500248a1c3 | Triage

Sharing

General

Target

c7de53d6a551375bacbc9f69fb942ca3_JaffaCakes118
Size

252KB
Sample

240828-3vv2pssgqa
MD5

c7de53d6a551375bacbc9f69fb942ca3
SHA1

e67c76ad4d74550bf2d415d5fd24c53e3962bb97
SHA256

a86da44862db5dcebd74768d468fab7346133e6ccc4d95d2759e2c500248a1c3
SHA512

d85d6210128f16b09a0f49f399dc17d9ac16e4427db69fad210614041071d9cc267bddc0cbf945832027e5b91da2334be9dbef5bd356e66d1da60de1ed0ff49d
SSDEEP

3072:eJd8qle2tsu5oehGHA/pqQLxgdBlApXu7Tq/pY+SFuK0Rg:eJd8qAyoehfLmdcpeeHc3

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  c7de53d6a551375bacbc9f69fb942ca3_JaffaCakes118
- Size
  
  252KB
- MD5
  
  c7de53d6a551375bacbc9f69fb942ca3
- SHA1
  
  e67c76ad4d74550bf2d415d5fd24c53e3962bb97
- SHA256
  
  a86da44862db5dcebd74768d468fab7346133e6ccc4d95d2759e2c500248a1c3
- SHA512
  
  d85d6210128f16b09a0f49f399dc17d9ac16e4427db69fad210614041071d9cc267bddc0cbf945832027e5b91da2334be9dbef5bd356e66d1da60de1ed0ff49d
- SSDEEP
  
  3072:eJd8qle2tsu5oehGHA/pqQLxgdBlApXu7Tq/pY+SFuK0Rg:eJd8qAyoehfLmdcpeeHc3
Score

6^/10

bootkit discovery persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence