437179ce702b23c6779d7766134bcfbbd2f98fdad070dfb78a2ba2e16d2c7709 | Triage

Sharing

General

Target

c86a123145a2e7b6f7b60311811e07f2_JaffaCakes118
Size

345KB
Sample

240829-h15swa1fkk
MD5

c86a123145a2e7b6f7b60311811e07f2
SHA1

6693df1c897cc61fe6de67a5a9b2d5eace6a1e3a
SHA256

437179ce702b23c6779d7766134bcfbbd2f98fdad070dfb78a2ba2e16d2c7709
SHA512

1f5f3113167f9ce219331406c11fa42c1a50fb7595ce926a87fe26770bf8fdf80585fa5abc255cf1a22193b4b1ff477d1ab31cc7a7a7ebe8731e5fb0edea2bff
SSDEEP

6144:digtxJmBm9xJjB2d8p6er7+4Zwl/Kl5uInVW5GJZ2tNYLj8Mfstfl9rXAP:dFtxJPztQdIr7hzl5uYVzYKj86smP

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  c86a123145a2e7b6f7b60311811e07f2_JaffaCakes118
- Size
  
  345KB
- MD5
  
  c86a123145a2e7b6f7b60311811e07f2
- SHA1
  
  6693df1c897cc61fe6de67a5a9b2d5eace6a1e3a
- SHA256
  
  437179ce702b23c6779d7766134bcfbbd2f98fdad070dfb78a2ba2e16d2c7709
- SHA512
  
  1f5f3113167f9ce219331406c11fa42c1a50fb7595ce926a87fe26770bf8fdf80585fa5abc255cf1a22193b4b1ff477d1ab31cc7a7a7ebe8731e5fb0edea2bff
- SSDEEP
  
  6144:digtxJmBm9xJjB2d8p6er7+4Zwl/Kl5uInVW5GJZ2tNYLj8Mfstfl9rXAP:dFtxJPztQdIr7hzl5uYVzYKj86smP
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2