6c2775aa2206fe2e1ce727c1a2f80bb210baf90a3c90d2b5a57a4ac4e71f9b52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c95e61824dede83a68cdf6903380217a_JaffaCakes118
Size

68KB
Sample

240829-wzx9asvcnh
MD5

c95e61824dede83a68cdf6903380217a
SHA1

0896c5127a3afb53afa82d11f2c8e3426c13a816
SHA256

6c2775aa2206fe2e1ce727c1a2f80bb210baf90a3c90d2b5a57a4ac4e71f9b52
SHA512

55fefd73cead350cd4224dd3dbc6e2ba8005e153bb9493097176c7f67644763aae2585a8290c4da7be34776fcc30346469cacfcc0058f155bc73636298fabbe9
SSDEEP

1536:y3xxOpvb+4HvOrF1YsTGs9FbtV6LcFhbtOBv/PNMkEnxySzGYwrL:y3xxOZ+oG1YsTd9FbtlFp8/PXExjGb

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  c95e61824dede83a68cdf6903380217a_JaffaCakes118
- Size
  
  68KB
- MD5
  
  c95e61824dede83a68cdf6903380217a
- SHA1
  
  0896c5127a3afb53afa82d11f2c8e3426c13a816
- SHA256
  
  6c2775aa2206fe2e1ce727c1a2f80bb210baf90a3c90d2b5a57a4ac4e71f9b52
- SHA512
  
  55fefd73cead350cd4224dd3dbc6e2ba8005e153bb9493097176c7f67644763aae2585a8290c4da7be34776fcc30346469cacfcc0058f155bc73636298fabbe9
- SSDEEP
  
  1536:y3xxOpvb+4HvOrF1YsTGs9FbtV6LcFhbtOBv/PNMkEnxySzGYwrL:y3xxOZ+oG1YsTd9FbtlFp8/PXExjGb
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2