c3042afa2b8e4d109df7f9552737c79d349ec4d47e11276ca0db6ce77d997a10 | Triage

Sharing

General

Target

d184629d0db7b62282889bff61f77ebb_JaffaCakes118
Size

21KB
Sample

240907-khwhlavdkl
MD5

d184629d0db7b62282889bff61f77ebb
SHA1

261dc53d716d28317751b0e589e9aef491186b26
SHA256

c3042afa2b8e4d109df7f9552737c79d349ec4d47e11276ca0db6ce77d997a10
SHA512

78eee510cf20b03b5bd457db64f3ee89f648b7f97917f5b073a171a4bd92ef778ef9800ac9fd5374dbf2bb2bb370000efcd984f43dd881f44629818e99c36bc7
SSDEEP

384:01wDae1gfqF3QW1dgWnmZ8xb8RHXw8nA0r04D1d97oCCyO:7eIgfq+W1dRmZ8xQnJgw97oCCy

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  d184629d0db7b62282889bff61f77ebb_JaffaCakes118
- Size
  
  21KB
- MD5
  
  d184629d0db7b62282889bff61f77ebb
- SHA1
  
  261dc53d716d28317751b0e589e9aef491186b26
- SHA256
  
  c3042afa2b8e4d109df7f9552737c79d349ec4d47e11276ca0db6ce77d997a10
- SHA512
  
  78eee510cf20b03b5bd457db64f3ee89f648b7f97917f5b073a171a4bd92ef778ef9800ac9fd5374dbf2bb2bb370000efcd984f43dd881f44629818e99c36bc7
- SSDEEP
  
  384:01wDae1gfqF3QW1dgWnmZ8xb8RHXw8nA0r04D1d97oCCyO:7eIgfq+W1dRmZ8xQnJgw97oCCy
Score

8^/10

bootkit defense_evasion discovery persistence
- Blocklisted process makes network request
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdefense_evasiondiscoverypersistence

behavioral2