d11ee20ba5a77d54f2b7b45b2cce0b8ef3e82da8b26106caf63007e5f1fc205e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2b73060f28608b12d672c983403586c_JaffaCakes118
Size

946KB
Sample

240907-ym5hys1hml
MD5

d2b73060f28608b12d672c983403586c
SHA1

2edac77aafab770fb10c30eee4584b788be37301
SHA256

d11ee20ba5a77d54f2b7b45b2cce0b8ef3e82da8b26106caf63007e5f1fc205e
SHA512

8e6b952ae1177c91062b29ee44e50fcc6c6c3b6832542e10a715a3588e637aff5d4734c5dc92f4e7b2feffbc0ba442a21984740502424415fe10ab37a1bb4895
SSDEEP

24576:9Qjg4b5tLWPtshODlX4hTYZVI6OiiUT+8g1pxzmK:9egWWPtleYZrOiiA+8WpxzN

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  Knife.chm
- Size
  
  221KB
- MD5
  
  3a31bd863bf84f03d1446f215613d0bc
- SHA1
  
  4386a7b80911a044d82e0a90092d48562f30371b
- SHA256
  
  4dccdc3a056ac7c1e3068b3a8c8a67b38e34c4b4331b45cebe3cc1a810efb236
- SHA512
  
  4e9216499d86eb4096397c8125163dcc1653a9cc16116b292f34d3dac36e54f1d401d8e41170ca24ad542b88652aa7b0b1ff0f2b6d7de675324f54dbe4548ed1
- SSDEEP
  
  6144:mXB8CjC2+Gfkg0BCp7yBWj22O0olRirDlll:c8wC2+Gsg00p7Fm0oqHPl
Score

1^/10
behavioral1 behavioral2
- Target
  
  Knife.exe
- Size
  
  717KB
- MD5
  
  097fddb6b42db1dc067e30602a724423
- SHA1
  
  ba3f0ae54b305ffa69b18e22f60ff66a22148463
- SHA256
  
  b2ecc892308860ff0a875daf4da1a26bce2e3763b4d6f4e53eeaa73e7b805e25
- SHA512
  
  8a451b97ef6d4921b09c20e310ece2a052f53d66ffba1867127adde78deabf7ce1c3c645d5b66af978ddf1b1a322a9d1a8d27ece8af10c89e48ca6c4f642bf15
- SSDEEP
  
  12288:WAW5sqMYeMOPCxSqIcXJtjHe8+esTCmtiUT:jWN7OP8bIGs2mtiUT
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  Other.chm
- Size
  
  79KB
- MD5
  
  18cb40e5eabf60a77d5f793cc127aa83
- SHA1
  
  43cf80dc56a5fcd83520004088ef94ddbc285a50
- SHA256
  
  0d7e14a8b63457571558ed29088e15558fab8dc4f1d7280fb1c469810bd0a71d
- SHA512
  
  cca4f82fa9f79f8d587723f69c430a4bf0e5f848220f53db98c91aac0da803a6b7dbb8ed29a0bd904b94be677ea1a205649db0ec0c3e52dc10ddc95bf36871e7
- SSDEEP
  
  1536:zUxBKkSKWTyuQdfbgdwfrh3LGLlgz/vUAyf0RGC0gtxYg6:Qxc3TKgdorh3tDfGLgzYJ
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitdiscoverypersistence

behavioral4

behavioral5

behavioral6