f66d7620a01d625315925dbe884206e72ff36d123d0b589be807fe87bfd3582e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db02c34bfe63fc1d2a126798a135c4b7_JaffaCakes118
Size

716KB
Sample

240911-xjpgwswhpk
MD5

db02c34bfe63fc1d2a126798a135c4b7
SHA1

8d1f63bc22718b8afe5ff74a02a54185827803ea
SHA256

f66d7620a01d625315925dbe884206e72ff36d123d0b589be807fe87bfd3582e
SHA512

d228b3327055d472b58f2d4c6bf7cc1742ec6c7a0ef1e932fe911ce0326884bf799f5bf8f528592d61c648a35c03300d543ab5c734cfad73d4331d61a10a68fd
SSDEEP

12288:+kmAqNhBrYvg6QiEDCyxDdy0rBRXjIjbFuwwSHJcr+U:+N5Bv6QiEjJy09RmuTSpO

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  db02c34bfe63fc1d2a126798a135c4b7_JaffaCakes118
- Size
  
  716KB
- MD5
  
  db02c34bfe63fc1d2a126798a135c4b7
- SHA1
  
  8d1f63bc22718b8afe5ff74a02a54185827803ea
- SHA256
  
  f66d7620a01d625315925dbe884206e72ff36d123d0b589be807fe87bfd3582e
- SHA512
  
  d228b3327055d472b58f2d4c6bf7cc1742ec6c7a0ef1e932fe911ce0326884bf799f5bf8f528592d61c648a35c03300d543ab5c734cfad73d4331d61a10a68fd
- SSDEEP
  
  12288:+kmAqNhBrYvg6QiEDCyxDdy0rBRXjIjbFuwwSHJcr+U:+N5Bv6QiEjJy09RmuTSpO
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence