483040b5e8476f18e303ad26e2428f377d72554261dcc85d064fddba980a76fd | Triage

Sharing

General

Target

dd466c1856a777beb0df443d3cf71be2_JaffaCakes118
Size

300KB
Sample

240912-3y6mlssejl
MD5

dd466c1856a777beb0df443d3cf71be2
SHA1

7accb6247e0205ce414a4f4978f6763620c082f2
SHA256

483040b5e8476f18e303ad26e2428f377d72554261dcc85d064fddba980a76fd
SHA512

fa1f84cc0e85af08828ea0a2f5a2cf9dac9e322f43e15051cf4478a0d04d75ef70645396c3b1eabe0220672331530be909a72dca99405fb6b31e9b97dfd0c564
SSDEEP

6144:Vgdizzv/Va6z5hr06Fdpbt5z9lrB4SSo/MX/tXxNJd4J2kX:NVa6z5hFdpZ5XBvSHPtXxrI

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  dd466c1856a777beb0df443d3cf71be2_JaffaCakes118
- Size
  
  300KB
- MD5
  
  dd466c1856a777beb0df443d3cf71be2
- SHA1
  
  7accb6247e0205ce414a4f4978f6763620c082f2
- SHA256
  
  483040b5e8476f18e303ad26e2428f377d72554261dcc85d064fddba980a76fd
- SHA512
  
  fa1f84cc0e85af08828ea0a2f5a2cf9dac9e322f43e15051cf4478a0d04d75ef70645396c3b1eabe0220672331530be909a72dca99405fb6b31e9b97dfd0c564
- SSDEEP
  
  6144:Vgdizzv/Va6z5hr06Fdpbt5z9lrB4SSo/MX/tXxNJd4J2kX:NVa6z5hFdpZ5XBvSHPtXxrI
Score

7^/10

bootkit discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2