4e39e75de2f3b86751c809a775932553fb22d92c056f6ebd5fe1dd8b650c5e45 | Triage

Sharing

General

Target

dc73b644eb2e62a7a3e11afbdbed27f7_JaffaCakes118
Size

434KB
Sample

240912-r624lszcnf
MD5

dc73b644eb2e62a7a3e11afbdbed27f7
SHA1

41e2a8468e566b4cd299f6367ccc079ff9455f78
SHA256

4e39e75de2f3b86751c809a775932553fb22d92c056f6ebd5fe1dd8b650c5e45
SHA512

84b4a8b77714da676fa7c952ac834e2e3143a7eab1c2a1ecf4087bbc292a7a7a3ecbcc1ca7e5e9fb1513be46cbab6ad98f4b11d691bde8a1bacfc7376e9f5cc0
SSDEEP

6144:upfaoK52wqWbgC3aNj4aDucHpr2wo4Ad88kO1SysrLmGx5mCy2B29sK:g77wqDQqj4aDu/yAduO1JsrfBy2s1

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  dc73b644eb2e62a7a3e11afbdbed27f7_JaffaCakes118
- Size
  
  434KB
- MD5
  
  dc73b644eb2e62a7a3e11afbdbed27f7
- SHA1
  
  41e2a8468e566b4cd299f6367ccc079ff9455f78
- SHA256
  
  4e39e75de2f3b86751c809a775932553fb22d92c056f6ebd5fe1dd8b650c5e45
- SHA512
  
  84b4a8b77714da676fa7c952ac834e2e3143a7eab1c2a1ecf4087bbc292a7a7a3ecbcc1ca7e5e9fb1513be46cbab6ad98f4b11d691bde8a1bacfc7376e9f5cc0
- SSDEEP
  
  6144:upfaoK52wqWbgC3aNj4aDucHpr2wo4Ad88kO1SysrLmGx5mCy2B29sK:g77wqDQqj4aDu/yAduO1JsrfBy2s1
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence