aee20029bcfc79e28a6c118a680ffb6c16659ce57da1447875db13550d540f2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e19da5d88e162276738039419215c5d6_JaffaCakes118
Size

507KB
Sample

240915-dzxcwstcrc
MD5

e19da5d88e162276738039419215c5d6
SHA1

a5c38d1c9554c5ea026d29108e88a4f3f4683753
SHA256

aee20029bcfc79e28a6c118a680ffb6c16659ce57da1447875db13550d540f2c
SHA512

19f5963958702bf5849b9f95f5654273a02009b9e0a3b530cd0a9a346604172afc9c7d9549fcc9fd98f9b17fe21c5047a3b6b934c295a4f1749e715b2b22ec87
SSDEEP

6144:u176U0U46I7Af/8hgpJ48TwHRBzHU7GJg/MNFVhJa9l6P5XWk1JfMpok61wcL:u170B6I7AfAG/INFVuWPjEpDBcL

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  e19da5d88e162276738039419215c5d6_JaffaCakes118
- Size
  
  507KB
- MD5
  
  e19da5d88e162276738039419215c5d6
- SHA1
  
  a5c38d1c9554c5ea026d29108e88a4f3f4683753
- SHA256
  
  aee20029bcfc79e28a6c118a680ffb6c16659ce57da1447875db13550d540f2c
- SHA512
  
  19f5963958702bf5849b9f95f5654273a02009b9e0a3b530cd0a9a346604172afc9c7d9549fcc9fd98f9b17fe21c5047a3b6b934c295a4f1749e715b2b22ec87
- SSDEEP
  
  6144:u176U0U46I7Af/8hgpJ48TwHRBzHU7GJg/MNFVhJa9l6P5XWk1JfMpok61wcL:u170B6I7AfAG/INFVuWPjEpDBcL
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence