817590dc67bd4c5244f27e0c560400abd88108e47285687e5de4de0183d3f493 | Triage

Sharing

General

Target

ea8f8147b101127447f8451a74d330b5_JaffaCakes118
Size

495KB
Sample

240919-ermzxs1anm
MD5

ea8f8147b101127447f8451a74d330b5
SHA1

9bcbb9a16a770620556db092d20e856d780748e2
SHA256

817590dc67bd4c5244f27e0c560400abd88108e47285687e5de4de0183d3f493
SHA512

0191c00768e277fa697d4e57e389558b957f065a542ccd7b958eaa79ec48b93401798b384d620869af20f2dd6b4a4831d3971d49c8e9f9190874bacc38f551b2
SSDEEP

6144:SV5ZWtjRavP2EKdcprMY86RlCLuHBSEB3vnpoueM2+Wey1y8+4V82z+s8:SVijRa2TarMT65Fnp1e5+WA462z+B

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  ea8f8147b101127447f8451a74d330b5_JaffaCakes118
- Size
  
  495KB
- MD5
  
  ea8f8147b101127447f8451a74d330b5
- SHA1
  
  9bcbb9a16a770620556db092d20e856d780748e2
- SHA256
  
  817590dc67bd4c5244f27e0c560400abd88108e47285687e5de4de0183d3f493
- SHA512
  
  0191c00768e277fa697d4e57e389558b957f065a542ccd7b958eaa79ec48b93401798b384d620869af20f2dd6b4a4831d3971d49c8e9f9190874bacc38f551b2
- SSDEEP
  
  6144:SV5ZWtjRavP2EKdcprMY86RlCLuHBSEB3vnpoueM2+Wey1y8+4V82z+s8:SVijRa2TarMT65Fnp1e5+WA462z+B
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence