175a3c84c67e0017ec64848aca432b9ecc37328a2cd5c426cbe5d2a58ed536f3 | Triage

Sharing

General

Target

eabf3816d619c186afdd0a57e5ef138b_JaffaCakes118
Size

252KB
Sample

240919-g24rjavemm
MD5

eabf3816d619c186afdd0a57e5ef138b
SHA1

fc33d9b6cea1a9d460418d7514a58ae0cc30e853
SHA256

175a3c84c67e0017ec64848aca432b9ecc37328a2cd5c426cbe5d2a58ed536f3
SHA512

235a35acfad17b556544baafd7529f6fa5b0a26513fc93190201f9ccf454c406b036c91b6133557a1c1c14647ae63063323faef272110b2eeedee36a4836f877
SSDEEP

3072:cJ9Zqle2tsu5oehGHA/pqQLxgdolApXu7Tq/pY+SFuK0Rg:cJ9ZqAyoehfLmdHpeeHc3

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  eabf3816d619c186afdd0a57e5ef138b_JaffaCakes118
- Size
  
  252KB
- MD5
  
  eabf3816d619c186afdd0a57e5ef138b
- SHA1
  
  fc33d9b6cea1a9d460418d7514a58ae0cc30e853
- SHA256
  
  175a3c84c67e0017ec64848aca432b9ecc37328a2cd5c426cbe5d2a58ed536f3
- SHA512
  
  235a35acfad17b556544baafd7529f6fa5b0a26513fc93190201f9ccf454c406b036c91b6133557a1c1c14647ae63063323faef272110b2eeedee36a4836f877
- SSDEEP
  
  3072:cJ9Zqle2tsu5oehGHA/pqQLxgdolApXu7Tq/pY+SFuK0Rg:cJ9ZqAyoehfLmdHpeeHc3
Score

6^/10

bootkit discovery persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence