5b17e265a5fb13fbc666d40aa0b2d0a53dc6844b11670f0bb8fd15100d8f18ea | Triage

Sharing

General

Target

eec077a30374eacee088bd9619e65987_JaffaCakes118
Size

664KB
Sample

240921-a3c7msxanf
MD5

eec077a30374eacee088bd9619e65987
SHA1

000e097462dbf811b7918573595157b3d30c87c9
SHA256

5b17e265a5fb13fbc666d40aa0b2d0a53dc6844b11670f0bb8fd15100d8f18ea
SHA512

0f18a394f4cc3b5cd23511b1590f2e381293601378b48fda13284d4c2217b48b2f257e1425969e5a4a004222b3207d9666aa149f1db44ea194db5bd0fecc9d8c
SSDEEP

12288:XjC/65/meS9kOdG9c/Jf/zwJ/yF3cDmbwSi3pvd0fc7DkMeJs3IzKvSD8MmVX:XjC/oUD0cJ/z+yF3cDmbw5vuYDkMeJLg

Score

10^/10

bootkit discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  52zsoftdown/52zsoftdown_111886.exe
- Size
  
  1.3MB
- MD5
  
  db5a51efff6cf0f76abf7a19cef21cf3
- SHA1
  
  63eb5376d71418911536bf4436d1a6a98b2f4b6c
- SHA256
  
  0ee8a93b9d73ccada4260cade1319344d8f38dd43b4750983c2bcc9f9e64bea2
- SHA512
  
  c090cdf811f64c3ebe63a74677cbb662dc0efa2aa2d5ee5315af355e57c19a8c47228c8c93516f2c775c2c3e0b47cda97e4e39667191320cc0bbd6ad74fb5819
- SSDEEP
  
  24576:jxo3F/W8h5oxMkyn/RqHSi+Z3tY5g/rfleduvY//b3M:cF/XmM3trteE4D3M
Score

10^/10

bootkit discovery evasion persistence privilege_escalation
- Modifies firewall policy service
  evasion
- Modifies Windows Firewall
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  52zsoftdown/绿软基地.url
- Size
  
  259B
- MD5
  
  e803134068a09741b356ddd314c3eeb1
- SHA1
  
  79278934b2e43048b6130c67303731e68e5548f9
- SHA256
  
  cb1fe758826880c5ffe1e8f825ec96bb670fe13d9e3eee4654a01fe7e14a0291
- SHA512
  
  fb00e95969518d9e79bd535f78e1bc369823d27b50ccf89b53fa3280dd3c2a533b05eb19203d37f5156652eed62fd922c8b8da7d4a96371f3d28e15005f888cc
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistenceprivilege_escalation

behavioral2

bootkitdiscoveryevasionpersistence

behavioral3

behavioral4