917d0430e402640470b1c9f05c50c225df4a88317c7fa881f4864147e9887434 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f50f8aa9fb19d7ec3e54517e93ffce70_JaffaCakes118
Size

1.2MB
Sample

240925-dwptmssbrk
MD5

f50f8aa9fb19d7ec3e54517e93ffce70
SHA1

7589ae9bf664e6c87787c020bb30166dc760a92c
SHA256

917d0430e402640470b1c9f05c50c225df4a88317c7fa881f4864147e9887434
SHA512

af3f5e991bcac22a16e6c15588ef0631801b3326daece291c0021bdafcdd1a34ce65630ba16b12746a3b1191fd86a000ac8dff214c10808339b661b8605167c8
SSDEEP

24576:4S/s3o9UE3OBfejZhe2dVIFAca9vbObHk0izqcODrcRaV4DSpOvCVI:4S/s3o9VOcjZhe2ddybHk0izqcODriaU

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  f50f8aa9fb19d7ec3e54517e93ffce70_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  f50f8aa9fb19d7ec3e54517e93ffce70
- SHA1
  
  7589ae9bf664e6c87787c020bb30166dc760a92c
- SHA256
  
  917d0430e402640470b1c9f05c50c225df4a88317c7fa881f4864147e9887434
- SHA512
  
  af3f5e991bcac22a16e6c15588ef0631801b3326daece291c0021bdafcdd1a34ce65630ba16b12746a3b1191fd86a000ac8dff214c10808339b661b8605167c8
- SSDEEP
  
  24576:4S/s3o9UE3OBfejZhe2dVIFAca9vbObHk0izqcODrcRaV4DSpOvCVI:4S/s3o9VOcjZhe2ddybHk0izqcODriaU
Score

7^/10

bootkit discovery persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence