462d7f464400677a6c746363e9b64895442a24dcb8a4b951609dce3aa635a0b9 | Triage

Sharing

General

Target

f653945662ad61108c61c654f473b4d7_JaffaCakes118
Size

99KB
Sample

240925-s3f8eawgmc
MD5

f653945662ad61108c61c654f473b4d7
SHA1

f29fc3bbaebcea2752e247b317ca582d51715c9d
SHA256

462d7f464400677a6c746363e9b64895442a24dcb8a4b951609dce3aa635a0b9
SHA512

0842972831a6b9508f870b3a194b9fcfbad3565f533066a193553a4a07d1b1db96493dbbe702b9f75b78f8d0671082d1f59756bdd825283abb921cc491d1f67c
SSDEEP

3072:BixUnJoxphJ7dGz8K5uFd5Y7+CVukbkmJjbux7i9:BixqoxL1HKEFG

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  f653945662ad61108c61c654f473b4d7_JaffaCakes118
- Size
  
  99KB
- MD5
  
  f653945662ad61108c61c654f473b4d7
- SHA1
  
  f29fc3bbaebcea2752e247b317ca582d51715c9d
- SHA256
  
  462d7f464400677a6c746363e9b64895442a24dcb8a4b951609dce3aa635a0b9
- SHA512
  
  0842972831a6b9508f870b3a194b9fcfbad3565f533066a193553a4a07d1b1db96493dbbe702b9f75b78f8d0671082d1f59756bdd825283abb921cc491d1f67c
- SSDEEP
  
  3072:BixUnJoxphJ7dGz8K5uFd5Y7+CVukbkmJjbux7i9:BixqoxL1HKEFG
Score

7^/10

bootkit discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2