1d6dd3b2416eb626c3316e9e29b2f206159c1deb68aacee2ed5dce637820ae4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118
Size

207KB
Sample

240925-xk32ns1hlr
MD5

f6a78454e77ed7c67a675b5ea304ed51
SHA1

8dba0519a8b89b671705016010d4ef09a9446d57
SHA256

1d6dd3b2416eb626c3316e9e29b2f206159c1deb68aacee2ed5dce637820ae4d
SHA512

f3ab0dc2cd583b186cfae4ea0d57aead1821d1924ce10681e426a4f4ee20a51282f2a5563b2c2f0cf82bdd6c11a6bba9823a026e9a82d4d95ea2e982b2eab37e
SSDEEP

3072:nRQGQ9b/hVR2S/Cx2PrVJJ1yCIinh7YCcU2Ji8+Yi0PD5kgjLigY+xh7+Qrf6Fhu:nDQp/qxM7R7nhMxUmoSjLBYWiNFw

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118
- Size
  
  207KB
- MD5
  
  f6a78454e77ed7c67a675b5ea304ed51
- SHA1
  
  8dba0519a8b89b671705016010d4ef09a9446d57
- SHA256
  
  1d6dd3b2416eb626c3316e9e29b2f206159c1deb68aacee2ed5dce637820ae4d
- SHA512
  
  f3ab0dc2cd583b186cfae4ea0d57aead1821d1924ce10681e426a4f4ee20a51282f2a5563b2c2f0cf82bdd6c11a6bba9823a026e9a82d4d95ea2e982b2eab37e
- SSDEEP
  
  3072:nRQGQ9b/hVR2S/Cx2PrVJJ1yCIinh7YCcU2Ji8+Yi0PD5kgjLigY+xh7+Qrf6Fhu:nDQp/qxM7R7nhMxUmoSjLBYWiNFw
Score

8^/10

bootkit discovery persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence