585ce1d0a8c26f81f8d5689df47dbb3a138acf66b451b557719e02ea3594f36d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff3478b583cf899730c104c85c1d75c4_JaffaCakes118
Size

55KB
Sample

240929-xzeyds1bjc
MD5

ff3478b583cf899730c104c85c1d75c4
SHA1

0d08b147e50f889a40eb80c68d548430ffc5875b
SHA256

585ce1d0a8c26f81f8d5689df47dbb3a138acf66b451b557719e02ea3594f36d
SHA512

4dc2d4b6aeab3232c66f0bfb377d6ae543b7e74fbe01f6cae316398a6842c2af922c9d0170d208954c26bfe6dc42ed87beb87fc4db03e1d5bbd72985b107da05
SSDEEP

768:d8ujrJxzVjqBv8Z2o/mBlQ7gT9BpJrNY7+AzLlJyN805kdD7/MVVpwGTwtSziNzg:dhjrtiv8ZfOYKPrNIryO0CCrkIUoqyZ

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  ff3478b583cf899730c104c85c1d75c4_JaffaCakes118
- Size
  
  55KB
- MD5
  
  ff3478b583cf899730c104c85c1d75c4
- SHA1
  
  0d08b147e50f889a40eb80c68d548430ffc5875b
- SHA256
  
  585ce1d0a8c26f81f8d5689df47dbb3a138acf66b451b557719e02ea3594f36d
- SHA512
  
  4dc2d4b6aeab3232c66f0bfb377d6ae543b7e74fbe01f6cae316398a6842c2af922c9d0170d208954c26bfe6dc42ed87beb87fc4db03e1d5bbd72985b107da05
- SSDEEP
  
  768:d8ujrJxzVjqBv8Z2o/mBlQ7gT9BpJrNY7+AzLlJyN805kdD7/MVVpwGTwtSziNzg:dhjrtiv8ZfOYKPrNIryO0CCrkIUoqyZ
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2