c50f8c637eb3b9f442f9bb69a71f4b951ce49b61379001455500074675d2a417 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

045167745cbd3e967d1166db909bad23_JaffaCakes118
Size

213KB
Sample

241001-erd21stgkd
MD5

045167745cbd3e967d1166db909bad23
SHA1

9a31a83c689e165da8c1e8f58e3d0dfbaf665b4d
SHA256

c50f8c637eb3b9f442f9bb69a71f4b951ce49b61379001455500074675d2a417
SHA512

7c158d1efecb8b0c7b67066f0ae128bbaa2adc560787224a3e7cb293a9f58a14516e2c551a1aa64ea5bd45e35ec11dfa64660c33c4739a63b70bed4118397c33
SSDEEP

6144:TTzJbd3sQ36hYc42ZCtuJPYny37HO/kClRwv5k50ZR:fzJRcujc4mCIZD37HW3lRW5rR

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  045167745cbd3e967d1166db909bad23_JaffaCakes118
- Size
  
  213KB
- MD5
  
  045167745cbd3e967d1166db909bad23
- SHA1
  
  9a31a83c689e165da8c1e8f58e3d0dfbaf665b4d
- SHA256
  
  c50f8c637eb3b9f442f9bb69a71f4b951ce49b61379001455500074675d2a417
- SHA512
  
  7c158d1efecb8b0c7b67066f0ae128bbaa2adc560787224a3e7cb293a9f58a14516e2c551a1aa64ea5bd45e35ec11dfa64660c33c4739a63b70bed4118397c33
- SSDEEP
  
  6144:TTzJbd3sQ36hYc42ZCtuJPYny37HO/kClRwv5k50ZR:fzJRcujc4mCIZD37HW3lRW5rR
Score

8^/10

bootkit discovery persistence
- Blocklisted process makes network request
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence