deb432b2b36d6cd30280639f171e630b54454d030ff513bc44da61e162ae181e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17e4b657ad5f6138ffe1e5b9e7d94c38_JaffaCakes118
Size

287KB
Sample

241006-nj75ka1fjm
MD5

17e4b657ad5f6138ffe1e5b9e7d94c38
SHA1

42df328db091b7dd7e8c498195f6b01f93d4624b
SHA256

deb432b2b36d6cd30280639f171e630b54454d030ff513bc44da61e162ae181e
SHA512

f970f3935909e8b98d355b331384f770a2c3026df33e90b3aa2e5405afca76482c83cf351bc43a3bd9f463809db6fe6a880365294955821d03167889dd2b5078
SSDEEP

6144:slqRkLx91L+o4m6MzXM70MCmfKx/8GcsMBvMCmJpvIHW7hb82JrJ:eqRufLNd68XMTN+esTCm7brrJ

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  17e4b657ad5f6138ffe1e5b9e7d94c38_JaffaCakes118
- Size
  
  287KB
- MD5
  
  17e4b657ad5f6138ffe1e5b9e7d94c38
- SHA1
  
  42df328db091b7dd7e8c498195f6b01f93d4624b
- SHA256
  
  deb432b2b36d6cd30280639f171e630b54454d030ff513bc44da61e162ae181e
- SHA512
  
  f970f3935909e8b98d355b331384f770a2c3026df33e90b3aa2e5405afca76482c83cf351bc43a3bd9f463809db6fe6a880365294955821d03167889dd2b5078
- SSDEEP
  
  6144:slqRkLx91L+o4m6MzXM70MCmfKx/8GcsMBvMCmJpvIHW7hb82JrJ:eqRufLNd68XMTN+esTCm7brrJ
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2