b2b009837a06ee913e85e62ad7452f7b32d304d8b0e312b03c47189f9d6ca877 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30b046c8d8a4c2c3a4b0a6316749a3a4_JaffaCakes118
Size

1.7MB
Sample

241010-tb19yatdlb
MD5

30b046c8d8a4c2c3a4b0a6316749a3a4
SHA1

fb15be243460f877ff4611df78ea01ab9ffeca01
SHA256

b2b009837a06ee913e85e62ad7452f7b32d304d8b0e312b03c47189f9d6ca877
SHA512

37cb5ff9088e3b18716b84c6139eca246072af4311e241a6ea1b45dd87f944623dff35b8af58d497759c19d3d225bf7248321a5f441caed934d21253311cf770
SSDEEP

49152:lvVR1CZZ0cb9HnTo1ufx9uwl22MNG4rh6:jCHHnEkb2/fh6

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  30b046c8d8a4c2c3a4b0a6316749a3a4_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  30b046c8d8a4c2c3a4b0a6316749a3a4
- SHA1
  
  fb15be243460f877ff4611df78ea01ab9ffeca01
- SHA256
  
  b2b009837a06ee913e85e62ad7452f7b32d304d8b0e312b03c47189f9d6ca877
- SHA512
  
  37cb5ff9088e3b18716b84c6139eca246072af4311e241a6ea1b45dd87f944623dff35b8af58d497759c19d3d225bf7248321a5f441caed934d21253311cf770
- SSDEEP
  
  49152:lvVR1CZZ0cb9HnTo1ufx9uwl22MNG4rh6:jCHHnEkb2/fh6
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence