aa073a5815cc12265427ed9b056b92fa534212ab1b789785828fd996cf768517 | Triage

Sharing

General

Target

37d8bb338e211d65e6edf075e8f94b55_JaffaCakes118
Size

136KB
Sample

241012-b57ppszgnq
MD5

37d8bb338e211d65e6edf075e8f94b55
SHA1

19bce9b5d63e8c5477eea5ff05f425d1046f9f34
SHA256

aa073a5815cc12265427ed9b056b92fa534212ab1b789785828fd996cf768517
SHA512

5ca5d06341a592b743b63b384b62d03343c43684c9138529a524353731c4f8a1856976b72e061e31cacf50008a8ebdd6847797a1d55774a9e0ed5f8f39aba08b
SSDEEP

3072:N5Gzweom1i37Ou19pCQOyredk+QWe0/Cw1iU5jNMcfq:N5GU9NCuPp/NIXBe0GUtNjS

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  37d8bb338e211d65e6edf075e8f94b55_JaffaCakes118
- Size
  
  136KB
- MD5
  
  37d8bb338e211d65e6edf075e8f94b55
- SHA1
  
  19bce9b5d63e8c5477eea5ff05f425d1046f9f34
- SHA256
  
  aa073a5815cc12265427ed9b056b92fa534212ab1b789785828fd996cf768517
- SHA512
  
  5ca5d06341a592b743b63b384b62d03343c43684c9138529a524353731c4f8a1856976b72e061e31cacf50008a8ebdd6847797a1d55774a9e0ed5f8f39aba08b
- SSDEEP
  
  3072:N5Gzweom1i37Ou19pCQOyredk+QWe0/Cw1iU5jNMcfq:N5GU9NCuPp/NIXBe0GUtNjS
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2