e7b916e5302f073dde315fd5a4dc2a55bbe553db9d9e14e2733b83155bedaac8 | Triage

Sharing

General

Target

b0ec9c1ce8c05d465a7882c41a713715_JaffaCakes118
Size

321KB
Sample

241129-nkdmcaspet
MD5

b0ec9c1ce8c05d465a7882c41a713715
SHA1

244d028c957a8d1139e428477efd528230ede7ee
SHA256

e7b916e5302f073dde315fd5a4dc2a55bbe553db9d9e14e2733b83155bedaac8
SHA512

f0bff2a7c9a58a908167c43290755e8635714ba6fc885a5f4f7e9c7cf06dd307d629b88669fa5e60d810e5f357975fdd89cc90b8846fba6ab4d5f582635f0416
SSDEEP

6144:S+9m2P7CqfAh8EfNiApv9TFLBykEegB5WNZUm4GF97vDAJ9daZNsP/ZZ:oCgh8EfMAR9fykEegB5caq97vDAgZuhZ

Score

6^/10

bootkit discovery persistence upx

Malware Config

Targets

- Target
  
  b0ec9c1ce8c05d465a7882c41a713715_JaffaCakes118
- Size
  
  321KB
- MD5
  
  b0ec9c1ce8c05d465a7882c41a713715
- SHA1
  
  244d028c957a8d1139e428477efd528230ede7ee
- SHA256
  
  e7b916e5302f073dde315fd5a4dc2a55bbe553db9d9e14e2733b83155bedaac8
- SHA512
  
  f0bff2a7c9a58a908167c43290755e8635714ba6fc885a5f4f7e9c7cf06dd307d629b88669fa5e60d810e5f357975fdd89cc90b8846fba6ab4d5f582635f0416
- SSDEEP
  
  6144:S+9m2P7CqfAh8EfNiApv9TFLBykEegB5WNZUm4GF97vDAJ9daZNsP/ZZ:oCgh8EfMAR9fykEegB5caq97vDAgZuhZ
Score

6^/10

bootkit discovery persistence upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx