da50220802a8a195bf33a9aa7643a3e6be7e309ec429853d814e1ea46efe3061 | Triage

Sharing

General

Target

JaffaCakes118_c3d212f26b5c00dec466325713e9867e
Size

437KB
Sample

250208-rb9j7syndz
MD5

c3d212f26b5c00dec466325713e9867e
SHA1

b6d872af7c83133c2b5d7298d4849c05490b12ee
SHA256

da50220802a8a195bf33a9aa7643a3e6be7e309ec429853d814e1ea46efe3061
SHA512

8c3a2d8120ca9b459b078c98c122e5bc71e68363ce5a937a0b7210f036cb421fd141cf5912c3c09eab4faeb49e1b189ba49448f471e10bf409da6e1ee05f2b5b
SSDEEP

12288:/E+BxPGDvYKRkorfA0HYmFlTyWNcwKNtTirdj:/nxeEK+orfAIbjZOTEd

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_c3d212f26b5c00dec466325713e9867e
- Size
  
  437KB
- MD5
  
  c3d212f26b5c00dec466325713e9867e
- SHA1
  
  b6d872af7c83133c2b5d7298d4849c05490b12ee
- SHA256
  
  da50220802a8a195bf33a9aa7643a3e6be7e309ec429853d814e1ea46efe3061
- SHA512
  
  8c3a2d8120ca9b459b078c98c122e5bc71e68363ce5a937a0b7210f036cb421fd141cf5912c3c09eab4faeb49e1b189ba49448f471e10bf409da6e1ee05f2b5b
- SSDEEP
  
  12288:/E+BxPGDvYKRkorfA0HYmFlTyWNcwKNtTirdj:/nxeEK+orfAIbjZOTEd
Score

7^/10

bootkit discovery persistence
- Deletes itself
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2