4c85a5ca0439a6616331f6f0c981e7c0c2f0efb6d6251e832483c543cad6edfd | Triage

Sharing

General

Target

JaffaCakes118_cb627d100ff02fa664360b7c104ca20b
Size

24KB
Sample

250209-fg5bwswkcs
MD5

cb627d100ff02fa664360b7c104ca20b
SHA1

c71a4d0011db29d05abae24744b354de3dc39820
SHA256

4c85a5ca0439a6616331f6f0c981e7c0c2f0efb6d6251e832483c543cad6edfd
SHA512

1123a625820a27bb9e79fd1e7fbf3b348fe640d92a879013d1dbc37ba71f2f02e08fc6de1c7059e256a91ff529267938ea2242bb0f410d008b2d2691b5aaca9e
SSDEEP

192:CKn6Mlq9GAhlrmT9r0GTdzt8jp4caXd+AmwW3B3yz8/bdW11oynD3zVviQlv:KMlGGAXm5r0GTFUmcwd+BTBc1B3ZxF

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_cb627d100ff02fa664360b7c104ca20b
- Size
  
  24KB
- MD5
  
  cb627d100ff02fa664360b7c104ca20b
- SHA1
  
  c71a4d0011db29d05abae24744b354de3dc39820
- SHA256
  
  4c85a5ca0439a6616331f6f0c981e7c0c2f0efb6d6251e832483c543cad6edfd
- SHA512
  
  1123a625820a27bb9e79fd1e7fbf3b348fe640d92a879013d1dbc37ba71f2f02e08fc6de1c7059e256a91ff529267938ea2242bb0f410d008b2d2691b5aaca9e
- SSDEEP
  
  192:CKn6Mlq9GAhlrmT9r0GTdzt8jp4caXd+AmwW3B3yz8/bdW11oynD3zVviQlv:KMlGGAXm5r0GTFUmcwd+BTBc1B3ZxF
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence