faa460260315019847181df6ed9de1dd646364ebb064d89060555648aa86acb2 | Triage

Sharing

General

Target

JaffaCakes118_d9d11beeb9b1431acb22eff326d4f24e
Size

404KB
Sample

250210-k8d18swmap
MD5

d9d11beeb9b1431acb22eff326d4f24e
SHA1

7659148c8f3ec8dc580e37ea971cce2fc87d470a
SHA256

faa460260315019847181df6ed9de1dd646364ebb064d89060555648aa86acb2
SHA512

9398512c36b96e5d62ad875469fdbdb2d1ac6e2086a20aada73fd02506fd2ba947b4b98b644589f83ed4e3b8f7a17ee67443b301e892323b4519d27ce9f23873
SSDEEP

12288:4ma9mxqQmuEuAvoEYuqgksQ8bE8FJcaGW9h9:uJQm28oEYuqg5QiFGW9h9

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_d9d11beeb9b1431acb22eff326d4f24e
- Size
  
  404KB
- MD5
  
  d9d11beeb9b1431acb22eff326d4f24e
- SHA1
  
  7659148c8f3ec8dc580e37ea971cce2fc87d470a
- SHA256
  
  faa460260315019847181df6ed9de1dd646364ebb064d89060555648aa86acb2
- SHA512
  
  9398512c36b96e5d62ad875469fdbdb2d1ac6e2086a20aada73fd02506fd2ba947b4b98b644589f83ed4e3b8f7a17ee67443b301e892323b4519d27ce9f23873
- SSDEEP
  
  12288:4ma9mxqQmuEuAvoEYuqgksQ8bE8FJcaGW9h9:uJQm28oEYuqg5QiFGW9h9
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2