gh0strat | 757783d1ca931bb659b8f3a1be2cd272cbea9e7e7fbb8efa6a805e088e9b7c79 | Triage

Sharing

General

Target

JaffaCakes118_5571b9cd292938d522766979d00a96d9
Size

662KB
Sample

250306-h4fm6assgy
MD5

5571b9cd292938d522766979d00a96d9
SHA1

1ac4f8239240b96e375519ab732af15c68ea003c
SHA256

757783d1ca931bb659b8f3a1be2cd272cbea9e7e7fbb8efa6a805e088e9b7c79
SHA512

d0339806ec145afaa46b3b5b827f737030b7c728ca1c9c850f33072a15e61e65171c53d251a5699d865de84702991a4ef2a088f94f54321989829703c873faec
SSDEEP

12288:uQTTBgd2hY0XidgjVwJKtHnXCiKhGMlauX46BGhFYrCU+rm2FeSX6:uTdQY0Xfj+JsHjGGGrX46BhrCU+rbFL6

Score

10^/10

gh0strat bootkit discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_5571b9cd292938d522766979d00a96d9
- Size
  
  662KB
- MD5
  
  5571b9cd292938d522766979d00a96d9
- SHA1
  
  1ac4f8239240b96e375519ab732af15c68ea003c
- SHA256
  
  757783d1ca931bb659b8f3a1be2cd272cbea9e7e7fbb8efa6a805e088e9b7c79
- SHA512
  
  d0339806ec145afaa46b3b5b827f737030b7c728ca1c9c850f33072a15e61e65171c53d251a5699d865de84702991a4ef2a088f94f54321989829703c873faec
- SSDEEP
  
  12288:uQTTBgd2hY0XidgjVwJKtHnXCiKhGMlauX46BGhFYrCU+rm2FeSX6:uTdQY0Xfj+JsHjGGGrX46BhrCU+rbFL6
Score

7^/10

bootkit discovery persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence