322de79c2828189330d95ca8acf319d50ec4dfede38a92950674debe8e2390ed | Triage

Sharing

General

Target

JaffaCakes118_8a721c920aa6948d6f07dd4076648640
Size

178KB
Sample

250328-jal4hsvnx9
MD5

8a721c920aa6948d6f07dd4076648640
SHA1

95042744d0662b64a87457cba20ec858d93d4ab5
SHA256

322de79c2828189330d95ca8acf319d50ec4dfede38a92950674debe8e2390ed
SHA512

1290190d8e360b57c8025779d3dd977cc1ee0a6e60a65647616c95fc91ec74bbb1dff342f362335ddd86dfe215a4b0e338cf3865f2802744f9eb22439fcb7444
SSDEEP

3072:kYKxTiKHYH4W3FGaHqqe4MLajTYESkISXF1dTSwhieephzP/KfexkV4d:B0TNjW3FGaHq27jkE9ISXNTSwhieghrl

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_8a721c920aa6948d6f07dd4076648640
- Size
  
  178KB
- MD5
  
  8a721c920aa6948d6f07dd4076648640
- SHA1
  
  95042744d0662b64a87457cba20ec858d93d4ab5
- SHA256
  
  322de79c2828189330d95ca8acf319d50ec4dfede38a92950674debe8e2390ed
- SHA512
  
  1290190d8e360b57c8025779d3dd977cc1ee0a6e60a65647616c95fc91ec74bbb1dff342f362335ddd86dfe215a4b0e338cf3865f2802744f9eb22439fcb7444
- SSDEEP
  
  3072:kYKxTiKHYH4W3FGaHqqe4MLajTYESkISXF1dTSwhieephzP/KfexkV4d:B0TNjW3FGaHq27jkE9ISXNTSwhieghrl
Score

8^/10

bootkit discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

discoverypersistence