Overview

overview

10

Static

static

3

JKT48.exe

windows7-x64

10

JKT48.exe

windows10-2004-x64

Resubmissions

28/03/2025, 14:59 UTC

250328-sc4wsazjx2 10

28/03/2025, 14:53 UTC

250328-r9rr2sxwbz 10

27/03/2025, 13:35 UTC

250327-qvr9laswew 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JKT48.exe

  • Size

    8.0MB

  • Sample

    250328-r9rr2sxwbz

  • MD5

    41f5bac802f5e79dc2ca7a3db25d0001

  • SHA1

    ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e

  • SHA256

    9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d

  • SHA512

    94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab

  • SSDEEP

    196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63

Score
10/10
bootkitdefense_evasiondiscoveryevasionexecutionexploitimpactpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      JKT48.exe

    • Size

      8.0MB

    • MD5

      41f5bac802f5e79dc2ca7a3db25d0001

    • SHA1

      ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e

    • SHA256

      9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d

    • SHA512

      94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab

    • SSDEEP

      196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63

    Score
    10/10
    bootkitdefense_evasiondiscoveryevasionexecutionexploitimpactpersistenceransomwaretrojan

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • UAC bypass

      defense_evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Disables RegEdit via registry modification

      defense_evasion

    • Disables Task Manager via registry modification

      defense_evasion

    • Disables use of System Restore points

      defense_evasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Direct Volume Access

1
T1006

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Network Share Discovery

1
T1135

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

3
T1490

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.