General

  • Target

    e55bb809184a6c5b1680c7a53c693403_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240407-tzljdsha87

  • MD5

    e55bb809184a6c5b1680c7a53c693403

  • SHA1

    88d0cbe1c8cfb510a0b38c29470fe9ec3a2fc654

  • SHA256

    a16ba4ba473103ab99e0d9f386afe3e3dfeb527178b2a48d613759346b3d309c

  • SHA512

    6e19a6272b8c93805924e69e26f4b63095fa8a2aedbff2d7f0f6720b845cac62ce097d4c9235ad0a2101a52a5e9087ba3f1325a9fe6bfd48f0b172b6d1840b1e

  • SSDEEP

    49152:tzQlXh5BiyUZm+VaEWn5XlGLjMecJhpak6Nt9rm+H/Htjx4S:tkZhayUZVIn5X0sNn4kGV5WS

Malware Config

Targets

    • Target

      soft/SuperKiller.exe

    • Size

      740KB

    • MD5

      7cc51e2ab2a1b0c8e1ee57190a28e37e

    • SHA1

      606fca9692b60f95c7ea9e9d3af7439c851c3437

    • SHA256

      0b4662454d449abf412c9f45f3669d234cadfdf0f210affb72e590c0414e6976

    • SHA512

      04f29dfb64f2192d861cc94b89c0273c38ad5f7c7f6204f18333496e12a9f44873767dac8e71ffa5555dbad20d1a4626c653522911d9b5147408a7ed16254f06

    • SSDEEP

      12288:/i8fUvMYOoQgbCQfMr4Jm7H7VTFbDnKasnCI5G+T16lo0UPorNFzG7r6f7094REz:/iWUvJ7QgrMEMbrWCI5G+Z3HorP7rRdQ

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      soft/killer_ati2evxx.exe

    • Size

      109KB

    • MD5

      3db309a0389791682a5c454ee31cb0ac

    • SHA1

      26badd1ee45d7a65ec179d9269dae4d3ce59ac22

    • SHA256

      91a45ab539045fd60817421ba50f2c25b794776661cc0c36215b6f242c6bef2a

    • SHA512

      c3e92986454b61806746eb61045c9d5af8a59bd4eef386f8ef0442ae3c9602d98edff0d34a9f969e86a4ded9ed9f2b820b0ac8c1b3a9083784473f11c2eb753a

    • SSDEEP

      3072:OqcUHtFGNGmasLSI/v/i/Xq6KGJ4R2DyUYYNn1Up/UQT7ajYuZN:PzNYN8eHAaR2DyUZNn1U9UQT2jb

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      soft/killer_autorun.exe

    • Size

      837KB

    • MD5

      c4a292ebe138baa97d3bde72714ac982

    • SHA1

      73e983a34913398b8c2e20ce4a965e0be6d14c70

    • SHA256

      6a9c6d9a861a74c0bf04bfffb6ca76ee8fe9f8970fbcce4764b70fe16cfef1f7

    • SHA512

      865ee51847f93bc8edef13ff1b48b0860edacb8611a11d18e1c9b3280851eb18ed410a1faefb36eeb56492cd3db2cac59245f31d095b74a187d7861573e9035d

    • SSDEEP

      12288:kzy6rRxEUzYM3Brs0l5xa8eZQl410CJDrkQTnIfcuGUVYaeVmnGCdn8pcHvG5RTz:X6rTXY08ZIqHkRUuTY2pCOGzz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      soft/killer_dummycom.exe

    • Size

      416KB

    • MD5

      96d1554bada1c141ba343f673472afa1

    • SHA1

      a82795ba37f367ceec39ebab295c2dc93b96cc16

    • SHA256

      b4ecfa07a64e009519deed2e8266b3e6e1f16afcce68b6b2d2cae55caeeb246e

    • SHA512

      ecf7753d2ccc1593e187f2045a1c13460d708061da57e9360b282916d6b1f8936a83aa1a50b56e1e2eeab67a731e6bafcf44fdb89de879a2b42136fbaaabe6e4

    • SSDEEP

      6144:AdOApXUez8ZL33VveOhwtQXGQOJVIvzBWurIvzscI0:AAApXIz3VGYdTOJVIvzAu7M

    Score
    1/10
    • Target

      soft/killer_javqhc.exe

    • Size

      320KB

    • MD5

      20d1f117385e86da6732bfc14580a621

    • SHA1

      8a72cc31ba3e2c25f21bcdb4317ef0efd9d2e3ea

    • SHA256

      c33b83e11d878cbc28aa069d4c8f209add478e6fb958366c96f5507c814203e5

    • SHA512

      bc0bb882f6ce7f8a15afb4bb45a88f2c4766385eb498bef8dd61ba506fddbfdcc7ddd3203561868fa77f7a6d8af4189d325968cc2e330e52a28a2778dae88d58

    • SSDEEP

      6144:a8U2qy6rRZb7jxGYERJeA/4GPjPXJ+CrnEmN/Gyjq2lmvxvp57FGIJXy:Ezy6rRxEbwuLX8CrnJGy22Chp5c1

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      soft/signa.dat

    • Size

      11KB

    • MD5

      0a2eeb8e102bdb9f0b90d2623e01b497

    • SHA1

      e3e56c6fcf37db898332eba52f762a4260dbfcbb

    • SHA256

      0fde90b6bb30fdff6031b120aeb425094c1033fc648e8e3c58e2714a6ca39aab

    • SHA512

      d06f1437a8b8467a1c38017858fabd9e8b32e0c201ab69d724cb17cec1ac2e65c06690f2171e5e44581d0d5757c2ab04364c321d958d882ae4165a5287e46557

    • SSDEEP

      192:Y2w+tvzDA0i+PVGeg6itB6FZlsBdTr3R/euNHYM2Knz6jugjGXAYf5t4:YwnAiGeJit24DFeuys6KgjGTO

    Score
    1/10
    • Target

      soft/xavengine.dll

    • Size

      177KB

    • MD5

      eb0c3c2fc235454e5a2a5abd70171efe

    • SHA1

      c8bf5cc65189340952cb12b47f936568431b963d

    • SHA256

      7e8ccef074e467dc5ebd5571f9039b497432647d2ede3f9fada313e81555cb85

    • SHA512

      1acf2fc1e119b2c50dcafd78d6ddbee2a6dc9dd130e3118be26557fb05888978822315e83de3366247d5004add51ed08f004f9a131c04f23cd7758c7394c18d9

    • SSDEEP

      3072:pPAT7wzh+wPr6olWSz1CKaVwZRtX0mpPCUrtQ1bAL/nRn5HAp3W9McU0eqnXd8fQ:pPSwNDPrnRn5HY2nUwXdHQbSXLD

    Score
    1/10
    • Target

      soft/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    • Target

      垃圾病毒清除器.bat

    • Size

      2KB

    • MD5

      0b042960026d34f7c69fd7289ed6b7f0

    • SHA1

      de024ae96279c74aff2e4d22e7dd6dca0850cb15

    • SHA256

      b75016919c6464c1242771825fa39ca18daf7afeedf83ba037f4474f175721a9

    • SHA512

      354a980135aef4e872683b245eb00e3527df5124c021356964a156fc087d8e9fcf1f6868326265b23f1c8f69554fbe4393095f28b4adb51be90d099f6acec5e5

    Score
    7/10
    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks