d2dbebaf7d20189a83c281bbab6cce71b8eb7859c09b8b09b3ebb23740dca1bb | Triage

Sharing

General

Target

ec916c88bc8bba1276f1e5af17093e5c_JaffaCakes118
Size

4.3MB
Sample

240411-dx9v7sea9w
MD5

ec916c88bc8bba1276f1e5af17093e5c
SHA1

9ac9476ef7f7e8975178cfffb9ed28b1c47552d3
SHA256

d2dbebaf7d20189a83c281bbab6cce71b8eb7859c09b8b09b3ebb23740dca1bb
SHA512

ca95889503dbb3d7d40201a0a722bb5aaab73746c86fd5033046254c608f3dcf29f0de2b71b71c1d163f3098395acb33b03d4519dc0cf97ed0c63366faa8c0c2
SSDEEP

98304:IG5+RIOpqFajMTiJqEihW4ckadljRB05V+gMmi7CIgQ2EE97xWi:IG5S8sfXinaRBoVWmimIgQxE97D

Score

7^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  DllEmForm.dll
- Size
  
  983KB
- MD5
  
  a34dafb1e632e35390b81ff0673942d9
- SHA1
  
  83cc173de09df232b5cb1c91ce11de5f5a1bf801
- SHA256
  
  0604017d7e9948b804b678f7a3b3045cb15dba881bac8d2e347e5451579c2f65
- SHA512
  
  50e8734b285d3ae5c4cd93e55bc29d57e208aafc721892e200ab590ae53cbbe5bc58c37beb0b1bd6432ab7cf13efd7c21c9df49e16661121ca6afc8f6be7e677
- SSDEEP
  
  24576:0nPylR468BBvId775btUXf2ysKR3JSHFlvj:0nqj468BBvSXyHWX
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  TYFrame.exe
- Size
  
  975KB
- MD5
  
  37a235ee25885b7d32f6e4758d97744f
- SHA1
  
  5f5365cb021169bab2e48c7e76f3f685b59bd4b8
- SHA256
  
  6554d3cdf92be4afb113c63ac57b0bf64f654b66ad7a881671b33ae523443830
- SHA512
  
  3102ac259141305de855b42c704f494cbca8dd651dcb67a2820a53fa83012bf81bf29958760b5c7ff6634072e12ca112cc5a9b69a40a2c328da5a4ca17c92cc5
- SSDEEP
  
  12288:WMpMLAkwN5VMsXtmzx/2ALo1/iEutcsY0whF6f7dnw40Yidsbf64bOJa88xsv1:HaAbzVp9mz2jdOwrsfBc/4bOQ88M1
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  data/bmnet.sys
- Size
  
  23KB
- MD5
  
  846b7c0e3f6370cdcce157a5b36e70cd
- SHA1
  
  a4cf1d022dbeae1ab6115c39cdcc6c2bba469892
- SHA256
  
  c34fd4ec0fc9e2bdb5171c73c5121a40d9c92f166dcddb940545d6e0f937ac99
- SHA512
  
  3047272aab118db5013a005d6ea35159dab2cc2cacf66c70f87e2880b1fc317b7da38ed1f1ef7004ee4079bd364524c13aa356f5296764e4ec6570c24a3ea99e
- SSDEEP
  
  384:Z+bkKwocBKojkZ+0ME4MV8oXEeUOa+ZXabMPpeSq3oFdm:0J9cbjkZSE4mpUOa+ZqbMPpeHmd
Score

1^/10
behavioral5 behavioral6
- Target
  
  data/drvinst.exe
- Size
  
  54KB
- MD5
  
  b36c5e40f25c8afe8c8acc7e895d9c6d
- SHA1
  
  e3ab57d8cf17aa6156d417963b02a2e659a5c5fb
- SHA256
  
  64f42467a18009ae3d7cd24ed140141afd31826761944bd4e1891ea9f02411c9
- SHA512
  
  6902789b6d44b7e6caa6010bdb5fb05073cbee1a5d51795cd5854ac7ab18c9eda1620dfed9249c0afa299646947766f5a53e9ef8d60a89eac8e8cc5c9570dfe9
- SSDEEP
  
  768:Agm6EIvsC4VxJd1mg6/+KsQtyF0Z/evxHs4gZWk:1CUsxIsQtxZmxHeW
Score

1^/10
behavioral7 behavioral8
- Target
  
  data/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral10 behavioral9
- Target
  
  libeay32.dll
- Size
  
  1.0MB
- MD5
  
  0cb3ae2a9c9830a4167123ff76e32ea9
- SHA1
  
  6270368312f74a360f31478a0bb123ba6ce972a4
- SHA256
  
  4e4f0aa8ac639ee7d2f770a7662fd5e83dfb4ee327ce6d2a5cf02cb4fe9880ad
- SHA512
  
  111d3698fce4954915ee51d33996e7eeec260dab65c0a5f3bff2f7bb6421285138fe9d32fd9c9e6337abbcfd59835e7d20eb2a2f6a142b87352fc9c05ce9bff5
- SSDEEP
  
  12288:5jCXP9DT4YHUr656NqKgHSrkj6I9UBPg+8KhYTKGpeRr/IpSLUb2ZqAwj:5jCXFf4IX56JRIQI+5hmp0bjUb2Z9wj
Score

1^/10
behavioral11 behavioral12
- Target
  
  prcdcdll.dll
- Size
  
  658KB
- MD5
  
  6b4e1f4cc56e621a18cfd0c7fe3aa12d
- SHA1
  
  f63bfd7e5b1e923927e1710ca87e3f76d2b6db4b
- SHA256
  
  39256ba5f33f4aa5500723b802e7d5785aca69405e15082690a39cbd8a3d6443
- SHA512
  
  fb221ae7aa3b29a6867315bbbb5f2d9dd10a06a1aecb6fdb818824f43d528005b3dadfe0a960e85fa5204b22ae7b26839dceebe9244e71b176366b7d8b5f8e9d
- SSDEEP
  
  12288:CVaiT/gvNP02dObHlNJYzXu7GOVmKNWPhdsbHMSNEv:0/gvB0bPmTuag9ufTIA
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  ssleay32.dll
- Size
  
  196KB
- MD5
  
  ba575f68b5c3d4f0ca752d92dfdc109a
- SHA1
  
  054f07ba687912602b03daf4d0e5cc6e8cf4d74e
- SHA256
  
  34fd5e3d0a0986cffe206b7271b0d1743bacfb1666f9fdfe91bc627045072bef
- SHA512
  
  c795904f3e8c3f5f605533339a7fe83e8ee9444adc2782b607da929888eeccdfa994cf482aa61042ed74016031c9c0fbec9f1e1e144f663e07bcd39b5f9879d6
- SSDEEP
  
  3072:iP+SbFNHCl/OBsB5mq7a0AVZttATGxiE92sgY116E7uAsa3x+OEW:iPrFNHs/OqYqvlTGxiEvgY116m3W
Score

1^/10
behavioral15 behavioral16
- Target
  
  tyframe.exe_
- Size
  
  981KB
- MD5
  
  d6f79d061aa638dd20f1ded12d8447ad
- SHA1
  
  7263ac01813bac63e87457fc9f28f52defb3b6a6
- SHA256
  
  12d2a55d16c7bf1c4b07712a2c80cc78d168af227d73fd0f70c009e0a1af19f0
- SHA512
  
  9927fc0e72a3041d63ce768fd095ed79d0c9379eb6a96136554d000d8982a2fc183ffba1563f163aa18318acd07e163a0d61fc285719c4eab72b5503b48c2ba2
- SSDEEP
  
  24576:VnlwCaMaqXsay0JzM205aE9pB2ws+58CX:VOCzX1zM2CBHEwTX
Score

1^/10
behavioral17 behavioral18
- Target
  
  unicallem.dll
- Size
  
  1009KB
- MD5
  
  21285f2f301be864240aeb2c922ec99e
- SHA1
  
  7b87d11fb3c3eba4869e9949cbe7873c8bf4c53b
- SHA256
  
  db7f6960f17163aa836c180fc1845fc14d9c49f7584ca63a24192f011589b6b1
- SHA512
  
  6a44483379aecca92ca913e06668d987f32684878366a87b0c9da4d8e5f6e710ba0a3690227aa4e7e09195d7012e76c41c457ca29d8ddbb631e16f2a507b8962
- SSDEEP
  
  24576:g7mF0WFAB652nVotTX2Lwf3ZAZQ0VHdXn6r6J:3ZlCsL1f+ZQ6P
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  unins000.exe
- Size
  
  657KB
- MD5
  
  723d1973489c4dcaedbde75b11267eff
- SHA1
  
  d77c11187796678d0d84a122bced8b6841eebf3b
- SHA256
  
  797149c2198a8f9807ecbae1c5a1fa092b519c5cc00428d4b19b09d8d6d41d20
- SHA512
  
  649f5b5d0b851e453c3a0933a2236f28e2bb8b368b158903a38d5425cde4b555b19f814a81f540f62760a269817a1d45439021dbaac5f2bc64b537ebb0b5d285
- SSDEEP
  
  12288:YkxzR0UkTrP/37YzHXA6hLDnQJMgNLKgDRB6K3Uhp7r0x94:3FR0UkTrP/37YzHXA6tbQ+8Tgp30x94
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  update.exe
- Size
  
  248KB
- MD5
  
  ab69bce17a4644280327ac72958374b9
- SHA1
  
  1cf5d1bd8402f05a8ce13aa4d438d9c4f7cf7940
- SHA256
  
  2becbca10440473292042045d8d5ceb5f4040abc0f092cbe2ab1e3ac99b3c619
- SHA512
  
  75f09b3e8d3ccaf797bde43a13949580285ea66244cdc4e69d611290e767edd62a2dac8d19f48c61a3b22cdf60e3f83004cf530c407b7ebf14bf0bf38b9cba84
- SSDEEP
  
  6144:xNG8Uw5wM4hYyyrEr1ebdyVK72RqgiwuvCRwKNnmxq:xX57pi4yVK72RTi96qKNnI
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

bootkitpersistence

behavioral14

bootkitpersistence

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

bootkitpersistence

behavioral20

bootkitpersistence

behavioral21

behavioral22

behavioral23

behavioral24