3da6828f8567c3cfbd3982484da2f94dd40f721a77fd46c624268cdb550c0035

Sharing

Copy URL

Twitter E-mail

General

Target

f0d938dd89c0cf3296c70eb98b171d99_JaffaCakes118
Size

1.4MB
Sample

240415-mkveesef6w
MD5

f0d938dd89c0cf3296c70eb98b171d99
SHA1

6656665e6f615b0ad6265a62556f32a8dcf54690
SHA256

3da6828f8567c3cfbd3982484da2f94dd40f721a77fd46c624268cdb550c0035
SHA512

dfbc923479bd8ae08ccaa026021a53b7e0c1da6a37551f7c709d42e8d1c945707ff754fa308ce40c151bf70ec5d52248a6f2f1cb7fcc41aa902cb36996873735
SSDEEP

24576:l4PGPcH1g+2Dciw7SjbbnJ840KqjbmI79BCG18MmNt53kWWcvLsutEnjPi:mGUHdSJw7SzD0KqvjzF18FkXcD6nzi

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  oofile_1.47/FileTranDll.dll
- Size
  
  408KB
- MD5
  
  a31dd4781b44a0549eefb36486411e6d
- SHA1
  
  f5acf8f1b5f83852333f3c53d9fd65674d63a0d0
- SHA256
  
  a3d793d6ce0fe7b1fe7027a18f2214140328f852e8181ec2473e299259278cef
- SHA512
  
  8b441da9dcf22f76d6a2820f0015bf27946a4c7eb90a68921c7d9d9b27ae63713ca80cac7215d3639f0e0524060775b3d2f5d567d7c442a4dfad7990886c74a2
- SSDEEP
  
  6144:3sQjn73dGANUL678bQscMNS5r1FSrFz/BWPPP/QC8:RjBGAWPbQs41FeOAC8
Score

1^/10
behavioral1 behavioral2
- Target
  
  oofile_1.47/JpgDll.dll
- Size
  
  670KB
- MD5
  
  2ceaedec8096352afea4511108930822
- SHA1
  
  07c7381c11fc3d57a160a06e1940ad5c380e74e3
- SHA256
  
  8aa29c2ab9b2f4741ae76e29e28a3bd9c2be62db223bfc15275275cc0b8c5c12
- SHA512
  
  a98fccae21eec2af9079cb58756bd6264045b168c05d1ebb72a06ca3034085e38f0ba0dd0303e3ade486a4ec15275d4b589e2175ba1be6f40c6509fa706b078b
- SSDEEP
  
  12288:ohqa787enW6vL5qUH9p07jnbHu1afFn9q3dcWN+eHKJvTnfY43mJj:orweWGjUGafyNQvTn7Wj
Score

3^/10
behavioral3 behavioral4
- Target
  
  oofile_1.47/ooScreen.exe
- Size
  
  220KB
- MD5
  
  5ce20effe8158cd338dc1bf549e8aec9
- SHA1
  
  8b255ae1403e298e38d77e0f927ab0766dd0bb9b
- SHA256
  
  dc0c272f82b3337ab551bd6074e2fa4ced5e41495d104f22b237b08d487e12d1
- SHA512
  
  7311bef1df92dff9b844f9b99d5e0c68e3d78f49ec875e27b7c61a0630dc6c9efa971207ede8b9e9c3ca3acff15bdfbe1cbbde2b21b783595096645b681c0aac
- SSDEEP
  
  3072:RKzO6S/gX0dPqfRTwFSw+dXkjkdPl+nbO627L09Y0Gv+Dc46AKNblGgtkM1bJ:RK1S/S0VGq+Zekmnz2WBGv+DcXAo
Score

1^/10
behavioral5 behavioral6
- Target
  
  oofile_1.47/oofile.exe
- Size
  
  256KB
- MD5
  
  c914296daf71a04ef114271500d8315b
- SHA1
  
  5046cddbd10683d478b70721ee472cc9ee70066a
- SHA256
  
  530075b0aa1716c3782b26ebaeb5d45735c6e7e97931a44a798510a5c47e0221
- SHA512
  
  7f9cf37deb570eb839c2d81a32828762e4884f6dd2d783582e82ef62dda9688ead765918fdae725a5b63dc1c0dc0072b37b4ed393a451248ecf1231aeaf6e3d5
- SSDEEP
  
  3072:cRCTg1Y3ZaYhuXAmgRp9ZFd5d2YGdpxHdXSKJLUQNLdZXARuLlnrzlLiVl:oqZ5ufcFFd5d2FIU5WuZnli
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  oofile_1.47/viewer/1.html
- Size
  
  549B
- MD5
  
  b815f9c6cf6d6b386c34f7ce55eea798
- SHA1
  
  d5a7c49b10dd3ea3b5606b8576c9344ce6767fa1
- SHA256
  
  b911458ac925d6d681bcc1bcde548fe07db871ed057cbe1b6ef4bf20ffd85f3e
- SHA512
  
  a7dd57fb353e7de5d695053a46795d6c24931e0fd382da5bffe333a990b51ad13ca1278b45221d58289263f609a1ad177b002d5bb80082e9d1b6266d71389b6b
Score

3^/10
behavioral10 behavioral9
- Target
  
  oofile_1.47/viewer/ViewLog.html
- Size
  
  4KB
- MD5
  
  c675cdc7e4f54e97e7fce85e8166f5e3
- SHA1
  
  a646ae18440cd670361c90b422441993b295ccd8
- SHA256
  
  85a07c8cf62918d4a8423770fe0aa44cef9db8a533afdd714a9857e4343b7f45
- SHA512
  
  cc05b10c549b5f25186409323440f79ca571e828353e95510b64e182ba936e007330b44e6dd43814bbd8c5901869e8c3dfe474b135fc89d4599bcd1a9c84d2a5
- SSDEEP
  
  96:KRR+hS3yk0PksWTHCT6A8bER314KKkFHTHCidA9/Ou47AWI:KXxCkoksWTCT6Aeyl4rkFHTCidA9/Ya
Score

1^/10
behavioral11 behavioral12
- Target
  
  oofile_1.47/viewer/XmlGrid.js
- Size
  
  1KB
- MD5
  
  da34797a168c10d85f19acbba89818a9
- SHA1
  
  0530e820df9facc686105b9d17e42defd6e84511
- SHA256
  
  3aaf3f054d3123d1687915b8c8213e712616cca0c0d687a25cca484383738e30
- SHA512
  
  e7d1d8718d485bd1d910550b51e80375c0a329d4a0c5b4b9d032e2a89ae2b47d467deca41dad77520e72b394b4db46f26571d40bb3370c02bf26de050203f999
Score

1^/10
behavioral13 behavioral14
- Target
  
  oofile_1.47/viewer/ext-2.2.1/adapter/ext/ext-base.js
- Size
  
  35KB
- MD5
  
  05cf12511dc725830b2856f7ef3f567a
- SHA1
  
  303bd2925aa489b212097d72e261dc6c4470172a
- SHA256
  
  738e6b478927fff1e6b2adaacc25106d3358bbab282661e13500cd4d7a38296e
- SHA512
  
  2bd55d926a06b2ee692b703c0d0e1add87045083f4a63983563cd64f8dce881e38fe7fac77f2097ed9d293c18f75bebe89bcd8d04ce3601b17a09541411c6e1d
- SSDEEP
  
  768:24mZQylJULk0Fax85P8UmexWFxXev+fZF4daE9/ebbC:lylJU35P8UhxWFxlF4da67
Score

1^/10
behavioral15 behavioral16
- Target
  
  oofile_1.47/viewer/ext-2.2.1/ext-all.js
- Size
  
  531KB
- MD5
  
  10a46c01cdbba4bcd42277ddcf5c9a0c
- SHA1
  
  91d73c101a448bc4c61e90036dd0199384da9456
- SHA256
  
  0f6d36eaf7bc0e91d75101473d0934f10cba8817fa88e66c737612fe92a3a66e
- SHA512
  
  37a06f5df96472a74fe61ec5180b855e403b450e9dfb3b7490ff3429e5a5728b5ffbfad15b542f4db6a1d032546c2ee3f688a07c0c4087ac5e48fd0beafa3c82
- SSDEEP
  
  6144:t2JNlNjdG+Pn/Gv8GHnBPftKJuLFOAR2CBIgCpCLDLKba5awzDwKY/76kxwF0b:smXKp4ApCLDLU/jxt
Score

1^/10
behavioral17 behavioral18
- Target
  
  oofile_1.47/viewer/ext-2.2.1/ext-core.js
- Size
  
  85KB
- MD5
  
  068c5b443d111ec3754662b60cf50c7c
- SHA1
  
  4007dde0c73520d202e8cd3d58a1b043845d6b35
- SHA256
  
  1c61020103f646edc1b6b950ad1356f6c162c4553321d21fbc87650bc9b22587
- SHA512
  
  ae898bfcb4fad521e958cfe0a6b059b8b4e367a209c39a9e41796d77c2d60519d75b793b514e7e3f1c9e02860f651f4c657f706b0952c029b8bf5a5d774efa80
- SSDEEP
  
  1536:V/FqJNlelrJ3E2dG+NtnBpf3/8AKiEx36UZGZJN46F3x3+MbytCiqZDNE6it8J3I:V0JNlOU2dG+Pn/GrSPYr3
Score

1^/10
behavioral19 behavioral20
- Target
  
  oofile_1.47/viewer/htwin/p_OpenMoreWindow.html
- Size
  
  3KB
- MD5
  
  dcd549c139fd9f41038457b34aeecd39
- SHA1
  
  5563db8187d04924f944ecee9a52a4e74e7d6a52
- SHA256
  
  e501837d4ef2ad35211d82dbecc4c5d27f86e6b3aad1921836aee68611a2d3ed
- SHA512
  
  1a2bca6b9bb5362d8d8b67f372d74c72bbdb333009d35b4c7620587c959814e11dde11226a69c1f7ad9306a3a03d9b9e28b760107dd8d8aa674d48275c96053d
Score

1^/10
behavioral21 behavioral22
- Target
  
  oofile_1.47/viewer/js/ActiveX.js
- Size
  
  43KB
- MD5
  
  1f45aa993bf9bfaff25b4ce0f0db4bb2
- SHA1
  
  8bafd6a9937839003a1713096ab9db6b4e1d437a
- SHA256
  
  eba486e94786119f3d01d3542867eccaac8c0453ea8dbc355764dc75ffb88f21
- SHA512
  
  0b0d6ff76737cddd88eb5e0cd798541cbf593062924ebdefbe2f9db738c199132c5ba5b05bf212ba84302f35ccb0e9caa05ec435cec31547af28cd19930b2a59
- SSDEEP
  
  768:FqI6wwcaEpSTDEdPLs2gSR7jVxvQ2zRKgLhNd9b3VBcH60U4:sI6IBDs2RjVxvPRltNbVBcH+4
Score

1^/10
behavioral23 behavioral24
- Target
  
  oofile_1.47/viewer/js/BigInt.js
- Size
  
  15KB
- MD5
  
  426dddb1109e56e8a8522654cfc0168d
- SHA1
  
  abe090c3159da80bab89634691862c4be03ad358
- SHA256
  
  a72635596c0f47d525f4763cbe6171dd4731346ba1c3c616fe61d2f9ea12b6c7
- SHA512
  
  56bf07588d488e8689f25d75728f449f658f53cece622ed64f160d034eb5dc36fe5e6d9811c55751811581921c1d839c49e779afb24a3aab9b425f3f85870e9d
- SSDEEP
  
  192:0HpHMjfI/8EkEATaoTbSbMWcdTW87qCx42JfQwwy0IQjF+EyrIiGSGSWi9OSIh3e:0HpHMjfP2tchda+7WlSMcRdh
Score

1^/10
behavioral25 behavioral26
- Target
  
  oofile_1.47/viewer/js/BigInt2.js
- Size
  
  12KB
- MD5
  
  7897d0ddf5c6f446b3f762188f07cb01
- SHA1
  
  4f4f5af18a6b4480f558b5f245f328b1ec35d88f
- SHA256
  
  828be9bff8b06d8625aab18bed3f7aa3b932a7ef0d65ee91027d9bac902044e3
- SHA512
  
  daa9f5d9aa5ae27caf3a119f65fe1893445848c36953b7e7a132735583f19709445154ffe49d51a7d19d73dcd3534cca7b8a458528283ae5ba91bea69576b07e
- SSDEEP
  
  192:IdA2ZryBKdIuFqxK7yp4YyOtU8Ui+T7PgceCh5jX+7UmHr1Q+9vTFkMprNT4D+Qr:03Z2BKdIukXcub1RS
Score

1^/10
behavioral27 behavioral28
- Target
  
  oofile_1.47/viewer/js/SessionProvider.js
- Size
  
  584B
- MD5
  
  f735b511f295597fc2b85cd2cdaef049
- SHA1
  
  8a537bb294b9903b2278a9fba7098967f41a438f
- SHA256
  
  ba4b51c2f56930cd69641b677cd46eacbcf32f75b65518257bcb581b1879fcde
- SHA512
  
  2a836fa5b1191c7349635149c9d4ea3f656fd3b0788eafe0ec791f3b5a411cd7e73c068fa00de97ff660d2001d59d3119edaf81d0b9e045367963c60f86664f1
Score

1^/10
behavioral29 behavioral30
- Target
  
  oofile_1.47/viewer/js/TabCloseMenu.js
- Size
  
  1KB
- MD5
  
  737e32a2d93b474a15a998dcbf86188d
- SHA1
  
  70ecb6ceddbb4826130a9624b3a0341093078f09
- SHA256
  
  d361e7e10fd4537b165f35da2ff549a63207ba0d39358899472207d6d5ee05e4
- SHA512
  
  7132897f553c9962d0e491d6db5e281f07e4f4308fac8801acafd4b1801ce092630c3804d92a46d076755fa19cda7d28f7853ed0c3e82efed715a653d561bb34
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32