913ecfd11233aba6a8af3480baa08d21d4d34729891e7caf840198393fc135d9

Sharing

Copy URL

Twitter E-mail

General

Target

f95df2ea879536f15bee8817b4247698_JaffaCakes118
Size

4.3MB
Sample

240419-dm6qssga6t
MD5

f95df2ea879536f15bee8817b4247698
SHA1

5190e8ccc0820781003ad5707d5aedf08acbc398
SHA256

913ecfd11233aba6a8af3480baa08d21d4d34729891e7caf840198393fc135d9
SHA512

a2e8f9b83708401ad38278a105b29ff59fc83c739e652a3d4a5bfd2a072c8c5a9786218cfefea58c184b2a1e2bc285d43c9694284e997c5af097323611c8e25d
SSDEEP

49152:i0EN7ITbdiRpMkUcw8zxFaYDB7lzxmL6lZ+4UIPcRdFLg4V3H67+3pJycJxPFEyv:inRpA8zTXxpdkKonJxPFEyqn/gmq

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  4399box_install.exe
- Size
  
  4.4MB
- MD5
  
  dee71ca9508b2b2d46ee3b549c7a9149
- SHA1
  
  b5e2b842b252dac18cd09b5734c6efee5452b502
- SHA256
  
  5b27d19dd7e39c29fe8bac59d35b9ee6f33aa05a5325b5cd9551e273d7a6d811
- SHA512
  
  c464fffad222cbe571cb5fc7a9f30df6c01336e398c469061e8099cdcc00fc8016f8cfdcf5d4f4168c2df0f89741eeb2a4971ff528d3de0958ac1aa0d70c8377
- SSDEEP
  
  98304:uBUAhM5kmCbW8twq6tqNpQotlnEB5Cjmt04cVYF31JSsjJOYG47H8AMiRDZoCMx:uBUAyCbWawuNlbvjiAWFvJIYQmFo1
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  9a886711c559308c39c01c20e9d9a1e3
- SHA1
  
  0f27cf1cf6e4960e140651b68d72ed4b92c58e9e
- SHA256
  
  98be8860d38ad9cf31b55a1a04594de59eabad67510ba2a33ed20a80863ddfa4
- SHA512
  
  4dabdd9ea7a8330a367589a3975a9dc7286b82c66efc7db118b4d7a2db08a467851c6d3dc991668e13c4dd5473aa974e9696a2226039db94df8b198da54354a3
- SSDEEP
  
  192:3+8EHhdmwZYQBjHUEuX0esaONOs6zrMQQwoJwjwE6g//6IF7cBMEha:3qzBFHUENesmPdQwxj6g//QBMEh
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  33d4a515252e42901fcd3230a749e92f
- SHA1
  
  168ccf18807f372d59c954425b23e3ba07b9e32f
- SHA256
  
  83817610e28c78c766a183e66d9fa47f1831b702846cae2ec51ba5848c9dbde1
- SHA512
  
  fcd40f466403d3243d8a8d2e98aae74f46d5b5e9e254d13485281e86022305a3e8d47c6411175a9f2f90ad8d10aa40614c71329969ef895a20d60688a649adba
- SSDEEP
  
  192:HPv+wTtD0MzoU7Fs0+/gcDmduwJQXzw+KtnvH0tKO/B75D/Vp6kn2HgsDw0:HPFT90MzRF4/Bj0v0tP9gk2ZDw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  2b54369538b0fb45e1bb9f49f71ce2db
- SHA1
  
  c20df42fda5854329e23826ba8f2015f506f7b92
- SHA256
  
  761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
- SHA512
  
  25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
- SSDEEP
  
  192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score

3^/10
behavioral10 behavioral9
- Target
  
  Box/4399Box.exe
- Size
  
  2.3MB
- MD5
  
  9b64457f5165b190bde14ac4127add13
- SHA1
  
  0af29175fd6d038d1e9e37398db71bc5deb77fc6
- SHA256
  
  40b0d852bc012e0a7e5b87f890d2119a7a921b22f02d42f36807aaf642001fef
- SHA512
  
  a15a79809c3b720165bb25e000eee38f048e25700ad0053e0b0bf24d36806bab2042d5b6de9d7cef9fbd7df7df6537a2b9a919451d79ee445ac577f2a5e9f4cf
- SSDEEP
  
  49152:lMFhc8uGbRxvKMQE1jcZ++p5AeD/NrenT:moXGXvKMQfDbN
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  Box/4399Down.dll
- Size
  
  385KB
- MD5
  
  64abd25bb51a272a33b4f55c986a91df
- SHA1
  
  062d49a149f04e94757f6c5fdb245774cdafa9fd
- SHA256
  
  d35e7a534491ce956030f21dbd69035ab3458d5a9051da31aa3d92871bd4899a
- SHA512
  
  0a6c473c231e8cbd4e1ea961c01b4dd953a82f2919f87ed41e2251711bb23911c46665f99222a244b89d8fb0c6f6812646cee830e75f5b0bb4eab75ad67f59e2
- SSDEEP
  
  6144:Dbr9D+8+F3yxIaXLiCSu1D9+fNqVdBEi/mWaxkP8mLdyAtBK:Dbr88+wNXuCH1BsqVHE4Po
Score

1^/10
behavioral13 behavioral14
- Target
  
  Box/4399Live.dll
- Size
  
  121KB
- MD5
  
  bae735ba6622df11f07ecea27c827ffe
- SHA1
  
  856ce06aebf12fcacace0aaeb704cdd16e9e8a2a
- SHA256
  
  320391b0eb5190e86afa5d9604abca08d76ac0d74cca2f05055a10a5f3fac88f
- SHA512
  
  3ec5356b3482fd0e0383075fbf2d8f5d0828aa9b375c1d46c9456dc67126e446369aad7709383fb78a8c6f020954f8fb29e541f7d13a972b4e34fa895c666e58
- SSDEEP
  
  3072:H+vh5Ijbp8HlbpDTWITlTz85FOM3oBTBfCzVd501ui9+9zNGFN:H+vh5IjyHzTWITG5/3oBTBqzVd50szk
Score

1^/10
behavioral15 behavioral16
- Target
  
  Box/4399LiveUpdate.exe
- Size
  
  425KB
- MD5
  
  7f68fae67d14d38620710b464d27b93d
- SHA1
  
  b0bf5bb1733f0d4b65eafa1ac0b18487bc152b5c
- SHA256
  
  523327e8b4c570d9475cd3879345d206a6c0db2eedb5942e590317fdaa35a208
- SHA512
  
  40f37937bfd2e7fb8d29a6f09fa9b62d6e0a5a8dc7e96c538f08738df72e807aa492461cfab0454723d6ead8d1b20390829b5c8bd35cec706c43299473aecce8
- SSDEEP
  
  12288:Ph7xp8oaqmeAukluJEAoeIY4MnAZ74TfPbQ5:PhQS6ukwOAo/LZ74TfDQ5
Score

1^/10
behavioral17 behavioral18
- Target
  
  Box/4399Panel.exe
- Size
  
  553KB
- MD5
  
  372317169dd18fca14d11ec4e43a56dd
- SHA1
  
  52d9fccc03fc43b3535bbf8f9b0f5a948d2af8a3
- SHA256
  
  2e63bea49383c955226ece008ce214c992ac287ac238f849ec2d3c08ed3dbe92
- SHA512
  
  3f684532b089cabebc3806bfdda9b1dabc7abaec7f03551b72852011c272eff3d128f52a6490b266e099b48ca0c6b0964d469bcf776f71164a515d7be5982560
- SSDEEP
  
  12288:sSVZO8c1Zig3MeJpjcz9zN2vysEO5uzRGxGmDCtoogfo:sH3LJpj+2vD4zRGEmDCP
Score

1^/10
behavioral19 behavioral20
- Target
  
  Box/4399Update.exe
- Size
  
  29KB
- MD5
  
  b945b54363e2fd8264e2e7d8a2ee7741
- SHA1
  
  32636167a4f5f2beb80e747811fe5913eb2d5e8a
- SHA256
  
  e3b0268488332df8a3e9444193e93f58c9f91a3900334297379a37c51017ec66
- SHA512
  
  10889b5ba2b78c63161747e208ddbac6f66b8d99908629b5ade557f736694a6e2f420a53ae052d686790bc00c72b18959117cf5f5d11e120f6dedae2f2da9b39
- SSDEEP
  
  384:l5/OGl9Xwxjc4612KGEkvC493WzPe1rEcl+TiO8j+4OLLvY8VPd423:rXwxjc46BGEqC4igrEs+1C+FLlV1423
Score

1^/10
behavioral21 behavioral22
- Target
  
  Box/7z.dll
- Size
  
  893KB
- MD5
  
  04ad4b80880b32c94be8d0886482c774
- SHA1
  
  344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
- SHA256
  
  a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
- SHA512
  
  3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
- SSDEEP
  
  24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score

3^/10
behavioral23 behavioral24
- Target
  
  Box/7zMgr.dll
- Size
  
  88KB
- MD5
  
  8e35951700bf761f047778a51c26d135
- SHA1
  
  0106395021085a720b433e8b8a5bef2afc56fb44
- SHA256
  
  395db5f558564f4fd8ffe4320e0cc880f15439723131bf817def376e41969ec2
- SHA512
  
  d215dd77c9e37539ea6125de565701adf7fe917706667326e722532559f0c0705a9b8ebb3432596eb4a4df16dd8e9f29cafff26936eefacc6d86b545b4cc0de1
- SSDEEP
  
  1536:nWHWA4Gi2aaoOyiaTMgoDY1JucXySL8ol6zC:ne4Gi2aaN7WaYI4L8ol6
Score

1^/10
behavioral25 behavioral26
- Target
  
  Box/BugCollector.exe
- Size
  
  89KB
- MD5
  
  f77f688bab5e0721193b1b77dd9c0086
- SHA1
  
  b646a7858980dd9062a105a55981a7a10dc0a4e7
- SHA256
  
  7062476b6c79350027319cee6da4a8dca642a2447c43659a6a177fb57876e5cf
- SHA512
  
  fb34b16a84489d823ba4dba17911216a20781f9017550ac74eb3e45ebba9ce0765de483637caf39484ef49b9e4c437903c789427d3900671212b6e3bed7eafab
- SSDEEP
  
  1536:nZPTMUigaiMQ7Dcc569oKcniSY1Zxobi98e4XFnlBsfL+WjibGqjC+FP14NF:nZPTMUig9IcQ2noUi98bnl+2SqtFN
Score

1^/10
behavioral27 behavioral28
- Target
  
  Box/DSGame.exe
- Size
  
  56KB
- MD5
  
  ba693dc4d67fd3115513016c21be31cb
- SHA1
  
  4482899254027f00dd0bafd057851d0d65e65f34
- SHA256
  
  a72e3d8c16966f0f69b2b9e95b51802749d2f8b565b0ed76d9ec4df39ab822d1
- SHA512
  
  806f7b8386402c74b31b53930052ca6a052db4f400b88ab2a151d1518bd37a00a4e665a15adbbe82a89b4680e2fc836a7e1542b14b16b4898c889c77d07113d5
- SSDEEP
  
  768:aDsaOk7ULgXD+dH7nuQ0QDvRHiGZFTKBpsZdqBXnQWt4aUt/1k8:kFweKH7JzRHtOwZdqNBeaUttk8
Score

1^/10
behavioral29 behavioral30
- Target
  
  Box/LocalPage/catalog/catalogess.html
- Size
  
  5KB
- MD5
  
  a1c6daf340014277e53dba8261e8751e
- SHA1
  
  8bf29d3e6358530d4ed485ad5c8b9d24ef49302e
- SHA256
  
  d87a723ceefe0ff92d92d7db46ea5b55cc99d125648cae90c1a35bd6aed2af35
- SHA512
  
  11eee59d1829899e9931b5a750b4f3ecd6cb9df83168b921f621f8bceb26ec3cb602f0331d3fae7512cc6077e270c54c4a02fba8a9ebad12eeb3b0e41a43095e
- SSDEEP
  
  96:SIHLfvN5tbGxGKlG/GRnxsluRwqFbHNaGzIFZoZ6Ndg:SIrNOslBUz/6lk
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32