Overview

overview

7

Static

static

3

PLAY_M~1.exe

windows7-x64

7

PLAY_M~1.exe

windows10-2004-x64

7

PLAY_M~2.exe

windows7-x64

6

PLAY_M~2.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9e938e4cef7df9c20c9f831eedd1726_JaffaCakes118

  • Size

    233KB

  • Sample

    240419-kd4cmsdg6s

  • MD5

    f9e938e4cef7df9c20c9f831eedd1726

  • SHA1

    2ebc6f4c252a643b2f96906d9388fc96ff596352

  • SHA256

    eb190bd517c5cf3cc43a52bdcf2c747dba4d114f2c291bc76ccc77a786caa85b

  • SHA512

    e4e27ca6366ab1028f43eb6da387842e40536a1ff38cf92e70979d2eae52368fe8f1736876d1fdf0e5ac332bac5e35a627c57876426af8033c402e8c8d4e001a

  • SSDEEP

    6144:rmCd3OSjS+ajrF0pFoxQfuscLyQorlOu3uFJ:NROxjupvftcu7lzeFJ

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      PLAY_M~1.EXE

    • Size

      108KB

    • MD5

      98094ee7c276311c0e42343eb0490c2a

    • SHA1

      b7eda9913827d1a79904aeca8409004545a06cff

    • SHA256

      6c08e8d6becf780b048cd4875ce7a97c91454d9f47c294a71c51dd820cd6c8ae

    • SHA512

      30344279100a9957a1561cbe6d203a52cc0c463e191cb7ac9ad48ce210280d75c92a5d9a37be3fdbc45c44cc76c82410a869855e90e069f9befefc6c00afb002

    • SSDEEP

      3072:dGi5y/OdKDgNZldeJ+c2k3GHDP2t5+aVeFIb:v5y/OdCqZP4BGjS+av

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

    • Target

      PLAY_M~2.EXE

    • Size

      158KB

    • MD5

      236c9737940082a1d8117ed3af345800

    • SHA1

      b23c213cc80bc72f8049ff969a5b077a506acb43

    • SHA256

      66305ad462848ea10ae813baa57efae22aef8ac41513b6937717875375c9b0e1

    • SHA512

      1357292e2929e56113f373735d32ee789762c8d197eaf4fbabbd745564b7569b010bca44bc736f57710fb94984391f4ac6bd816c0102211b3960373c15900d8d

    • SSDEEP

      3072:3v+fjieg9/iQhMPSO+4oV2ugfhdpyYeHXf07sjXgK9ce2:/3egpzhMPSh4hPpteHpjwK9c

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks