Overview

overview

6

Static

static

3

大华录�...�).exe

windows7-x64

6

大华录�...�).exe

windows10-2004-x64

6

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa872efd153e01ad19409510c78d4c0f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240419-r4xfcafh3y

  • MD5

    fa872efd153e01ad19409510c78d4c0f

  • SHA1

    7b03c181638141869c675164c36027fab726b4dd

  • SHA256

    8c45b32a2e27c67aa39f49db3d538482ea46e054142ce5bb179a4e887682ebfd

  • SHA512

    5112964e1f63d35327fbb5b1831e939096fc2a4767fc7cd6a77b7595458e151de1f22d48bc96ec89c09010eee52a193d585295417d3341d964d5507946b53234

  • SSDEEP

    24576:YHDJrgQpHZtHKx3jYl51jkm1SoXjBYr6+1wXE6cL6GJNV:YHDJrgOXKx3jYdl1SozBOC3cLX5

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      大华录相恢复工具1[1].3(试用版).exe

    • Size

      1.4MB

    • MD5

      a1bd495d9220f35032963bae2f1859d4

    • SHA1

      06fafe199d9af85fcaa18c5a003585515bf4e1e3

    • SHA256

      0e9b0fffda19bdc762a0fce53f18649e5b5c96d60fdcfd5dbbbae57576afe73d

    • SHA512

      34ffa0a5033890310d177047c55bb55ba00e35b9d2181449b239d3c7013e9635a23d066f118f761618425f755e34d8660f88acea572b8377491f3bb738b64778

    • SSDEEP

      24576:C55FPb967PUUCCd3r1z2mPikcfbOdNgs3EE1D1cG5DJIQwGCtxn8GbemUsp:CzFD909Xd3Bzn2Ug6f1D1x5DJlYnmmXp

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks