Overview

overview

7

Static

static

7

facecooker...p3.exe

windows7-x64

7

facecooker...p3.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

ContextMenu.dll

windows7-x64

1

ContextMenu.dll

windows10-2004-x64

1

FaceCooker.exe

windows7-x64

6

FaceCooker.exe

windows10-2004-x64

6

IEContextMenu.dll

windows7-x64

1

IEContextMenu.dll

windows10-2004-x64

1

LoadSkin.exe

windows7-x64

3

LoadSkin.exe

windows10-2004-x64

3

facecooker.dll

windows7-x64

1

facecooker.dll

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb01afea17bd6bef75d3450556531320_JaffaCakes118

  • Size

    798KB

  • Sample

    240419-x6g2bsdd22

  • MD5

    fb01afea17bd6bef75d3450556531320

  • SHA1

    c4bb76bbd5b19602a9395a909a0d8a8b6f5c4f7b

  • SHA256

    842a04069e15438786d883f1f14a1ca9370bbcc1bf75502c2b601fd3c299752f

  • SHA512

    3bc015ddc0da1d36a4b80dd8c396c0f88b5f84f2fe7f6374b47d442d51fd259b9c9c58b44cb0605703a35ed6eeb7449eda7d9900d8c7725159e9baeecf660fce

  • SSDEEP

    24576:pendzOPC5QNSgVvrHMchjvfYh4KjYx9M3jx:penZYtFVvrscq0xC

Score
7/10
aspackv2bootkitpersistence

Malware Config

Targets

    • Target

      facecooker_setup_p3.exe

    • Size

      911KB

    • MD5

      b8452be74d68ad2491eb50ec72499990

    • SHA1

      a292ff0c084ade20e2a08ac7a570b0f53d207224

    • SHA256

      18a347824262904b619869644d490aedefdf5ad17a3afa882735aa8757f178d8

    • SHA512

      e4cfa9b4335ee5a607f63221065ed54786ad8fbfce25dce3dcd3a1d60e24eacfcb935610db5e7dee103ddf77463c0c789cca981cb92281b8be786a4e3f7960eb

    • SSDEEP

      24576:Ahf6DM4v004d9l6IuhK5VH+nPfDkQtEnz0g:SC9004Gw5VH+PfDqnQg

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c6f5b9596db45ce43f14b64e0fbcf552

    • SHA1

      665a2207a643726602dc3e845e39435868dddabc

    • SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    • SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    • SSDEEP

      192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw

    Score
    3/10
    behavioral3behavioral4

    • Target

      ContextMenu.dll

    • Size

      43KB

    • MD5

      addef0e19c0b652fe47a8552d2290370

    • SHA1

      625b52a477643946b8efceaae1ac8754aed7cac9

    • SHA256

      96c442ece5a7dbd3e65d9c419fe979db60d92e7a8434dc61ae73062ec1d1d074

    • SHA512

      4a75c905814d3ec746da6a97243a2c2834bbb5f7e0133e557f1c268ccc9c900d519231d098752ac8ab098473f631094ded65846dac2bb9cee5cc82177f4e1f52

    • SSDEEP

      768:xsxNBBbdpXqE4lF0GD6xsWFvWCzyPFX1lO1Fbr8z:xqnpXqE4XhWFvpCX1lO1FbO

    Score
    1/10
    behavioral5behavioral6

    • Target

      FaceCooker.exe

    • Size

      370KB

    • MD5

      77114bd839031621f476beee5d6eb453

    • SHA1

      00040386537cf39468fc83f426b43b4c1cf3dcf6

    • SHA256

      b6b12bc984079bc23460884daa24518ee5831b322ce40ad9cb4898270b413388

    • SHA512

      dac8b78437259414485eb2645051d94634942da417519703b3d75fd84a2cce51da760459ce12405eb4d39da5ba2ab17f141a83fd3004aad1416c52adddc5a766

    • SSDEEP

      6144:WuvJtpXA6/KXG6tmK4RGZb4dNamk18ljdYsAv3CRxAUu:/vJtC6/qG6toQZb4dNaElq7fC8L

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7behavioral8

    • Target

      IEContextMenu.dll

    • Size

      40KB

    • MD5

      c3ae8c15e1e7e5d6bf0bcf18457c8bb2

    • SHA1

      65a37c44c936e0e6d004a4447b7e13640eb7b027

    • SHA256

      95469179199a1fd59b3390e099d1fd579e753b644e8e08beca53cbdd065de5e5

    • SHA512

      9da09fee4822d65eb886719904897eff888fd4688d7485606fc661e3e881e4f608ebe258f1b04b35d52ced6e8680cc94f604e7a7a4831467cb28edabe83b8d35

    • SSDEEP

      768:FjBO/SVWeK6+GfsLvfMYCZbQixSyl3QlO1R2CP:3Fs0sLvpCZbTntQlO1R2CP

    Score
    1/10
    behavioral10behavioral9

    • Target

      LoadSkin.exe

    • Size

      51KB

    • MD5

      743b7dc2d319c63138475e04aa2c35c8

    • SHA1

      867660f0ca12d30bd58467555e100359f6312e51

    • SHA256

      df46db5dda7c23518a7fca7f6143790f200b32c8788e19ef59bd0aada55fcddf

    • SHA512

      924539c43f87e456097f417d8eedb3a2708e8899ee8a739b591dc0f6b8b4533782cc4fe6c7980bfca9c852d7c40516ab04543a49c9c22c065826bac7a93f32a1

    • SSDEEP

      768:40zwVpNpN160TJGwJxtLoI5kpXDJQRJkpXDJQR:45/pN80TJNPkp16Jkp16

    Score
    3/10
    behavioral11behavioral12

    • Target

      facecooker.dll

    • Size

      85KB

    • MD5

      86eaaeb6ed9d7517344ef9e52d8bb613

    • SHA1

      88a34b82f7a9d168db984f0aef82c0f98672a924

    • SHA256

      5b750d24d6103281c577f4b7cebcde514f19a6753f5027907607ebc542a937a3

    • SHA512

      c9aafcdc811d8b0822bd1864d9ee3e2a08c05e3c68be472408779bb5d5e37726f9d20d5b4e8d926fc3526d595125cfd816922ee03ba1b6df78b2b4db2b8a5e8a

    • SSDEEP

      1536:FjdMWCmQh2DiP04XwICTau8pWqQD5mLx9V9UCAUO:0WN4PVRpWqQD5mL19UCAUO

    Score
    1/10
    behavioral13behavioral14

    • Target

      新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks