221e8ed761bb45fb42c5a53b0fb1a2dd44c08766a48d5b0435507d5d198f0cac

Sharing

Copy URL

Twitter E-mail

General

Target

fc5238340f9dd937e5f8fb306ca4366b_JaffaCakes118
Size

4.3MB
Sample

240420-j5svjscc83
MD5

fc5238340f9dd937e5f8fb306ca4366b
SHA1

5132315a5c499510631f5aac04fffcf5a24bb684
SHA256

221e8ed761bb45fb42c5a53b0fb1a2dd44c08766a48d5b0435507d5d198f0cac
SHA512

5ec3e1d56b35bfc319a1ec9b29d28495eef123bfca208e163fe248ccaf1727e1e3450a7d8dc6e8a59df1b3fe883b637a8c35c22ea349ed82da4c053f793031fd
SSDEEP

98304:Vke/9tBxdBJYtyWOZKXVxVpCIycVQSJe6yqGryYFMyc7OyQ6dmQY3:3xdnpZ6VjkQVQSJdylry6Ln

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  ASYCFILT.DLL
- Size
  
  144KB
- MD5
  
  c89e401800de62e5702e085d898eed20
- SHA1
  
  72fb4f088c6ac02097b55fb267c76fbf5e0fa1f7
- SHA256
  
  de83c9d9203050b40c098e4143ef8f577aa90016c7a64d4f2931b57a4c43e566
- SHA512
  
  70006d70dcb47361ff43e4f7c458655ad2474b70cb917873aa77d2cc06465a68d375d36c494d154a03dbbff891df7dd6cab3d2c7b08e8650b9ff170e30838070
- SSDEEP
  
  3072:h+qD1Cd/Oa5kXFlqkFGr3CAP7LCyInPEggen5Ez:hlCd/OaaFEjCAPKyOE6na
Score

1^/10
behavioral1 behavioral2
- Target
  
  AUTORUN.EXE
- Size
  
  8KB
- MD5
  
  409e463655adc3da6850b8c6cea1f025
- SHA1
  
  1cfb39a88575fe8065f80f7186e38380189456cd
- SHA256
  
  814f26747d49699df213f6bd897964aa634b05785be377a0da102087aeb824a6
- SHA512
  
  09afca4a1f235d8ced68f32b870cae18b959f7c2961eff2fe41aba0a93a0a665f447e1cf3b29419a5fa0bd4090e7a153b405577ce7cd5de2459d8f02b7640f69
- SSDEEP
  
  48:6BpyM2IIesjs92xDHsya0SY40JL2FNEIsYRO0bG+azW3CBBbFwaqnqXQzjh:UkM2vA92dMz0SlmL2FNEgj+eqgz
Score

1^/10
behavioral3 behavioral4
- Target
  
  BYDS.EXE
- Size
  
  228KB
- MD5
  
  4fc5fb20abd408edf5d67269742d4bc6
- SHA1
  
  9790e25f0411ee48fb47115f3480171a473894a7
- SHA256
  
  2e3d9852004b31b7f859314dc85e516a10882f7dbcc29d9adfcdc211f69b7a2f
- SHA512
  
  2416487f4488cade3aaa96a58842535764960bf36280527ecc872a7c1b966de66c03b8deb2397d78ceac2b8e7f4ed150f59394f42560e0285b959d02e49f5462
- SSDEEP
  
  3072:uepfnUGWR95FYrXm9Fk3eRqkQNrYO7mDnuWr9Sds:sT5QuOYOQnuWr9Sd
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  COMCAT.DLL
- Size
  
  21KB
- MD5
  
  3b180da2b50b954a55fe37afba58d428
- SHA1
  
  c2a409311853ad4608418e790621f04155e55000
- SHA256
  
  96d04cdfaf4f4d7b8722b139a15074975d4c244302f78034b7be65df1a92fd03
- SHA512
  
  cf94ad749d91169078b8829288a2fc8de86ec2fe83d89dc27d54d03c73c0deca66b5d83abbeaa1ff09d0acac4c4352be6502945b5187ecde952cbb08037d07e8
- SSDEEP
  
  384:23Fob3slaN3oF1fHICOoMzMv/QTIBjDVquODJXsUW7ftWs6:Yo7s28JnOxzMv/QsBjRqugXspd
Score

1^/10
behavioral7 behavioral8
- Target
  
  DAO350.DLL
- Size
  
  556KB
- MD5
  
  8888bdbd4e118d915d40a11748282bca
- SHA1
  
  4e8822d2242d175cc3d708843e2cd71b7ee7033d
- SHA256
  
  a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d
- SHA512
  
  a96f5e72905571de84f515dd8a19c87d5143ead532bf01f0132da8262974bfaf910f24b466d49cd4ee83845fc65f02c273a550786854aec3e0f4fa713929b562
- SSDEEP
  
  6144:lO4zReIcAtVXrPsS3Syvqe4v2QeD8yCaDSCwBwAlvz6Bm2hf9QdHHtMMeOh4J7Wu:lO4zRe7AvBiyvqe4pe7wHlv1tO7VYFk
Score

1^/10
behavioral10 behavioral9
- Target
  
  DBGRDCHS.DLL
- Size
  
  27KB
- MD5
  
  915a1be075b10b30f5e953398d35375e
- SHA1
  
  6c9bed0765a22d43a00cfb6f041915f9cbcc6068
- SHA256
  
  e8df5bd2418950eb612d83ee4d0c9b79f5315fbc5c65c524597db57ac5906900
- SHA512
  
  951b6cd81f0deb27f8d0568f649991b7a05dbb76bac9736bf0c29d16ba2764653f85b0705fc11579979fa62e07d122c27f1cc7faf7f68b1293c55ff89e98d696
- SSDEEP
  
  192:02nfcwLplM9CBZyiBcpRh6/gJFnPc04omXk+AfgQm9b:LnkwLFBZyiBKJNd98pAs9b
Score

1^/10
behavioral11 behavioral12
- Target
  
  DBGRID32.OCX
- Size
  
  513KB
- MD5
  
  ec2f4fce368dade257d89a1bde1de380
- SHA1
  
  7026e068eaaa6c46a29d1cbf50b057a1744d67ce
- SHA256
  
  6cc3e18193118e5d5e0d9a3c765ff2e649a99641b55a79abf1463ed5d46928db
- SHA512
  
  cdf1d5e4d7270a7a582edaf16dfda3253d31df48b3af6e333c716b1459fce3b62c14f8b002e77daa07c5a075b05efd3ba3b7073c45b830d0a86d20f7d22f1f52
- SSDEEP
  
  6144:1RMh9f2cQ02j1bNHu/v/4jk0+zlOMKSHLO7GcrxXkbFmjKUUFoQ/8qY93lsrbB20:vwts08bNHd8lOMKSHLBSxXupY3sPB20
Score

1^/10
behavioral13 behavioral14
- Target
  
  MCI32.OCX
- Size
  
  194KB
- MD5
  
  6c5346d995b1ac78dd71e44c848152fc
- SHA1
  
  d8dc5a26c8ec4cdd6ee2c8bd68c62f72216650c5
- SHA256
  
  ab154ad5651c345c6b00e393fb7abd6d20fe2abf0e69b19625d3784000fe9e22
- SHA512
  
  798a7feb7a139ee1fcf870d1888ff7cd2e72266f8f7eacbfc36a98123cf4ce849958d8c712b5c1b2eae94b022921cd39b3a0a386470c14de87eec5d253ab84b7
- SSDEEP
  
  6144:iqb1TSnGgwwOXFT1v2fNR+pnxQNh1E8Q7j:iqnVX32fNR+pnxQNyf
Score

1^/10
behavioral15 behavioral16
- Target
  
  MCICHS.DLL
- Size
  
  29KB
- MD5
  
  1a861d8a59dfbd6224eaaf067ca5af52
- SHA1
  
  0dc52452096bba65868bb8d711d0400805463ad3
- SHA256
  
  4e8790f0904288037f25d2e19679db87eb5f74f12067f82663541f9c1eb0076b
- SHA512
  
  394049b6c33d956f7f09762be6b451e98eea2c609e66f5a666a20501ab106950ad82230c4a905da329e9e6bbe9becd14ccd3473244b7586dccc00583df5888f5
- SSDEEP
  
  192:sqB833aC8anAWxHu5JC1FIpIt9rrSaP9I4XUHe2j7IAVXVtr3Ev7KNKHE8pWDpYq:sBnL8aAqHuG1F7jr2aIgvXWDpY9k
Score

1^/10
behavioral17 behavioral18
- Target
  
  MSCC2CHS.DLL
- Size
  
  52KB
- MD5
  
  9534d749a03d1e74f6e1677d7ab8dcdb
- SHA1
  
  63bb3cd8d69c2ac41ec7cbac34c69d297285d708
- SHA256
  
  5b8005691adbc8b71f3f644a44d60fb1b2a185e1cf10b301cf6a0c743e7519f0
- SHA512
  
  444d2f2ac13b064eacc36bbd590a46b1898967a2507cfa661904ef4b09b26d77ff1ac04a6fa3634bfe19ea8b9aa1970905f75fecf28e6f6b4afd3659e831928a
- SSDEEP
  
  384:ydvNMS1SU8fqkETJBM1F2FB72N9OX0TfJwj67epz0FRWsUFGWa:yd1V+uu867ebi
Score

1^/10
behavioral19 behavioral20
- Target
  
  MSCMCCHS.DLL
- Size
  
  121KB
- MD5
  
  a9a6b06910243898e7e7f1fa8c9ab2b5
- SHA1
  
  8922c454f6a16100bd24a9346635fd3452115e99
- SHA256
  
  08b8d15322683cb194161a3958ce0efa4ffb858e744bb3d85853969f1cf9755b
- SHA512
  
  d2c7dc89240042c3af7a1cb9736483d45e3b77b10cfcc5e86fde79f61c0a822d0c974187cd4e9c5cdf0f6d4b2401fe43d9fbb3c3eb49a752ba6b68f8a8b6c04a
- SSDEEP
  
  768:o/TeQEYeY4a6ssCChqgcICvAVAu380m6LcamzSyrjB66t:o/HEi4aS/CvV0PmsbErjI6t
Score

1^/10
behavioral21 behavioral22
- Target
  
  MSCOMCT2.OCX
- Size
  
  632KB
- MD5
  
  c1b4af41a0370e4081d59ac99bcc929d
- SHA1
  
  c0c55de97f41a24bf50b2d08eb428371bb4a3cce
- SHA256
  
  2b7a1f905486736eda8b51add1bc2590c2a6d9d5a9ab7565335d989f39c0eb8e
- SHA512
  
  0bb987af80ab3b598f2d3008a6005484d2d4d082958e757aed3fd1cd5cca543f02d7b475e2c030e28e320d327dce4b4009894f51b7ab8f03acf54314d86d38b4
- SSDEEP
  
  12288:qxxeCsfuxdH8ZOlK/kV99RWiVwyzgAQk9yjWy6OcjKN7jsUseUbQ/D5v:qxUCwwd7T9fWQgAQkEjyOcjKJsUseuQF
Score

1^/10
behavioral23 behavioral24
- Target
  
  MSCOMCTL.OCX
- Size
  
  1.0MB
- MD5
  
  714cf24fc19a20ae0dc701b48ded2cf6
- SHA1
  
  d904d2fa7639c38ffb6e69f1ef779ca1001b8c18
- SHA256
  
  09f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712
- SHA512
  
  d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1
- SSDEEP
  
  24576:K2woQX9+gWX6b+SHQjxnRC33Oej3zR/QhF7OnVz3S7HM7BHg:5kX9+V6KTpcPhkgVSglg
Score

1^/10
behavioral25 behavioral26
- Target
  
  MSJET35.DLL
- Size
  
  1021KB
- MD5
  
  9f6faf209bec2362523a0e9509f78964
- SHA1
  
  4de5040079af1ca2a0e797266bed406d466d171f
- SHA256
  
  4a8fac0d6b09cc3fb57fd063af8b1a332080df5b0e2ff3710a82c109a4eee07c
- SHA512
  
  d3465bf62f81cbb3e4251b602983d0500b191c6a9786e925966b4eb70d7e5329401cfd47684838c3a0c338ccc08e1995f965406ae4c0a4a236c8df5b6e0d4ebd
- SSDEEP
  
  24576:xjU5HkJo/yEuBNNk+fUI4RDH5fM55AbT9woC9E6uNuIe:2oPNNkWVyDH6Ef9woCK62
Score

1^/10
behavioral27 behavioral28
- Target
  
  MSJINT35.DLL
- Size
  
  120KB
- MD5
  
  fa138d551c56a1142aab95ec823dbe0d
- SHA1
  
  af299754ea8e13fe1ae491d496b8539fc9a866f8
- SHA256
  
  4528947718a00dcd143c4e3d866e702a73d70dbaa389fc3fa77a7eb1a8796e1f
- SHA512
  
  3aa5e741a9f723bc628ef3b2695fd18cc18c222a0a6be76f93c77c9fc2603ae37355b0d82df469bc1e5cea309fafc4c3a7aa85e3a605c70f9dcbe09d93c31542
- SSDEEP
  
  1536:TEhTmxiBs29gcRBqcVb+7OEK5aHDwt+vl26MhkMIuz:ToLugBqUbIdPu
Score

1^/10
behavioral29 behavioral30
- Target
  
  MSJTER35.DLL
- Size
  
  24KB
- MD5
  
  72f160302ee06a2cb12fa2ffa10ba3f0
- SHA1
  
  099e3c78f511665ca9e9db3acca5dc244bcb744f
- SHA256
  
  3430b3680415b494ba7eb41f7bc83933da68d364a94287b9c07384b2fe3dcb54
- SHA512
  
  5f794b9a48c82764b9790fd084933030cd5a34eaa6bff5a99d74f625015fa50f4918e3f80625537023ec253b7de390afda224a76622e0c41c371d45f744656b1
- SSDEEP
  
  384:Nj13lSJr+vZqNhbzRKLfsg+E08IC1cjyr/IBPKqBPERNU4ij50XHyWk4SVWX:Z134rOZbV70R4cj4aKYmyzj58H1/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32