Overview

overview

9

Static

static

9

0099d476ab...18.exe

windows7-x64

6

0099d476ab...18.exe

windows10-2004-x64

6

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...cs.exe

windows7-x64

1

$PLUGINSDI...cs.exe

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/QQLi...ex.exe

windows7-x64

3

$TEMP/QQLi...ex.exe

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

ADManage.dll

windows7-x64

6

ADManage.dll

windows10-2004-x64

6

ATL80.dll

windows7-x64

1

ATL80.dll

windows10-2004-x64

1

AsyncTask.dll

windows7-x64

3

AsyncTask.dll

windows10-2004-x64

3

BugReporter.exe

windows7-x64

1

BugReporter.exe

windows10-2004-x64

1

CefSubProcess.dll

windows7-x64

3

CefSubProcess.dll

windows10-2004-x64

3

ChannelMgr.dll

windows7-x64

6

ChannelMgr.dll

windows10-2004-x64

6

Common.dll

windows7-x64

1

Common.dll

windows10-2004-x64

1

D3DX9_43.dll

windows7-x64

1

D3DX9_43.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0099d476ababd44886c8c6fe727721ba_JaffaCakes118

  • Size

    35.4MB

  • Sample

    240426-mydntseh34

  • MD5

    0099d476ababd44886c8c6fe727721ba

  • SHA1

    19eec2a4e89e23824b77be2d0a4c3c5d5f9b7f94

  • SHA256

    97f316b567be836f302b4182037f02e17e2a8272534ce830a3d1d2ea15237006

  • SHA512

    eeba8c673a3c0ccbac2e58e85eea03882254129cf0bd024aa168c864a26e7066523ac2d2dde5478370622eef641be4cf458f8b93d3bee007c04e4613dd06035c

  • SSDEEP

    786432:8K8OqJ0zvGVbq9HX410v0zY41FeWkYzJLjjj0ek/zbqJvI/:8jOqJEvGVON3oeXY1jj+/wI/

Score
9/10
bootkitcryptonepackerpersistence

Malware Config

Targets

    • Target

      0099d476ababd44886c8c6fe727721ba_JaffaCakes118

    • Size

      35.4MB

    • MD5

      0099d476ababd44886c8c6fe727721ba

    • SHA1

      19eec2a4e89e23824b77be2d0a4c3c5d5f9b7f94

    • SHA256

      97f316b567be836f302b4182037f02e17e2a8272534ce830a3d1d2ea15237006

    • SHA512

      eeba8c673a3c0ccbac2e58e85eea03882254129cf0bd024aa168c864a26e7066523ac2d2dde5478370622eef641be4cf458f8b93d3bee007c04e4613dd06035c

    • SSDEEP

      786432:8K8OqJ0zvGVbq9HX410v0zY41FeWkYzJLjjj0ek/zbqJvI/:8jOqJEvGVON3oeXY1jj+/wI/

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallHelper.dll

    • Size

      327KB

    • MD5

      fae98b3964df3827001407a2ae8bb547

    • SHA1

      fe6e05a184c89c4e221158c1a1ed5142c08be09c

    • SHA256

      92df0c8007da6a599680a21c9d5432be107de85a642412984a5ef32e66ccb907

    • SHA512

      190cf9a196130bd66a64a9669c043ecdc743d879e8c8d4588acb762789b0c87c354757df1bf7f41622a07004b097b8d0924c8571d1a803e7b96d50006076ca37

    • SSDEEP

      6144:z7L2Ic0SvVQblZ3KwDK2Zze1paoZKQdtx9tfIpBuFQIn56eaeyB:z7L2Ic0SvVQbjKwD3ze1paoZKQdtx9tO

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      30KB

    • MD5

      d8df9e424481be84492899edb076b1db

    • SHA1

      9cdaeadc840a99e6ce9509227fad73055cb7cd06

    • SHA256

      365d129d3f3cfecff063286bf1f90524d0ffe2650ac288d14b90ab9241db9311

    • SHA512

      55165dad7e1b7fd1688941d1107adef6b4635283c517b70a28f8fb614b070aa6be14b4ff8f0767d18ac3d152fff543df2b2be8786ca621a92cd1321a1fdd6613

    • SSDEEP

      384:TsUHd9GN2d2iwl0impATIPdAj8Ov6LnYPLQRIA9eMQFNIAQY1ueHQAHKnE:DHdw2Z20tNVi6JuueOE

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/ProcDll.dll

    • Size

      1.4MB

    • MD5

      b7b3a4ef4a8592e6e7b39738ea411338

    • SHA1

      f7bce9ad6fefa1ddf2ed078488091931d44ba146

    • SHA256

      e89009adf98a1d946c11331be5068a71861608d39bb424bd9eab6a8216d742ee

    • SHA512

      6a1f75c1f4fc273fa67de1280b692de28e6b1e39dc2f8f4d1db4638209ed73f60c3723fb008380f1d2a25fa824aaab85ec84f2e1a6bcd3a9c9fe7cdd0625c9b9

    • SSDEEP

      24576:KWJ+BcHkaMM/X7SqNAm6ZIqUaAAMivtP0BzprKltFcuqDEC5yLg/2iSN6UvSWLRl:sBcjSDfkivtPktKiILgpiSWLR4A

    Score
    1/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/Statistics.exe

    • Size

      323KB

    • MD5

      41e928af129c0583d2eb8c13a6caee64

    • SHA1

      d7c6f623f941ff21d5e172ec599c9525e4bcf953

    • SHA256

      24f1b40015760028743e03f2e0dbd6333f07fa43bcbdb37bb33a1b6626eb0684

    • SHA512

      ca8dfb2318e4c7352497c3f664cf886b92c171567ca615e0a55a9cc89ca84a8a4c96b10bc5da3b8109aef8c6718da672fc106da95153860b8dc253ac5c98c6ba

    • SSDEEP

      3072:cnImDls6hJ1QMjTBCT5LiR1oBYsLnEbVu/hqMivTqB2toa:AK6fXGPOihf9M

    Score
    1/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      26KB

    • MD5

      0c08bb15fbad882bd932a7aa0caefc4e

    • SHA1

      4a54f6d7e9ed5d148c1dd5995efbe98fbd3695ce

    • SHA256

      5051b25c37aa06bd432a0a16ec2ee9afcdcb4808acbe4743476c6e4d71e4a116

    • SHA512

      8a3a67b6db35ae8f965158987b134ae6a0d82cd67e777fbdf2a70a3abc76d39157c7d49c4b26e6ce286b5e7867bcc1a9ad057001867c632b05a67b4fc474bd86

    • SSDEEP

      384:hCP2HgN4GbeWmbI4Eybogia7yOqnYPLQRIA9eMuNIAQY13yfGnE:hCP2ACu54HogLqTuuGE

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/QQLive/QQLiveSetupex.exe

    • Size

      88KB

    • MD5

      a4f2e9d3b0d2fc3a78347736ff2f84ef

    • SHA1

      c82526d9e12809461891b01da1b60747def1434c

    • SHA256

      7128120b344bd063934e5df924df4af75186fccad242bcc0875ea4ce3bc01bcf

    • SHA512

      ff138d22ca470c29a47d9d160b06ba3c4ef79b09198b159b4d177234cdece4eb75f1bd665b74ad3464bd7180c53326bb3f31e8d09e2af1ac161fefa3d532ab88

    • SSDEEP

      1536:bzu0c7MqiYxWZQWe2KYbqWgPnZe4Romu/BRYRO8lsqpTuGmq6IzDYfGf3b:Bc7MXYx4Qb5Y+WgPns45mYc83xzyGf3b

    Score
    3/10
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/ExProcDLL.dll

    • Size

      55KB

    • MD5

      87495320b6bc4f54d129561d5a6011d9

    • SHA1

      7c44a32a778483b8e807ab04863096648e4d73d5

    • SHA256

      918625e67a13292ef53cdb807f39dc52dc98614c5add967cd65516bf6e50ad44

    • SHA512

      7fafc35a6098ab3ca3aec144b25ed0e6d6c9df6fda8b92007be3332a6297f69126b33b52969567006e5c32f21f8507f39f7e7f48dc3edf5f585c9eeddd85ee3e

    • SSDEEP

      768:A+E6M3ijAdUxvC4qVbcJCqZ3wNwYOA1ZmlqYO:A/xijAd+C4qVRk3wNFOAPmlF

    Score
    3/10
    behavioral15behavioral16

    • Target

      ADManage.dll

    • Size

      379KB

    • MD5

      ec04d52b23885e704e0a1a77e8b92bae

    • SHA1

      c65fc02320feb100631afae28d9d6572b034be43

    • SHA256

      d521af49dcca51dc5bd360edd6d39153a88fd86e0c45161a3b1caf2115b81f29

    • SHA512

      71dc9c729c4a6a7513995a207792f92d23b4f34f3b2ecf9bee6d624b0706d54d0a144d74790bedc43325ec5e47a3e6ff701a8753fcfff6e06509e94572d6c742

    • SSDEEP

      6144:UMtv3irSgPfIgYBpBSQUb3k8Px8DHLg7XWOqXhEJKTBRvdOAA5+T:UMtvSrSoAdBpMQUb08Px8Xg7XWOqXhE+

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral17behavioral18

    • Target

      ATL80.dll

    • Size

      95KB

    • MD5

      3e9a33113d663d8bd5ed38858e669652

    • SHA1

      1292dc7ffc35a1ef2b761672361bcffa7483169e

    • SHA256

      63e1985a37d5993d170373bc28d067c13c1541ca2b63968b82e35eaacd927b49

    • SHA512

      a2dcd0d5db662653d3085d2ab39e8697b25e096fd2093e3f5ca2edb3087356814adb9f99e490dc95293198e05551a3ddbb3fa2918b8ed5f76d84a22268bfbe7a

    • SSDEEP

      1536:SskNTnYQzkuvliN+9sdYhfv3rkT+za16/rWmE9dV87mKxGXmwkbos3co9:S1TnY4kclz9sdO/o9dVMmXmwkl

    Score
    1/10
    behavioral19behavioral20

    • Target

      AsyncTask.dll

    • Size

      111KB

    • MD5

      3ae8f78d7c06b0241e6c11d5c005e773

    • SHA1

      c5337030e7e6c0356dbf51b53098d855f258bf95

    • SHA256

      b1b6771567ec1f860cd7eedacb3e5b3d7b3c1b97a05398388fd7ff0b9e7cf2ff

    • SHA512

      b8cb3a1e4cae1407418526cefd4eb2b8e7e26c4ea225b4ba69d2be9cbddd5c97cf9c769ffc6597a266fba15d931681bcfb62b09b8bb5fdc5311755bf0e115e70

    • SSDEEP

      1536:qxcNC1tesY0vCUcWX0qaRpPODktoBdGyAIdBsKAMW65Q:33acWX0D7PODktoBdGyAIdBsKAMx5Q

    Score
    3/10
    behavioral21behavioral22

    • Target

      BugReporter.exe

    • Size

      115KB

    • MD5

      ed65e33b4c16186bffd6d04289af435c

    • SHA1

      ed83be4b3c0a089422f3c38bdc60af6bf5ee1599

    • SHA256

      1ecdba9e18389a69b52eed13cd71b3e2a939d895f78df0b1786073ee2c468b01

    • SHA512

      146fb8c5de0d6175ba8835692193f9b3cb4ba25d6b5a12f370ad7fd4a6d26ddc199d6c2f541457844f2522c86bc67521592371ffbada87bc871e7ad06a423bcc

    • SSDEEP

      1536:p4F9C6k8Qyo35/Fiqv5YZcj8rvL6+XzmKbfhRj8rvL6+XzmKBFVy2t/Iv0OIMrPM:L3tFvilSTVt/Iv0OIkSr

    Score
    1/10
    behavioral23behavioral24

    • Target

      CefSubProcess.dll

    • Size

      187KB

    • MD5

      ce5bf71f10fbacd0b37f8ba147a7ad4f

    • SHA1

      56d00cb56980bdaa226dee0f8a99b1441b7c0590

    • SHA256

      fecfcd9bd33453ae4694dde00492a369b6656438f921356361d53b8eb14e814e

    • SHA512

      1be9a5b9d3acef41132c835f4ee9d611f3ddeffd89072ab183b3ff8e72e6d3aaa33065b4511398928306c1f024357c46d4d95805464ad0246f94a5bdc50ff76d

    • SSDEEP

      3072:azCa597ujkQEf1NcauDE5m5EQNqyco+RgI0cE5U8ktpRZGauC2KA/fmSySfB6qh3:G5Buj3YNcXDfEVyco+RgI0cE5U8ktpRC

    Score
    3/10
    behavioral25behavioral26

    • Target

      ChannelMgr.dll

    • Size

      635KB

    • MD5

      e9ccedd0f6a28cd1e7f538b8d5e2bf5b

    • SHA1

      4c0b2627e2cfdefa0fa4c8abf8fa6e967a2dd573

    • SHA256

      10d0bb6bdfdc630a2e7da839d6fdccb3b3f27d70a4b17d3360046eb5ec51f0a5

    • SHA512

      779b8e2a4148018212f47c42b675fc374e32baca17136d6b6e2f90eaa31a75e89b9bfee33b16288067a0ff4b8d9226ef1a111254f1d492cc2b6e42708ce976b3

    • SSDEEP

      12288:7zkPFd0Mz8uRLYeNB06e0fANtvrkt2ieAKoBCCiS4ZDxs:EtfBNB0Gj2toBCxSgDxs

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral27behavioral28

    • Target

      Common.dll

    • Size

      1.9MB

    • MD5

      db1af67e89a7ad08e662817b97853beb

    • SHA1

      0c4c48c886ce65469eab05a442694d57a8b6ce7e

    • SHA256

      1bc5454fd73a39a8daf8d0f378c378a8fb725efebf3ac38bf0ae0e472aee606f

    • SHA512

      96a5540ff2519f8ec3ef29e55ed0ff0ce708993d07dd3fdd92db052f3e2c79bded54e82edbe65dbb9339d68db21e0f05dc8e3b7ab69f6d548c93605c09f96fba

    • SSDEEP

      49152:1tJJaXasZonirHVJN9zgssDbOEEt4cepXL:rJJ/sZEiLvCbOm

    Score
    1/10
    behavioral29behavioral30

    • Target

      D3DX9_43.dll

    • Size

      1.9MB

    • MD5

      86e39e9161c3d930d93822f1563c280d

    • SHA1

      f5944df4142983714a6d9955e6e393d9876c1e11

    • SHA256

      0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

    • SHA512

      0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

    • SSDEEP

      24576:8UtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBs:8566l2u45BiNYFrz31Cv3D29kd6kWa

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

3
T1542

Bootkit

3
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

3
T1542

Bootkit

3
T1542.003

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

cryptonepacker
Score
9/10

behavioral1

bootkitpersistence
Score
6/10

behavioral2

bootkitpersistence
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

bootkitpersistence
Score
6/10

behavioral18

bootkitpersistence
Score
6/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

bootkitpersistence
Score
6/10

behavioral28

bootkitpersistence
Score
6/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10