80d28b14d2172c2a3a76a718b604d120ff2a8e80424d68790afbe0bd267ee064 | Triage

Sharing

General

Target

1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118
Size

31.9MB
Sample

240506-dq9lvsfc3s
MD5

1a7e7c30455fe01bb74cc1beac9c20c1
SHA1

f019ba09eba872bf9c7713612caae114ba060eb8
SHA256

80d28b14d2172c2a3a76a718b604d120ff2a8e80424d68790afbe0bd267ee064
SHA512

c80f096cf8422d2d47a59e1dc2d150542f87c6167b8701a77fa43ca9e240ec85bc5485ee5f56efe3ffd27debe6ec0d7aafe064df3598845638f6444116895114
SSDEEP

786432:dbf97HMYUtdEXaSNFqZNVg2G0TzsVGYptBI+xpF7:dLZsRPEKS7sUw/sVGY3B1xpZ

Score

9^/10

bootkit cryptone packer persistence vmprotect

Malware Config

Targets

- Target
  
  1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118
- Size
  
  31.9MB
- MD5
  
  1a7e7c30455fe01bb74cc1beac9c20c1
- SHA1
  
  f019ba09eba872bf9c7713612caae114ba060eb8
- SHA256
  
  80d28b14d2172c2a3a76a718b604d120ff2a8e80424d68790afbe0bd267ee064
- SHA512
  
  c80f096cf8422d2d47a59e1dc2d150542f87c6167b8701a77fa43ca9e240ec85bc5485ee5f56efe3ffd27debe6ec0d7aafe064df3598845638f6444116895114
- SSDEEP
  
  786432:dbf97HMYUtdEXaSNFqZNVg2G0TzsVGYptBI+xpF7:dLZsRPEKS7sUw/sVGY3B1xpZ
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallHelper.dll
- Size
  
  308KB
- MD5
  
  b5cf41119267aa29d51cd0bb2027c1aa
- SHA1
  
  bb1251b652806fff5c093cbbcefb8f62eac4a3ae
- SHA256
  
  5328a65448499a882cced9487db3e989384b9e2bcb65873095cfa45bb99be752
- SHA512
  
  41334a29d982eb99a0811ae942d057ffbaeb6cc7ce84d2b7d1276b2b26b4e0aed084b9dc75e5f2deebd04555eebded11c577afc911c332a5b7a53f457e2dd090
- SSDEEP
  
  6144:Q4EMC0YB+Z8singQFp9psio0PBenCICnACiWbaSF6e2:Q4EMC0YB+esingQFp9psio0JA2ABfsL2
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  22KB
- MD5
  
  7941f7efe8a32740e1ce93ad0a444418
- SHA1
  
  5c5e03c343cbfd1df2a7dd250c42b3bd39b83c0b
- SHA256
  
  128643d68393e9dd1e5752d55930a9342a432496912206bbc68850f72be9a4da
- SHA512
  
  9db88a0bb6e44ab5605298e9216767918efcf7405f60922d52cd4ccc36f3a0aad3a07d6ef07b9409bcf02a7ef6cc3e117005adda0d404d036ce5daeac00203e2
- SSDEEP
  
  384:/sUHd9GN2d2iwl0impATIPdAj8Ov6HnYPLQjyIANweMvS:fHdw2Z20tNVimd
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ProcDll.dll
- Size
  
  1000KB
- MD5
  
  889686a649b80f6025f246ea6e778021
- SHA1
  
  4ca2cb0117dd6fd63dc197707970efb19144ed56
- SHA256
  
  8a0ebf941c15a69c9a7978aa8b17700dbcf0790768c372cbb16cc8e64611b54d
- SHA512
  
  ea78a522e046166666989f7b41cce14cc96ea0156277ffe45c77b5190ad90236e107f725e063552177bb5225f4cbef064363256a7e90e58d617e8653e1a9bf2f
- SSDEEP
  
  24576:gbyR6M5YFefN/9kA7ewYbsPW/YfR/ad4:gWxyI1CwfR/ad4
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Statistics.exe
- Size
  
  268KB
- MD5
  
  8cd1ca96e2d6202be5d19fcefa35bbb9
- SHA1
  
  87f363b889b6ddf7cce6f7de981a36e5d600909c
- SHA256
  
  49cd107a52f0c7a7ea546ae1795b7044628361dcf6884b4a57f4c6e1fda109c5
- SHA512
  
  239a7549c596c6b9f670b38eda1bafa2cb62db46deab53ab20afcc01f85481766744c3578230d13d82e5eaa7c40104555bb4fb85d7d22b02a9cd426162bb5144
- SSDEEP
  
  3072:P4Y5LO/EWnWIAUfjY5dCF9MLilNlJ8un7zQumOt8:mc226jNYfP
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  18KB
- MD5
  
  92fc9e50e8511609257cb59f633f13d6
- SHA1
  
  f95f0df12deb5dc4b281732d983bb2c103c17b56
- SHA256
  
  953ba87a30cbe067408e75bba9fe750c0e60270607aba1ec953bd730c337fe3b
- SHA512
  
  fe4a4d3e6ba6ae0bb2194f7667443dd5be591ef2e9b1f792d80d7ed3ad1685858dbb856548f01d5a73e80cd9cdb144f24f4d517f8f91b2eb376606c325041093
- SSDEEP
  
  384:hC42HgN4GbeWmbI4Eybogia7yO+nYPLQjyIANweMxK:hC42ACu54HogL+a
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMP/QQLive/QQLiveSetupex.exe
- Size
  
  80KB
- MD5
  
  7a516ee64081f8f6b49438e46da1a877
- SHA1
  
  c30112e9095c9c50c686af1647ca2119f3739844
- SHA256
  
  f4c57ba172b81979defdfbc0ade6816d1ff80ceaced239bb3342618ac8f1f2c5
- SHA512
  
  b4706f9094a41c3b610a05240fe09cb04e51f6985266aaf7752be0cd81e0c581a651f9620f0c56462e708f4697d26a4d973add267d5ce187f7d91e2bc220b713
- SSDEEP
  
  1536:/zu0c7MqiYxWZQWe2KYbqWgPnZe4Romu/BRYRO8lsqpTuGmq6IzDYfGf:tc7MXYx4Qb5Y+WgPns45mYc83xzyGf
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/ExProcDLL.dll
- Size
  
  55KB
- MD5
  
  87495320b6bc4f54d129561d5a6011d9
- SHA1
  
  7c44a32a778483b8e807ab04863096648e4d73d5
- SHA256
  
  918625e67a13292ef53cdb807f39dc52dc98614c5add967cd65516bf6e50ad44
- SHA512
  
  7fafc35a6098ab3ca3aec144b25ed0e6d6c9df6fda8b92007be3332a6297f69126b33b52969567006e5c32f21f8507f39f7e7f48dc3edf5f585c9eeddd85ee3e
- SSDEEP
  
  768:A+E6M3ijAdUxvC4qVbcJCqZ3wNwYOA1ZmlqYO:A/xijAd+C4qVRk3wNFOAPmlF
Score

3^/10
behavioral15 behavioral16
- Target
  
  ADManage.dll
- Size
  
  367KB
- MD5
  
  98c7f160210ac08734ffb2efc205a925
- SHA1
  
  e8ca9c080b625c6ce34909f57b9b924b58b1914c
- SHA256
  
  ecdde5be953950b8a7dba9c92c4cd5f5dfe958429104defe71f9ec3bd2ed82ac
- SHA512
  
  8f748a68f323ecf2ad2551ebfb478d2d51db8c51c666a5c77f8fa4b83027ec54069e5e6393d777a75d7402d6bd1069535c8067060a4cbf09bfa290e762c518ea
- SSDEEP
  
  6144:NLJ3FdhG1Ou2IDkpREH2tZFX+06VmbPgrp/RRuqTBP/OAAiKyz:NLJ37w+IDsEH2tvX+06IbPGTRuqTaU
Score

7^/10

bootkit persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  ATL80.dll
- Size
  
  95KB
- MD5
  
  3e9a33113d663d8bd5ed38858e669652
- SHA1
  
  1292dc7ffc35a1ef2b761672361bcffa7483169e
- SHA256
  
  63e1985a37d5993d170373bc28d067c13c1541ca2b63968b82e35eaacd927b49
- SHA512
  
  a2dcd0d5db662653d3085d2ab39e8697b25e096fd2093e3f5ca2edb3087356814adb9f99e490dc95293198e05551a3ddbb3fa2918b8ed5f76d84a22268bfbe7a
- SSDEEP
  
  1536:SskNTnYQzkuvliN+9sdYhfv3rkT+za16/rWmE9dV87mKxGXmwkbos3co9:S1TnY4kclz9sdO/o9dVMmXmwkl
Score

1^/10
behavioral19 behavioral20
- Target
  
  AsyncTask.dll
- Size
  
  111KB
- MD5
  
  6ab7eb62057d4ac317cacd8ba44f91a7
- SHA1
  
  34649a667c5de64dbece699828bed50aaefbfec5
- SHA256
  
  3eeb4dda1d618488fd9d46517f4112e6edd19dca65ff07374062b19470b09f35
- SHA512
  
  8a21007c88b73b32f3528b94e5d376bc82f2529f75c6dfced155fa673e8e7e13c03fa4460517e87f83fe63942bfc6abc6bd4e4596fd45a24c2f9710c047a80e4
- SSDEEP
  
  3072:wbuMyb8PIwTPODktoBdGyAIdBsKAMteeJ2x:nzGrODTHLehx
Score

3^/10
behavioral21 behavioral22
- Target
  
  BugReporter.exe
- Size
  
  107KB
- MD5
  
  7cfc3a5f14414a96ec938044e47a0ea9
- SHA1
  
  4a1814f51a3e3f0d5bfcc2f58219715a1924866c
- SHA256
  
  16409089b44451c45b56295a54c86b24574c27f8228ea344f91dfdeae1870933
- SHA512
  
  5e244f25c515796f56fa34c3b464d24891010348bbaed5ca360a952b1a4f841872454b24b22b0daef15a8620a5705b287120cdf9297de2611aa1c1b9cbb50c5c
- SSDEEP
  
  1536:yCyauF2IJbox3MJaQn8rvL++Xzm6H/hPn8rvL++Xzm6EhuAnWIq0OergjpL2k:+Jb+8aD5gAnWIq0OeropL2k
Score

1^/10
behavioral23 behavioral24
- Target
  
  CefSubProcess.dll
- Size
  
  187KB
- MD5
  
  591699755978298f7c8ceb687109e913
- SHA1
  
  ff338969d75f887b8563052cc51db94ff3a39267
- SHA256
  
  8c67d95570059507eb94ab9f4882421c9a9e1ffca40315d73345012dd6459e0a
- SHA512
  
  310fce3514ab6059b68650e533c67ec87adaf04b4d2d8179bf8674cfa730a5105b5614c4acb9c52cc6820604d93d4e2c4dbdce1c3bb105391a187096cc91c6e5
- SSDEEP
  
  3072:FetZuw+XkcU9Ncq6fId+WQ1mVH5rkazMRBJO8jIF4bn7YPTOj56twpnf9Ht02s:4tYw+XDkNcjfEHVZ0ZOx4PY7Oj5XFbs
Score

3^/10
behavioral25 behavioral26
- Target
  
  ChannelMgr.dll
- Size
  
  555KB
- MD5
  
  159080d668d047dbc7457c6e38905b12
- SHA1
  
  785018946914e05e7ffd6d0207920ebfb0ff6f70
- SHA256
  
  51d6636ec84888498f2abbc686aa20d0cef9ac0ab3eeb476363996941fb482e6
- SHA512
  
  f397b34da4d75f364edb7bff5e3a907eca2e0a04c2257a80f88c640fdb7f4884d07dae25fb9249b65ad91f20fd1839f765b77a3e79c84b3454a4038b956e4df5
- SSDEEP
  
  12288:EiYPmwEZQLHrx205aPMJ1oQPO9cKLchrAT:8EC6PMvoQPOz8AT
Score

7^/10

bootkit persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral27 behavioral28
- Target
  
  Common.dll
- Size
  
  1.9MB
- MD5
  
  b9fcbd8fddb981d89e259f7c90ec4180
- SHA1
  
  579f2275e37505fa0a5d06ca7d611cd9ebae7928
- SHA256
  
  5484b30d3d96b02fdba8193162ee67b0c45f02c5a09b049e190bf0d4dc4aa060
- SHA512
  
  c809f371b0caa0f0804951795307b69d4b7f15641f98e4842b5ef75c4dfcb48e7bda35e9eb3fced8650afe0332bf5e731946b8a8dfea32aba8b39b057285e2d0
- SSDEEP
  
  24576:y2L8jR6DlsMNvWQpov7nGGdAY7tNx5SfTAgPUjoGmKdOyEFHwPeZxNjbUqU8uerf:y2L8NzMVNq6bYRNcyHEFHwP8xqJeX3L
Score

1^/10
behavioral29 behavioral30
- Target
  
  D3DX9_43.dll
- Size
  
  1.9MB
- MD5
  
  86e39e9161c3d930d93822f1563c280d
- SHA1
  
  f5944df4142983714a6d9955e6e393d9876c1e11
- SHA256
  
  0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
- SHA512
  
  0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3
- SSDEEP
  
  24576:8UtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBs:8566l2u45BiNYFrz31Cv3D29kd6kWa
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vmprotectcryptonepacker

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

bootkitpersistencevmprotect

behavioral18

bootkitpersistencevmprotect

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

bootkitpersistencevmprotect

behavioral28

bootkitpersistencevmprotect

behavioral29

behavioral30

behavioral31

behavioral32