General

  • Target

    207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118

  • Size

    26.5MB

  • Sample

    240507-nzeg7aee8t

  • MD5

    207af6c7fe675ee4d6b0be1c1b6d6709

  • SHA1

    6e3c59bd75c091d79fbe3381a5617d6e62a73238

  • SHA256

    e197e28bd08c56c2ab5abc663ce11d56221bacdda99305e1cdb614300340d5e3

  • SHA512

    8a455d0e25bd2364b9b1867918aa72c7554883132d98520eda95ede03c3f3dfa96e4710ae8bc8f0ca45d5a8c334b4383f85c6367e11a3b290fc1b7e2b8fd2772

  • SSDEEP

    786432:6UUe68MlS+Q0++07l3sHnXkkezz5ATAzREx:6UUUkxQ0+RSnXkkizUURq

Malware Config

Targets

    • Target

      207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118

    • Size

      26.5MB

    • MD5

      207af6c7fe675ee4d6b0be1c1b6d6709

    • SHA1

      6e3c59bd75c091d79fbe3381a5617d6e62a73238

    • SHA256

      e197e28bd08c56c2ab5abc663ce11d56221bacdda99305e1cdb614300340d5e3

    • SHA512

      8a455d0e25bd2364b9b1867918aa72c7554883132d98520eda95ede03c3f3dfa96e4710ae8bc8f0ca45d5a8c334b4383f85c6367e11a3b290fc1b7e2b8fd2772

    • SSDEEP

      786432:6UUe68MlS+Q0++07l3sHnXkkezz5ATAzREx:6UUUkxQ0+RSnXkkizUURq

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe

    • Size

      507KB

    • MD5

      aaa065c5bdf547c2ac0c8e752f0e3832

    • SHA1

      a6ca04ee56cf82f8eaff1f43980d8794fc82e256

    • SHA256

      bd6b83ce42688b444226e9eb7f562287060ffea9d4e08c69402bfe376694d841

    • SHA512

      161810a01cbe1c446d56f1fcbaa9e7a9e613b5b3cfb8ec210dbadad40d11a4846738728c7d8af33f90ecb6e34e8fe5ed90b8fff155302170b2a8b3e1df9d525b

    • SSDEEP

      12288:Eq54MlzflFRMFvmKpdo6MkQK8Bw9sEfhBgX:dPlBFYvfdo6Mv5+sShCX

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe

    • Size

      642KB

    • MD5

      8e88bed1e8162ef9a6e373fbfcfaf53c

    • SHA1

      a5ce70e309aa3e05bc44758e8eefb6c53ca1c5ae

    • SHA256

      19eed4402a8e24277292f0d03b9600e18d907435682479ffc85475c82f3b42a0

    • SHA512

      81b3bba3c4c5ad8df8ddb13ef82d1e044c09b28178c960daceba4f9cf49a3695e67ae73874a48755a286573b0b37ecc000a97070d71dafdfde1d4ebee94baf82

    • SSDEEP

      12288:43as2NyCU13ZwW//HpK6dK8yUR+NmlCpZr3QAKTZfzYuRh7ts9OO4FemBnzXCvYA:cKyp1OW//HpXKOsNml4rAhVfMexvO4Fa

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/ithome.exe

    • Size

      537KB

    • MD5

      94653c958221e49644e591bdcd8b2638

    • SHA1

      c01887f3cc0904610271bb24051b8e583fb740f1

    • SHA256

      18b7e965aeef9423a327d8e2561094b2b7b2deca3114f0279eb30344bcdb77a6

    • SHA512

      c9659fff1487cf42d22f6c2abde6ec4acfca74113a972f2c962b7fd550015109ee745ab90c735db727b173620ae5d7e6c598d48892479886044f1f82cd064bda

    • SSDEEP

      12288:raQOVg0fs+uTZTXCCCCCqCCCCCCCCCCCCCCCCCCCCCCCCCCCCC50:IfkxXCCCCCqCCCCCCCCCCCCCCCCCCCCl

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe

    • Size

      1.4MB

    • MD5

      80ce6d708d329ccac4d47f2973097b48

    • SHA1

      8e59ea99ed6755fefaceebe15ac6e57bb71428a6

    • SHA256

      4dde490055881a9a2ef0d3bb98fdba5dff735b6926df17e26921cb5c6c2eae44

    • SHA512

      d56fb04b873ed18374e63ddb70032200f14953c923ab0191d4b6d4d728308e83e657b1edb6169240e8ce2ad91982a0c2689a18651e24695cd87be581a8492709

    • SSDEEP

      24576:UtwTUc3EhMuOYDRYD0OwcCe1ZRDUpICRZgcQgqy7JMMok66z3kH8jgD8ZFQYxpKf:UbcqLpDCgOwvMZRgCWgcOyVN366zUH8y

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/mytime.exe

    • Size

      11.2MB

    • MD5

      348a8c1cb190f8e35131b93628e9a8a0

    • SHA1

      e57c4eb35bc8d862f9773aa78a1c6ebf0ab391a4

    • SHA256

      59ecc9a2eb1ac3937f2b35cf6aa6c734d9cfc814f9512d23e45a90aaeff7f55b

    • SHA512

      e4778faa841c23fcd084239401dc51d1da409f671777ffde01d29bda855ebc94c681b901939d5f2cb0b2719109d15c9dad59b1537c3b245dd7d6bf6be3acdcd0

    • SSDEEP

      196608:VZefJH5NYvwxsUScT5ebMURxn368lgzhgPq+QI0ie8B:bef15NYEDon368lkgPqk0ieI

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/node.dll

    • Size

      16.9MB

    • MD5

      200de56040ebbdedae7224ff7e98a1ae

    • SHA1

      f6ee87bb989aa6e765e16ab0f80d28b17f53b8bd

    • SHA256

      725e252be7395d9d0a3dfd372c247f39c4bae4fbef94a80fa077451e4da7e783

    • SHA512

      03f5aa02e0b1d05dabbcc801c53ce7e93b26e984dfcdb8961c4f5023c95bd336c6b61e7720b9b76f5c12db18475c932aeca6859aa11788c8531dfb99856cf9a6

    • SSDEEP

      393216:LKuvzYgFeKyFCJvWiXwfssXJKHq305yLl7n:euLbeKyFCJvWiXoXQHqd

    Score
    3/10
    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/pcdstart.dll

    • Size

      347KB

    • MD5

      07028efd7499c4a897580819cd541972

    • SHA1

      62e42b1f18b9570dc217b469032643920c018e73

    • SHA256

      5ca5dfd7495add4b0a30276dc0d0cb4f60b69cdc4e82063942af2309db12e6c0

    • SHA512

      a9dc9814fe7bdc9355ee5290b0fa99559a482b229e9bfbf0244b25c98cf195032f005478672278f8a7ceadb6b679ec597e512d14baef03a26621e9ff5a0e9656

    • SSDEEP

      6144:XDfAdqYyuYq8jEiG7RX2xjJ0GQhAluytjXxW1Q3F3ahSh79HFlm4X1fAY:XcdT8jEiORX2FnQhCuWW1C3YC7lFlmI9

    Score
    1/10
    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmaster.exe

    • Size

      6.9MB

    • MD5

      dd263a7e06da82897612f4348442703b

    • SHA1

      43242e2fa1bdec6711601fafbb220e3e3f64974f

    • SHA256

      8a770b4d23ad9ebd4c35b4f95cc340263efcfdf0ae2b3f4e0da0e3f1bca49201

    • SHA512

      f7ffdfc3a528d7a20870825f255454ad96b04c3c3a5237e5a6eded46da9b27c8f3e4bab0ea8077cfc0e304808111dd75b681df7a38d358584818477824bd3458

    • SSDEEP

      98304:M4sDs+zhpv5+HAOpDfG6RCEa1LZWv3pFMghZyxLf8vhRPuuZgixe07uKPZMLydUY:eneAefDuLchpyJfeRPXFnSL88jlhFULt

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll

    • Size

      290KB

    • MD5

      83700123f572d5eae3214e2fb632e4e9

    • SHA1

      344f94e69b10cd44e5caba1316ed0c51242f2964

    • SHA256

      7d4b05f5b926fc5eff87cfbec1246a4d3af35d9233b03fb9c571e8eed3215f12

    • SHA512

      4642da8b67163d97f291538c229eac15cfad75f794153ea11d023e91216dc51cff0bb1a0803f191f7900c1c57418398b57a789daec12e81486c102ce45adf363

    • SSDEEP

      6144:GwWsLOj1jb7cEdk6mkZm2yoNTDrn4HLqnI1dq/L:G1kojUEdbmwhyYn42I1dq/L

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmastersvc.exe

    • Size

      207KB

    • MD5

      cee91c7a623d98fa3f2663d0d2cba582

    • SHA1

      2801c34f8f579240572398e5de1933d230f4da6f

    • SHA256

      2fe76db967411cf5cdc8edb22d158ec5ee1b0ff38a349c87c3485420521abe13

    • SHA512

      342a4c47ca28f9302d80b8a82ccbbf9a9af6a6638272483f65329d5dcf4251021847dc8dc1c77d143e733662f38b73051f5c22e67b1f002d76d350c29629f532

    • SSDEEP

      3072:voH/LVYQPUnGccnx/UuctA5syLGScXk/vvzTxzKuwM3QhCNklGEMYaXonYrolxwe:gfLRYh8x//L1cXkXBTRBSx7

    Score
    1/10
    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe

    • Size

      812KB

    • MD5

      c6df640c06bd450585c74600c5b67d4e

    • SHA1

      31f2d96c02051c3e59c94bf25516e507827d880f

    • SHA256

      390effe54a4bbf6fb42b62610900f2a0dcc5efe20925ac867bd2b3a6c6da9532

    • SHA512

      44ce1753a80030caeb82d1f54bcfa1edc936d6c108585abce7f5f8e325463220b7f8f846ea92a89503242f00b126cc12d02ea4d25700be998aaa8d2e7cb69842

    • SSDEEP

      12288:jWja3wh2V5bXsuxSGg0WRGXp+4H84f55eJaRa2SizE2Wx8XPEXi1k/FtnUC:jOOXTnH84f55zEeXPEXi1EFFN

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/softmaster.exe

    • Size

      5.0MB

    • MD5

      896bc886d1f71a8dfaacffb4d45d381d

    • SHA1

      d263eee85b5cf09787bce4a46069ee729ff4b571

    • SHA256

      67f5fb161125e9a6d412dcfa1431bec874bfa001f0ac3645bf5bca393ff48340

    • SHA512

      1d0f49f9805d329f3806fac6827a52b0a28aafc4d82f43ad28a0f82d4287855950c8976a21be8d00a2bfd490e3e83a1079f3808fa3f16935600656bcb7c36e56

    • SSDEEP

      98304:KizXZH0pyu4HoagLht2ZEM47n+jEtLk4+7DOSOWHBN:K8Jbsk947nsuQ4+7DO0X

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll

    • Size

      72KB

    • MD5

      fd241ac838dd9f59ab74aa2fd1c5edb7

    • SHA1

      5b981e422b4670ff04fce3f0f6ad5d031e2a7e45

    • SHA256

      45a169a45936c7010852208307d0acb950042a5f4407c2f2452455e40a1a503f

    • SHA512

      236c7e63e4e64050dc88db946d33854e3d76f1d70a3269d3fe5b927b54997d8697e00cd8dbe4776c53a19d2d4aeadfc31c9ab4b7e51212dadc1520036470fe44

    • SSDEEP

      1536:j9FIT1VnybWdko5tW0RGyz4Sd0mQ9+YsAVUpIoGY:j9FI/ybGqaGyzHFiGpIoR

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe

    • Size

      394KB

    • MD5

      492818f32d319fa417c4d71c8ca8b492

    • SHA1

      4a67bda289fb9d4ac852fd8b0bc7461e99c08731

    • SHA256

      426dd9ec1511b855367cbf868dd49f18770d15003b731a829bffb86bc1f699d9

    • SHA512

      7af838ce8872e68de91dadcddff386b322abe8dc8d88041f45f76137f6121bfe8cfe853d6f8b4b930d5400f0d7e26e60b7efe6b670241c63692b076d2fd289ac

    • SSDEEP

      12288:rKn08qTV/XGvFYfgOdbjEdiRBe3TlRhMJaDmKf:HjV/XGvFYYks3TbGJ7G

    Score
    8/10
    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe

    • Size

      595KB

    • MD5

      ef77f7b055ed80058679f0b0f36361aa

    • SHA1

      63c0071058db2869d259b74401441e91416cafb1

    • SHA256

      71add548b0684c3c16d3a46280e6dcbb8338b4c5beb86ca654dd3e43c5933c69

    • SHA512

      b7e1921e78cd27a2dc8113f91d3fc1efb5a55d23f3e034e6ff47a41ba1623ffc11b5c358c8d792d7daeaeafdf5340cf99544a23352942dae446ddc0f133a0f91

    • SSDEEP

      12288:vuHV3oEYndgOgPslgw5yM3fwZGzqPxdFfUC1c5dOMTSgc+3l:2HV3udgODlLyM3f3eLhUC1c59TSL+V

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

upx
Score
7/10

behavioral4

upx
Score
7/10

behavioral5

spywarestealerupx
Score
7/10

behavioral6

spywarestealerupx
Score
7/10

behavioral7

upx
Score
7/10

behavioral8

upx
Score
7/10

behavioral9

bootkitdiscoverypersistenceupx
Score
7/10

behavioral10

bootkitdiscoverypersistenceupx
Score
7/10

behavioral11

bootkitdiscoveryevasionpersistencetrojanupx
Score
7/10

behavioral12

bootkitdiscoveryevasionpersistencetrojanupx
Score
7/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

bootkitdiscoveryevasionpersistencetrojanupx
Score
7/10

behavioral18

bootkitdiscoveryevasionpersistencetrojanupx
Score
7/10

behavioral19

Score
1/10

behavioral20

upx
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

bootkitevasionpersistencetrojan
Score
6/10

behavioral24

bootkitevasionpersistencetrojan
Score
6/10

behavioral25

bootkitdiscoverypersistencespywarestealerupx
Score
7/10

behavioral26

bootkitdiscoverypersistenceupx
Score
7/10

behavioral27

upx
Score
7/10

behavioral28

upx
Score
7/10

behavioral29

upx
Score
8/10

behavioral30

upx
Score
8/10

behavioral31

upx
Score
7/10

behavioral32

upx
Score
7/10