261d00d826bdea12f7f6956ae71cd7b2fb09d6a00424506522c673e60abbeccc | Triage

Sharing

General

Target

68baae0975bd545195b20ccd4fbc782f_JaffaCakes118
Size

18.2MB
Sample

240522-1jtcmahg5y
MD5

68baae0975bd545195b20ccd4fbc782f
SHA1

c3e4d2d76359458c5a5cc2f8ebb9d460279c442e
SHA256

261d00d826bdea12f7f6956ae71cd7b2fb09d6a00424506522c673e60abbeccc
SHA512

6032834dc05ea48574758d0e75280c9caadd5ea4dd89681aba43910274b6a00e2a88ba54dbbc95d3ad6870668324c7f573a94475c78da4320b77b6fad80cbbfb
SSDEEP

393216:yILVEryoZrcSRkCTb4Rl0x1ZEtJK5ZqFBZn8Gb:yILyr3oSRkWgQ1o8gnZnj

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  CustomPath1/AddOnPack.exe
- Size
  
  15.8MB
- MD5
  
  b5cf8bed71bca76f2d42ceb8e862c8ff
- SHA1
  
  c22820d38770e63a81a5499e8f8986785aca83da
- SHA256
  
  109c81ffc5036223e9e3a36aa9fdc851a9c54905b83a5a235282124014de3b4f
- SHA512
  
  4ed258c182bad7fa21ea659a2612ee237cfa36c46452e4585eae43a785e7923ae36b4eb6eda56a44538c41a496de1b4a877e0294cde14a12bcef6b4f5ef85d1f
- SSDEEP
  
  196608:RjfsqlAIwKyTHPi+FNugmqP/mgIA++SyJzyHARLnH/mgaB5GPST9omrwQglOQEs0:Xgp9PT+Cc4MGPOrEQQEqnvwyFI
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  TargetDir/CTNet.exe
- Size
  
  248KB
- MD5
  
  e1e006021e8ee9ebfa567f49344ca16f
- SHA1
  
  ac0efd78136c34b657e0f8b547da16024f29be65
- SHA256
  
  76a19042297c39e9a1d45ef48275b8d1d1a611ce6878846c497d53df4315b69d
- SHA512
  
  7826bdee76f803fd7d864ff05ad963509a53500b4caefc28bb7c52f35f9e30816f9b1a53e6bf394f440266a9d5246a77d6d021bb1159c90f958658d4c0f80a2b
- SSDEEP
  
  6144:Pn/EEdZSBw4Efb1avkYlBoySLjAD8sxbZMtzs:Pn/zfaw4Ez1asABoySLjAD8sJ4
Score

1^/10
behavioral3 behavioral4
- Target
  
  TargetDir/CTSUAppu.exe
- Size
  
  105KB
- MD5
  
  4cfb62c10d1ee11a28f7f00494087b7e
- SHA1
  
  14aa57ea780298e1f11c5febb6b889e79407cd9b
- SHA256
  
  3d4a5c9e8977ba4aa285597632bb7d57db4727f5e9b8926ce928bb80d67ced3a
- SHA512
  
  a69e992b235a0e71b7cd5ff0560193bd1f176c584e1a6f37c09bfac4e1fda44894912d9892e96aecb4a54c5cdad29784b6dc60c371e1a8cc94b2cb7b72f559d3
- SSDEEP
  
  1536:MfGCJ2rqbEdbYMbbvXIH2Sz2nrcHvcXsx9U7Py43aFnowI:Mfx+qyZbbgHyrcPcXJblKFn
Score

1^/10
behavioral5 behavioral6
- Target
  
  TargetDir/CTSUSDKu.dll
- Size
  
  52KB
- MD5
  
  2de147f4495696693fb79f0100167700
- SHA1
  
  b74ff1c4b2f32439182315a701712f3571f41cbb
- SHA256
  
  618856b3aebefd38aee192c67e674c85374cb558d4323f76db450069aed07e19
- SHA512
  
  dbcc04fdd49299eed87a32a690cd0ae45d050449a2d7190b52182676d3cd82c02cf9bf74d475d95b3408949ba6c6bc8d2f2868a68fbe8ec43bba2e5416a60a0e
- SSDEEP
  
  768:qO2KmGRQkATVzKDZPOVkYEYprUupRKwxTG9SzWLBlxqg2A:j2sbATVzyxLYNpR5xTZklx0A
Score

1^/10
behavioral7 behavioral8
- Target
  
  TargetDir/Client/CTMTBSvc.dll
- Size
  
  287KB
- MD5
  
  1b8e43c6536cf66548ce3664d4efadf3
- SHA1
  
  394b83ed56e586790123ac43a44031f07062b8d7
- SHA256
  
  a854b2c384bdf6b571da6eef2c385758165c81c624f1dd7587d9d4ddbefd3c0c
- SHA512
  
  ae35937d9d338d059272463d93c2b6bd813f94ce65826898cecac3e1653ba096e7e0618418206372e91c37b61674ddf923bdece70283c604e47cd6c5335b14b2
- SSDEEP
  
  6144:hFrjLy96lDP1j0k+d7k23BMdz5LR8idSkFVTSETWhdcbzyqoN9ju0:hFhP+d7d3qHR8i9yEFbzyTNpu
Score

3^/10
behavioral10 behavioral9
- Target
  
  TargetDir/Client/HookWnd.dll
- Size
  
  332KB
- MD5
  
  bf10f283f33732ca4ec0a2dd3b001867
- SHA1
  
  d30c0e50543be9f6330c850f0add405e193b2918
- SHA256
  
  8bced26beb948c2e7822536143ad4e0f46bfcee2397ba181396e269d3e055fe1
- SHA512
  
  475060d04320f5f73126ff708f283b4d132c8fbaf6c15bb10835533dfe10376cb804c15861d17395b262056c871a3fbe1eed5582dd6bce420251d24834512a19
- SSDEEP
  
  6144:8HkCMMJry4MOtRleHDNqZOu0CaHzgVR/FdTBGvAbVq8s:8FMMJO4M0jwdu03TgVRddTkI6
Score

1^/10
behavioral11 behavioral12
- Target
  
  TargetDir/Client/ScsInstall.exe
- Size
  
  44KB
- MD5
  
  dfdd3e2a3fea756e569eb992e942491c
- SHA1
  
  427022f720b398c3aad8126d0fa8e55b7381ce5f
- SHA256
  
  57c06fe9e521e52d51e07807cc347486b0fae4720ec347de2378c909affa0875
- SHA512
  
  6b76cc9ad17131263648a047fb25c25c0b6c4a41eedd3d6f142f0ea663a26299c77000acecf9831cf399d5776cc9061ba0365cc004aaf2c7b004159633ac911c
- SSDEEP
  
  768:4uWi1gjhsn7UScZ9PZEQ0q1prrkG3IIof1V:tUScjDP7Hrof
Score

1^/10
behavioral13 behavioral14
- Target
  
  TargetDir/Toolbox.exe
- Size
  
  2.0MB
- MD5
  
  5bf76395f7cc6fb3d8ca3366a3cebe0f
- SHA1
  
  5be555b30d6f95f640856dca23cb94fe4d69c565
- SHA256
  
  17e9dbb3f6f4ab7b699270681c4150cb69214e369d2b1d28b555cbe064b4ced3
- SHA512
  
  e06ec2d3899c4cfb0a3091665d1f0e6d673c4949d576781bdf53097f39e5e9a40a97729c17aa708a46464cc517ccdb951b3e0e19ea2b0d9aca13176685d21b41
- SSDEEP
  
  49152:xgMjYm5L8sz7O8xUfKf1EAsHg6Uh3Ab9dM2+zz3w29W/SNN0D8VLeb+7:xgMjnSmi8xUfKf1EA4g60G82+/A29W6V
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

bootkitdiscoverypersistence

behavioral16

bootkitdiscoverypersistence