47cf19204ed7b766915eaabdb2182d9b202f5eda072f9139e280557adfb1e86d

Sharing

Copy URL

Twitter E-mail

General

Target

658d0589624f939d0bf4e76a19033e51_JaffaCakes118
Size

9.0MB
Sample

240522-b2x14agc47
MD5

658d0589624f939d0bf4e76a19033e51
SHA1

534b72590ae3959d9f972b1ad794390ddc8d286e
SHA256

47cf19204ed7b766915eaabdb2182d9b202f5eda072f9139e280557adfb1e86d
SHA512

c824277b48348846a0122be352ee63d4498275615a2908fc8127fa5863e921ffe70ae963b4afc15465c9f01b9a0d9473658452fe60a53d0667706f712b53698c
SSDEEP

196608:sh2NBX1Rn1N7WYHa8+UJPjSsu2RPtHzFrjfNzQYtUqB1:W2N5r1cYrhJPjSsuEHflzg+

Score

8^/10

Malware Config

Targets

- Target
  
  AutoSnap.exe
- Size
  
  813KB
- MD5
  
  68874bfbb31982d86311b0d97d90ff7b
- SHA1
  
  1be9efbde8e210c40b42989933690311f5ca3f9f
- SHA256
  
  8d70d5c9bcc0e6489483d58b7aaace0887588766730cc21a33afde7eb1489cee
- SHA512
  
  0189f667760f7f4b45e6480bd7bd1a087d67dde21185b7eee82afa65a69d1e260aa86a441a81b4db50b7d83899345ae85dedb3043725507e0f4040ec2f5dfc88
- SSDEEP
  
  12288:1U8hcMQOh0qpodfmAs9JGNBwwASs1NWnoGiY4H6ChjYlfYRAfrmNBybCNy:phbVLya5rWneXhjYlw8rmNBy
Score

1^/10
behavioral1 behavioral2
- Target
  
  Client/DeskSide.exe
- Size
  
  550KB
- MD5
  
  ff5cc51a9f4d5d3c5d9fab250174c8d7
- SHA1
  
  e5493ada32d2dff3d59aa8bba3f904e0854d50d2
- SHA256
  
  c164a1fae9aa656f9ad3f0df2b4ce2ec8c2a2c4328ec5d452e8e25ee0f97095a
- SHA512
  
  ac3e187a85eeed9332565aa47f16175a5ebc998bebb8580ca6f317f812ce9be88083e6f86f1bada9b23c88bb2bf177e2476d5ee26bfa4b09b188fb4ee0d396ad
- SSDEEP
  
  12288:69evwmqtEJBEqhe2uRORQ/7O2XviFfrmNBybCNTV:Pw7aRQzOaviFfrmNBy0
Score

1^/10
behavioral3 behavioral4
- Target
  
  Client/DeskSideù.url
- Size
  
  170B
- MD5
  
  d38f19f622ef82c395b301033b81b6c2
- SHA1
  
  1b29b4fffd1e9640f618777579c93a89fbcac1ca
- SHA256
  
  1eb26d09ddec6717bf0250291899f7d6e8b6f2cce1a4121c95d2bec2a987cc35
- SHA512
  
  f4d3cd538cb2074c83b716d656428c3e85112c587635cde6e31998c093e24a2c69ac39bddaf3a5a110a7eb744702eb7acf33d8171aa94dd6b516ece95f9feeb4
Score

1^/10
behavioral5 behavioral6
- Target
  
  Client/FAKEDISK.SYS
- Size
  
  102KB
- MD5
  
  b56146378c7f5d3c20051425755fd3ea
- SHA1
  
  4e62e763c9dd15f0bdc14f6ce22bdf47e396a1e2
- SHA256
  
  b734fe55b90d4d1907c9e6189420e0515c062f32ff058868fdae17985dc8d42f
- SHA512
  
  be9e5c706d1c53bde7250bf07da15115d3fe7ff5762ec2d23c59e97f5739260cccee0d4d8e83e12987cf0e29c4ec1fb3efb87fadbdc5e108f2b06b18357d6ba3
- SSDEEP
  
  1536:mptlons7podYlOcTGATFgVvUinLTePsYDvMZZQkHCBGN+eqaqJJB:cosOaGAT6MiLTelbMZZzC/JB
Score

1^/10
behavioral7 behavioral8
- Target
  
  Client/IMAGES/ͼƬ.url
- Size
  
  95B
- MD5
  
  9e2ee6c9b8d6cbc749aab7f3719adcda
- SHA1
  
  7f0d276c493d30637d5f0c3a3dabb1f870c9f390
- SHA256
  
  902cb12efbedd5c20d9672a1a50149bcf61146841a03a81e36400b8aeded16f1
- SHA512
  
  2be5a4158053d7056a2249c643c87cf1edabf0d59566a1318508b3f53a4300c3052faf71689b2b95f3f9a054f4bef1680c05df5eee690465720cca4689506492
Score

1^/10
behavioral10 behavioral9
- Target
  
  Client/InsFilt.exe
- Size
  
  94KB
- MD5
  
  98e5ce2d6932f84fd18eacf021588bb3
- SHA1
  
  e3d94f0165b898a5c5dc9fe5cf24a5e2b1e43957
- SHA256
  
  4b6630680705908ef8ba0b76bf630109d9cedde6474ccba1586c2c956e75494d
- SHA512
  
  cb9ecbe1c84365c0198e74fc149a2b6546cb74c6a21186737f7153aed88f40087e78c082cad96df159f48e41a4c8f5055e5e978c7019ae89ab9fd6fe5a1fcf6f
- SSDEEP
  
  1536:oEq5pUQ7/XliYXc+0CwwhIrK5HqR4FlDXHBmb6z0fS/w6TxVPLONG4mPhw:SpUq/VV0ZwhgK5KR4HThmb6z0K/HxdLq
Score

8^/10

persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
behavioral11 behavioral12
- Target
  
  Client/NUpdate.exe
- Size
  
  515KB
- MD5
  
  534db5e534b89f999ae06bbc40bbfcd7
- SHA1
  
  4f50d2ec0862075f5606e6b5893681baa394cf42
- SHA256
  
  6a7293bc76d960ae1b47e3194752983d4691f0f955c1859223dbce80895f4621
- SHA512
  
  1cf005e577fe9cae0b517fb1552269ec45f1969ca12dee40f73a15d2e29509afa04da86c4c27cf95a707320d572b2c6ea5afec271407f0cc79f05daac83f3c51
- SSDEEP
  
  6144:FCV33UFrhZJL8Jc4j2CzHyjnekPTNikb5C6aE9TR170SfzZICGqmiQnl:aEFrbeeCee6iKQ6x11FfzqCXHQl
Score

1^/10
behavioral13 behavioral14
- Target
  
  Client/NoClose.dll
- Size
  
  137KB
- MD5
  
  162ad77a85ccc8d3fb00cc81e09e2b1e
- SHA1
  
  e6d6654e5c27b03c29b318fb390a6de839190eb7
- SHA256
  
  854583987aff2aa834b176be668d542b68884a061af00512cdcba40687ba98f7
- SHA512
  
  2336bf9045c395c9611ef13852f5b1390e983e30377eea9259845a84a76ec89fb9e8ff4f00c95920a241cfa7d8f7a52eae8fa20e5a14fd65958b660fa703d058
- SSDEEP
  
  1536:TnerqOEZk5cKcA24FxcT7+WhaWIeiq+EUkfopPYNpMW2IcgY8OicIU6RbpXfUfeT:sLcKsjyEInjRBfbIjxM6Rafq19R9
Score

1^/10
behavioral15 behavioral16
- Target
  
  Client/SEBarClt.exe
- Size
  
  876KB
- MD5
  
  3525e469f0ef10b401095d1def2ce3d7
- SHA1
  
  280c75ab59c907acba1d33dc90f4ab735dbbc240
- SHA256
  
  e8e4b0d067c55d973533f7fa5e9d16b2a5dae142db86fc21ccedb4182a217f09
- SHA512
  
  f1acb380c94185acaf8a45427c02085b7348e8ae0594a8ff3f1aa37b7d331ef1f1f5639e878284efae64e4dc2a42c902f5963ae3b06bb2b3fc07d578148ea055
- SSDEEP
  
  12288:vbk3ij/U1oaHquH/iBDYca5mLaQSPLsdlPeCzbF+1us0MgC9fZFoLE03/4:vY38oHz5mDSPLsLPe8xjs0MgCPFoLN/4
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral17 behavioral18
- Target
  
  Client/SEBarVD.DLL
- Size
  
  64KB
- MD5
  
  1efd76e2aace830868932fc98f64f3ca
- SHA1
  
  25fa1e5a9d08f835995bc853345139ccec1e110e
- SHA256
  
  eacce4a99e3fe861f7b21182c09babe22961ca92d2a6382fdd11f3bda0c27068
- SHA512
  
  c2b7c93ae500f02e0d3ea14b60c864f3c19cb1c2153fd34454d9ae1188adb538398f8984304a342f11de79332be148ee76f99802d019b3ba06cad3f3a84b46c3
- SSDEEP
  
  1536:qehU7eNb2pRYqZewBTik99WHmd60IKwzg:XhZ2pCqZqmM0IK
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  Client/SEIEBho.dll
- Size
  
  432KB
- MD5
  
  91b1fb94c35384f946485ce49a829c74
- SHA1
  
  61933446cfe318778aa74af842a96961bbfa046d
- SHA256
  
  6a98274d799bfe1ad2bf58698793fc0f6d1313c74364fc5e90446e2a5347d68b
- SHA512
  
  53d93d5e2d2f6d8f8001eb7763f7d792dbd563218df4b9c561a94789669ea6fef1beda0b266bfadfb8c095c5713c04d239f77f373f84155a539b0acbebd1cd87
- SSDEEP
  
  6144:I6epeOiQotv6HSIJA7f/r2TYvSEo34DmX2yXyj92JcmnWzwlN/gR7cM/XO8GlXR1:Fepeaotv6HgT16X2wyRknFICmO8hc
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral21 behavioral22
- Target
  
  Client/SExpMenu.exe
- Size
  
  1.1MB
- MD5
  
  d20c8c470e105c1eccc1082ce4ac8cec
- SHA1
  
  d2be07dc4447db0573b18cf7398eaa27ebeb0c88
- SHA256
  
  554b4aba7109a17c11e8c7ed5aba12ff2934009b4f87e272bf7f0eba3ca01397
- SHA512
  
  bedb1725f0f05368783b5ae489e6e0d3ff102eeb653898fa708332f63135262bb89cf88ee9171c0d30613b093c950303c02fc3c3e9b06d0b0df0c39631e78c6f
- SSDEEP
  
  12288:Iqr66eT0ekcpOJNebPx0IBVMHWSY5EZITfGS2VyMSQs5m3htChjbtNvwIx/HBPqT:O6egjeuIcxZIyS20MSI2hjbBPqxn1
Score

3^/10
behavioral23 behavioral24
- Target
  
  Client/SyncExp.exe
- Size
  
  1.1MB
- MD5
  
  874f885300027c7e24d02fbd48efbe7d
- SHA1
  
  f40a7e4db43f754f274010a9b2fc4bb3d03b4917
- SHA256
  
  a64f136fafc9dde40caf995aa6558e2e2cdbce11665066438183782ce6d8fa3b
- SHA512
  
  99a5b0c7d3b17ae279e3d797626a44f553ab76f2f6201f9a929fc5237cf690ba87369fc4d4611a544eb5334c28ea8987d360e2bcc1c40e3fcc03913ea953a273
- SSDEEP
  
  24576:G43aSrUtq6fS3alSTnC/vRTWKOqhj4If/rvCvI:G43apM6JKn6Fh4If2I
Score

1^/10
behavioral25 behavioral26
- Target
  
  Client/SyncExpSim.exe
- Size
  
  872KB
- MD5
  
  c739012257f3881c23f3036394e373de
- SHA1
  
  6eb8456472b0e4f85c9205274b6de2e4beeb54a0
- SHA256
  
  23a5b7d89f8719ca758c565c5f74db518fe261087a8c71559be5ecf909131e97
- SHA512
  
  08bb4c419e7f0fd70353afec06d6e5e3a3c4abff08c6d20e5d6a4790f5be9daaea0e6b9233e78e3ffb3aa3dac7ad8b4cf9ed001c8d491dddab39972613e3ad3d
- SSDEEP
  
  12288:09f1XN9FGoGoK7d1uGmMg9NWSBS5qgS7UjAkonY4rfAo5OvSaNABsP/twf7mHEHp:cXN7H/NQwg4vjAouSaaBVfsEDt
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral27 behavioral28
- Target
  
  Client/board.rtf
- Size
  
  1KB
- MD5
  
  ecb038060fceb6266aef496517990356
- SHA1
  
  3e28c12b73381d51197c6000aa89b16b66db7df4
- SHA256
  
  f5e259fc5a311e12f952566105193e9944b2d46ead720d85f3638751f68c22ab
- SHA512
  
  68349de700a7cdb9d2ccefd7bd94e50c0a615e81037c65f0bc575b197315b781a6e74fba60d69d14817e28b16b9715a0a45528b66ac692e6276845824de4eb9b
Score

4^/10
behavioral29 behavioral30
- Target
  
  Client/nQMailer.exe
- Size
  
  480KB
- MD5
  
  7267a267fda78ca30e36fa2bcac8ce09
- SHA1
  
  49bfcfd356b9bf716c9e77c5581cb29aac69d741
- SHA256
  
  5979d135530e3deaacfef9318a85d19a58e3a3a7010830f23ad375379d660c9b
- SHA512
  
  d3641ff8ea4737ecf0b8da1b67ed902abc539071f4649971ce3ef33d1eb538fe13051ab69e4c23f8a77fa21fca8cf8ffdf204931d267044a6f85420f2ba039c4
- SSDEEP
  
  12288:uFwm7eeXnROkg1oytE6wAnRq70xGI3a+OQSNZzSfy7xYkpdz2TGUDP3ttp6mKY:uMeJQYzjmP3tr6m
Score

5^/10
- Suspicious use of SetThreadContext
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Sets service image path in registry

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Suspicious use of SetThreadContext

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Installs/modifies Browser Helper Object

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32