74c1b2770fba853e40bd68d5618894bb322f8dbddf46eea3e77ce2a291c0143e

Sharing

Copy URL

Twitter E-mail

General

Target

71b391e127c94e0cce7fc68462b565b4_JaffaCakes118
Size

6.1MB
Sample

240525-mvg7vaed93
MD5

71b391e127c94e0cce7fc68462b565b4
SHA1

04897656d7075e03e1084d86de895c668964c52d
SHA256

74c1b2770fba853e40bd68d5618894bb322f8dbddf46eea3e77ce2a291c0143e
SHA512

35b5e7b584d0b5fad3fb18f8cf79a8bc18dac86407c738fcb0835bdfad0a0cf257fb7b0a9dbb672fe0228faf78f7342f0c9c30d61274de85b45c69dfdd89fdfd
SSDEEP

98304:yOvt82ATdshojmypgJuKU3SUalZ/YpbVu6S/9EY6VbTUpa+iwTqEuQKSTkOoC1S:yEAOhi0u3olZARVnUKbYpa+JuvSTnS

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  xlbbqmrj/CnCalendar.fne
- Size
  
  256KB
- MD5
  
  5546525bdd17f8be8807a94a55fc0d6b
- SHA1
  
  0d4aac5fe9ddd815b0b574082e7e814997329982
- SHA256
  
  a0887aedd8f6ca1686545357b8d82ca9a55ffa7bb09855f8f9ac4eaa85b74ba1
- SHA512
  
  c951d5647c3379bfe9ba148f13c7131911387877d7de2574c681fbb53d523030251f7d829ee5428776ab4bd154959020e0e6b7f975e264d4d6d6abddb8fbc27f
- SSDEEP
  
  3072:lyjD30mgD4FcYJxCVuw2fte9BvKG0e6YV9Qdqo5Lqb/pZyZd+dQzBr9M9M0vT:G3BFcYeQw2Vw70Jl+/ptdQzXeN
Score

1^/10
behavioral1 behavioral2
- Target
  
  xlbbqmrj/RCX12A.tmp
- Size
  
  432KB
- MD5
  
  0f675c9987b960b4506c9427cbd33a14
- SHA1
  
  7431596ecf2fdde02334c9d203023e21b6d07699
- SHA256
  
  56d35016d0b60b899973e8ef685890b55315ec0be0172905bd4d51550ddd40a8
- SHA512
  
  1bc8ef66e2c584793acc47fab429fc54e10bfac27ccb35f893c62e713d38f031cd8a485f88b8d9befa3c4e55f4dddaabdd79b99b387bbb7af1e98ba4bc506d8b
- SSDEEP
  
  12288:gNsriw+RaqO+2t1AVfxDEYFjx3vv+G/DXyCUzU:Jpq/2uflEYFjx3vvHj4U
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  xlbbqmrj/cncnv.fne
- Size
  
  240KB
- MD5
  
  1882ccf17e61fdc853f44f22ff835c3c
- SHA1
  
  b6c86f8f65e725d709e28e3e7207a208e79867d7
- SHA256
  
  e7cad49deabc3dc7e1262e69a4dcfcdf2e8b668e4572a7d7aae3f4c554c6dc62
- SHA512
  
  ea1173ce21d57361129d7498b4a2e0c9af0a856d81feb057634b07f25e7140e9b96e1ff80559b02dd66cded5b47dade4625c5347f858756476027afb69ef839e
- SSDEEP
  
  6144:YenmhoYkWGurP7iblD3wTW7Xe4Ohp6u2aqaq:XnQsWEbh3wTWr8hUEq
Score

1^/10
behavioral5 behavioral6
- Target
  
  xlbbqmrj/dp1.fne
- Size
  
  124KB
- MD5
  
  210795f012450fefa80ce492560e32ec
- SHA1
  
  67d3d972a471804a284da45e05c92474de05e82a
- SHA256
  
  f901d0883e40c0635724b085b5b889b567f6347b7c41f7183377b79e27088fba
- SHA512
  
  8bd71d02d43004dbe2e882475d4f72e69a9cc2d8e442013fd3536cfdc71296c2c4c8121875785e8b1cb9f37aa6a5c94fed846e8068a6aab5e71252f166a7140f
- SSDEEP
  
  1536:1DSn+hfeTpCwAncpZ6Z8HTiQjl1sYiKG3oZ/:1DTReTgwAcp9lqKG3o
Score

3^/10
behavioral7 behavioral8
- Target
  
  xlbbqmrj/eAPI.fne
- Size
  
  320KB
- MD5
  
  f3bdb078e722c34956b370a74b518e8c
- SHA1
  
  5217eac6dbba8ed1819acf90596684f15e87b00d
- SHA256
  
  f3db44f1d7c4aaf281b9d8c1e9e542660e975e2abcc4d4927e78488303ca7ecb
- SHA512
  
  7878e0261561aa854489215fe725d1da63727805780a74658e2618011eca51999c925b63a6c962849376da2739db06b2abb7197acd64dc72ff50542d172244dd
- SSDEEP
  
  3072:0U0swaxu1SrlTvpSuKsZZA+CaHgepAPAdh+SmTsc05nJhonAfVMQDjwQ+9JQmRyd:0UHwakEr9p+AbCQpAIdh6mVMewQ+Lca
Score

1^/10
behavioral10 behavioral9
- Target
  
  xlbbqmrj/iext.fnr
- Size
  
  216KB
- MD5
  
  b666d864234e2586680de95a13259829
- SHA1
  
  bd6b1fa985e1bb4735c73cd6383e9c239493172a
- SHA256
  
  5f22e8d6a118fe48d37b3b83980d7dc8ea37ef6385bcede770c8e493df49635f
- SHA512
  
  10db4b6c571d1309502da04285b4280456bc951c5118f035a0be2a5c8800678371f4ed6754a38fe18928c2aa4f3efd685302751f7adef5f01e7952ff74f506f6
- SSDEEP
  
  3072:pGpIn8UDgrsrTW1hfLQ1EHPnVchvXZlLSJ6XS1uKJbLPiF4xTc3oUHhFw85O:zLWXLUgMKJ3xT2Fn
Score

1^/10
behavioral11 behavioral12
- Target
  
  xlbbqmrj/iext2.fne
- Size
  
  488KB
- MD5
  
  a26c8b99e1519f4367893b3d3cd8e089
- SHA1
  
  397ed55f03acb6fe65d9d7c0bdc418da34eac8d8
- SHA256
  
  ef50e3e48358902f33639ec25cf58ef1ee3e3138f431291e41d4c193dfec2524
- SHA512
  
  fa43f76a23e87721f631f19646ddb297e7435012d06af25f4e18f02fe48f1533617b0dc8b3f3de886078d988c22853ec347e14fa59d7f33cb5a731696063fc26
- SSDEEP
  
  6144:Yujp9xZF+ES6jisyHOzC8QxEksWINE1DfYmgykSjsUgZ43KyEPhuTwKF:BZFX5zC8XkBIm1DfYml7otm3YJu
Score

1^/10
behavioral13 behavioral14
- Target
  
  xlbbqmrj/internet.fne
- Size
  
  188KB
- MD5
  
  b925098c6a6330410cffb3994ef36211
- SHA1
  
  7467bb63d47ea2fa6dbf3984ede8d9e04b8ce37a
- SHA256
  
  f25727ce196ac0ab4119ab7968cdfe18425170b55012fc7fb26a3f824514d82f
- SHA512
  
  955ab8e3eb661cf575db0db77ca81fca16cdb3e29ce49237b1df1377d6f2aaff3c6a12bbc98a720f0a67292b39451474b97de31f696688a93547181991fffe0e
- SSDEEP
  
  3072:tpTEys+TR7yRoHzXjlhvtcxVIThpEbbAKNXoqlSY9M02MHUP:tpTEt+ycLHlCIThpEX9+XM
Score

1^/10
behavioral15 behavioral16
- Target
  
  xlbbqmrj/kernel32
- Size
  
  1.1MB
- MD5
  
  40976499c7e53cb02f35e0d07205f317
- SHA1
  
  6c48834267f4e99438c36139b46b4c7343a44d8b
- SHA256
  
  5c66544659950bcf1d58c4dd7d1dcc4c657da69dc8c678db0e4ffa16cef9443e
- SHA512
  
  4e2d49c2dd96175da669f1edab8a83a6df0e5f904174c26b42052c81d246b1feb5515a5594a88510940db7fed61d01328db9a7f0d8940b4297526538349ab88c
- SSDEEP
  
  12288:vwLw6PKp1IgSq1cNfxVNLww0I7OM4mQRQSTi:LpWHfnNLxwaQRQS
Score

1^/10
behavioral17 behavioral18
- Target
  
  xlbbqmrj/krnln.fnr
- Size
  
  1.0MB
- MD5
  
  dde0681ba7a02bbb1c9b756af7e53fd2
- SHA1
  
  eb1310a5848614d89e71e76bf6beee497a068017
- SHA256
  
  f1efcaa3a7b5bf98819ec0076984f4af595d595c2553f4eec454e6d96f2bf080
- SHA512
  
  1f9892ea5727159e7f0ec836dac78bd6923f7b803e5f39113a14c27b4bea5353503a7b998088cdf8ad0f0920e66a241c588bec0b2cab6b02157b54ab4ce30ff1
- SSDEEP
  
  12288:d9uwvXUjUEQRTykNsRo5uloubqAxxKYlNKVe0QhBOSIwflL0lA/2b:wjUB+ho5jAxUYshqBOSIw96A/
Score

1^/10
behavioral19 behavioral20
- Target
  
  xlbbqmrj/shell.fne
- Size
  
  56KB
- MD5
  
  b824c21472c72b34fa9e103a71b210bf
- SHA1
  
  8611a68c40c3c66c81795df814165b1338b2dca6
- SHA256
  
  544985bffdd00a24def65288354dd4b4b3b29c99d9e4965dba7463ab229c61bf
- SHA512
  
  d2167cb90019ed4353bca853ff8c2d1ea1923d0b7a19c253aa2680549e30c82557ddf76dd4d3dd2fa18d03e6802466999ded35b417cb80b8ec51569dee530d9f
- SSDEEP
  
  768:PeZWaAKT41c1IYc8HBbrYNYVw2Fj9oNIqF42eo6U:PBKT4fkrymV7oNIqC8D
Score

1^/10
behavioral21 behavioral22
- Target
  
  xlbbqmrj/spec.fne
- Size
  
  84KB
- MD5
  
  94cc7b07e7cd4a4ac9c168cdf365ee78
- SHA1
  
  8c77d680a8da93221b88518c31bb46e7510e962e
- SHA256
  
  eb3e86445fefda37f73924d9c566ceaf935c04386e3afc011324417d5e1a6882
- SHA512
  
  9759bf6cf2a033deec5d4808a04c98bba1f805d7f2713aaba65af5e49353f66212480e2b6ac6e190cdc3dbe0fd9ea3b94f938d7565b338a7cadccb4f0f4fd365
- SSDEEP
  
  1536:VcrPILJRJT/DpWc6hVoabwhfoeW7JsmRj0:irMW1ojfolJx0
Score

1^/10
behavioral23 behavioral24
- Target
  
  xlbbqmrj/wininet.dll
- Size
  
  637KB
- MD5
  
  327dee78b7478fb079d47be465330c68
- SHA1
  
  8f794aee59eec65cd3721c442993e8069e42233a
- SHA256
  
  58ed907f5b23c0ae1e77bc44066baa382d3fed41c10e12697e735667889d1644
- SHA512
  
  700bf7fe10eaa45425fef733f5619527445b1eac3e381e3e51ffcca8f0383d8966de459c4d114f851a1fdbdcbd9e2b329b8e7b02655fdec41125156edcbe34fa
- SSDEEP
  
  12288:UycpsX1VfbkvFN29xC5EOC14xefFc7HEiVbNK8EO9TbjSFgYqyr:Uyc2PDkvF0Ca314xeIVbN9EO9HWe9Y
Score

1^/10
behavioral25 behavioral26
- Target
  
  xlbbqmrj/响亮取名软件18.03版本.exe
- Size
  
  2.2MB
- MD5
  
  0f219347ae3491fdfb2701e63cb82404
- SHA1
  
  a352937ade59d1ca893ec276ada22fd4254ce6bd
- SHA256
  
  2356ee33e36ebec46882347a37e1152b20555ca6583e1c97486d0f75e220a453
- SHA512
  
  f2fa4ff8f1ed6bd90caa164c7501239207554c92e61be95de56e0f51ea70858c59f09eaafed9d6d4e6dfe6240139fc51fbd3b70b2cf493c03941040b2a7fa397
- SSDEEP
  
  49152:g1EwYI9A8sl+nTXA2xlEYFjx3vvzc6itS:6Tat2WS
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral27 behavioral28
- Target
  
  xlbbqmrj/响亮取名软件使用前必读.doc
- Size
  
  99KB
- MD5
  
  b5bf571693832856164dfc7c6213fe8a
- SHA1
  
  9c8b10b217106f6016255412e6f1f6f0f70be3cc
- SHA256
  
  6f79c58fe1c52bb3d28255e586173a994e75f9475aca57da64ad0fc1475582b3
- SHA512
  
  a14ed56bfe0d7235b03ea3889ec7f9270b0e43df3f5337c3bd5be894ff92fd050bf4f70d8fc1d0bc606aeb16c31e4ab3e3970fedbd0b721c69fa0ac3e9d0fd15
- SSDEEP
  
  3072:QentLqY8bRaGo9g3m9Ktv1G824oVHb9tg:QentGUxS35tUx4oV7b
Score

4^/10
behavioral29 behavioral30
- Target
  
  xlbbqmrj/响亮宝宝取名软件.zp.exe
- Size
  
  1.4MB
- MD5
  
  da742ebfa28f383f4872006b3468b29f
- SHA1
  
  df72f071a42cb01e981524e6a18f3785d9081e90
- SHA256
  
  31f8bfac897eaeace51733014331f7711b54c3afc7a23877cedfe54a1767f3f6
- SHA512
  
  246775c9533f32025cf6b4b51385f0a15d0c876236e194334b862d23e7c6a164857dbdfadc084f1ce61d0c94bdb43f453298c7fba31a663509b65bcbc38158b5
- SSDEEP
  
  24576:0gMiBu+yBakEplKHmcQXuWd/oNH0WeUb7R3Prbx7DtoBzToU3OZYApb4aUsqMXyW:0CBFlKGVuWWNH0+FiBzT9GdprqMyOVV
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32