cb6bb334e15093e624d5a39cac6e119515bc961ea5a1232ab4aa1f6930f21584

Sharing

Copy URL

Twitter E-mail

General

Target

768be2bb7696ac531c86239484e01d01_JaffaCakes118
Size

14.9MB
Sample

240526-x1bblagh5t
MD5

768be2bb7696ac531c86239484e01d01
SHA1

f6cb62a4d3b032f4fa4b7aefd2b10a2bbc61d8a7
SHA256

cb6bb334e15093e624d5a39cac6e119515bc961ea5a1232ab4aa1f6930f21584
SHA512

680f0db56f418999f18421a420d12385fb9d203da5daf0877cd9e1134fbf7d8c29229ddf173dcf6e06f49d62c91ad5581a914f705d090374c4ace31421b42c38
SSDEEP

393216:lLCpCbVuqCiV4WZGLyvqIWIaCu6EyL79Iidj3XEIH:9Sy7CyxZnqIj3u6t9bR30IH

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  768be2bb7696ac531c86239484e01d01_JaffaCakes118
- Size
  
  14.9MB
- MD5
  
  768be2bb7696ac531c86239484e01d01
- SHA1
  
  f6cb62a4d3b032f4fa4b7aefd2b10a2bbc61d8a7
- SHA256
  
  cb6bb334e15093e624d5a39cac6e119515bc961ea5a1232ab4aa1f6930f21584
- SHA512
  
  680f0db56f418999f18421a420d12385fb9d203da5daf0877cd9e1134fbf7d8c29229ddf173dcf6e06f49d62c91ad5581a914f705d090374c4ace31421b42c38
- SSDEEP
  
  393216:lLCpCbVuqCiV4WZGLyvqIWIaCu6EyL79Iidj3XEIH:9Sy7CyxZnqIj3u6t9bR30IH
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  CalcHashAB.dll
- Size
  
  1.2MB
- MD5
  
  2fee6586488d8e05ec83cf13c7396c6d
- SHA1
  
  ce38a1c2e2a3251f88e9c2eb1757a49d305e10e8
- SHA256
  
  87247a454d9a545e7742b05bdfb44c7124f2e7762f3e008c6a7f5646a018dac9
- SHA512
  
  e6cca8a6dd3243353b4eb50ea5c1507b7475928f41f05abd22bf2dc963c853fba79ec1fdb51fa282c9b4905b9adea35236e5bbe52d6fa86d8aeae46a097e05ac
- SSDEEP
  
  24576:BRo7AfCUuKsOMmSxpeH6FzhjnQf9XPCRh:AAaULKxoH6FzhjnQ4Rh
Score

3^/10
behavioral5 behavioral6
- Target
  
  FatOperate.dll
- Size
  
  124KB
- MD5
  
  4869e5dffcc9af53e141cbf1afd53458
- SHA1
  
  ff82cfff2d0a58d57cfe1b55eed85c84262f50ce
- SHA256
  
  3c4952c92ef57e000f5828f4b15bc16bdde1733320e5207c6993d8c5b9ca6795
- SHA512
  
  9a667c3f8ff36f3d66e2e6c4d3df8e6887e63396b22b742c6e62990c1860638a24c45a547dc5c332634f9216eb599ae8df98f69ae6b824e98184ec863f4020ab
- SSDEEP
  
  1536:mTg8mPw8d4SLbmRPt4Ntxn4tBTjzHS9rck5QyuIoaGsS5:mU82gkbjLprzuIoaGsS
Score

3^/10
behavioral7 behavioral8
- Target
  
  Initialize.dll
- Size
  
  140KB
- MD5
  
  a30ad6caba8473971b070550163c1eb5
- SHA1
  
  2b18b292fe8a7a67843326b8d1523c1784534e7e
- SHA256
  
  f6fad8522fd834ed81d2f9ab0fc6a77c12cc0c73e84d9c907f16f1176744d0ec
- SHA512
  
  12d216b79cd2f09ef79b468d6bba84b8733b88608e4a7aab9a1d53ab926d4601d66abc88fd9ab88c4f26f2ca214bfaa1c78ad08bccf17512f6f3b27be9bc322d
- SSDEEP
  
  3072:N1pLEMzM8zaEa0ao5C2BSK/dzmZLPWVSIrIOl4kyoVe2uBpZqv:zBa10H5C2BS6daZqrIO3veNcv
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral9
- Target
  
  LibSearchFileName.dll
- Size
  
  10KB
- MD5
  
  6ad8e71675d4338bae651236a41bcd4f
- SHA1
  
  4108802749d6279b9cd5aa255c3d14a740f02d25
- SHA256
  
  97a1a10a37cabfe3d9408f57b75ebaf895a6a39ea768f2220b1de72865d157d6
- SHA512
  
  430235848e56b6d273f2fcb35a0c78dd45b2a4ae22f6c3ee38c54af91ce4d2daefd4eeda4f19d59d2b44bd65e5cafbcca99e220c9e3ad49f2ecc2047aab06d48
- SSDEEP
  
  192:xyGAwNjsImvrDfhTlZycPhrUCfkTi0T2rOR3XzVR688p2yIf:xyBwNj/mvXhT3ycPhrUCdnOtDVsRu
Score

1^/10
behavioral11 behavioral12
- Target
  
  NamePipe.dll
- Size
  
  120KB
- MD5
  
  33cdf982159eade45da4b3d6c918135c
- SHA1
  
  33fee61ce7246084f1cf9c690cec108f2d140f70
- SHA256
  
  8b73c12d01551312e50f2130ff46cad309beedf09c10bb7ed0d0b9524b9aac7c
- SHA512
  
  92f0002ae2b2dbefae2cb40f3a8f3a069385fa9c41ca7889a6c37da2c1b761f0b09d9ccee3608cb55f59edbc38fdb820fb2e051710cf284662c0732dd353ab3d
- SSDEEP
  
  1536:t/0SnJ4AXldgfKjrgJwzRRs/w+W15mUcqMcYp1EbcC88sWjcdUB3lVmr3kF+f:tc6acIfAGCPsvU5mj1Ef8jUZlVmgwf
Score

3^/10
behavioral13 behavioral14
- Target
  
  NtfsOperate.dll
- Size
  
  136KB
- MD5
  
  6cb7703ba2b48c04ab145418b49d9f0d
- SHA1
  
  43e92850218380990a38f878e237667f8398b42c
- SHA256
  
  4768f0368a787d0de3a5b2662b72e6bfa3a158ac859c2a7ee2e2a1fed21f8fc0
- SHA512
  
  730ebbdf9c22ced0bf7b4275e8a3f72625e589a494fb21707ced5dc4ba9e11911f88259df082cc5ff14c455c60f131de5f5d41985c36f1f734f2f0418ef94c61
- SSDEEP
  
  3072:itQul439NZiYd88+HS7SPlSUmoB7pInBGM:itQul+NZiY97SPlT1iGM
Score

1^/10
behavioral15 behavioral16
- Target
  
  RecoveryPhoto.dll
- Size
  
  494KB
- MD5
  
  ebe9775644ec17e30448590caa45b38b
- SHA1
  
  0d2cf6de98e25829ceac41a26530e642d0ed337b
- SHA256
  
  c0e8329a9a93ff2756a248b4cca90de491294c02e11baf38d3148a7e1d322226
- SHA512
  
  fd68470268862d7fea8d10957fc70b2e186d3fefafcb63697b3ec79b75ff5187a90d89d28f556239ebafb78963e921d994d65e92404da8dd95468e407681dc2e
- SSDEEP
  
  12288:K6Kv0ihp+FDgzWxr8UfbHBLEOrKiEhv7evvpJII/Z:khhp4DgCOH0vvpJ
Score

3^/10
behavioral17 behavioral18
- Target
  
  SaveOperate.dll
- Size
  
  84KB
- MD5
  
  c340af10085de4a8aa562da13bc03267
- SHA1
  
  77e0646d1160dd8b8e3399854c573b1712f7ec07
- SHA256
  
  c7c53fc1d29f12103bd847cfbde62bcbe5f7c5f169d0d973016a4dd583188aa2
- SHA512
  
  f16fcf84bd0633c861929ccaa1cdf628a4562d79528dc30dd1f5f75d27a34c949be467479ee13e1273ff432262d496f73560483dbf518e05b90d8d3ff81f5647
- SSDEEP
  
  768:iXc8P4o00m+CusjIlenL3iVay4lJLIhTozIo37PNW1zuageMU4p2FIvSR6uE6RMx:mci4N+COK2Vah+ToqqFL6RWovnFk
Score

1^/10
behavioral19 behavioral20
- Target
  
  Tenorshare iPhone Data Recovery.chm
- Size
  
  4.5MB
- MD5
  
  e891858a8b20091684370537ef5f53ad
- SHA1
  
  5e45e44a30167a974092b5b996f72bf3b773f11e
- SHA256
  
  de7ea802c40af601e59c906a2ce71bab5262365ac38e2ff0a98a3710e9b4a4c5
- SHA512
  
  6a282ac3e73f8134a3ba8470e8b70a4143bf8003b4eed810650e3e04ccc792f183cc4e27a974c3ec9102daf3f874cdec14469c9c93c17bcd482d344c9268f1fb
- SSDEEP
  
  98304:YW9f/rstMnwoAviIM1JwQBBPEVQAbV3stXs78VuPu:YOf/4W54g9m1SJs7mum
Score

1^/10
behavioral21 behavioral22
- Target
  
  ThreadCore.dll
- Size
  
  56KB
- MD5
  
  7bf0adf3974cabf76979b2e7f3ff040f
- SHA1
  
  498f5d82333b0e55f260d0f7619a3ca2a569e6b6
- SHA256
  
  931b6356e12b10322051fb3b30dd00a6c77ef4a202d9fee1c6dab9dc9dcf2d58
- SHA512
  
  1d49eeef3104c1bf35e96087814fe9a0ab9b3c7e8887109b9401e0855440521ad4891b741748c3be6f78b140c7ab130f2e9a2ee2e97e923ba8e5c3d721b10b01
- SSDEEP
  
  768:WOOzbrMjhdI8b07W3T4DqJsS2/P6ejj+G4Wo7xEBqFhOg+jTG8Rta8k:xjIh7xDAvKKGq1EAOg+jvRta8
Score

3^/10
behavioral23 behavioral24
- Target
  
  Un7z.dll
- Size
  
  1.0MB
- MD5
  
  beb162bddab0f4a497fbbb76c5664f09
- SHA1
  
  75a97fa5a1f7fbe8dbf0fe2ff1848476a796fd2a
- SHA256
  
  267a251dabed52e8e62600770153e57efd9ab742f164282d691858dacc3e252e
- SHA512
  
  736dee120c31e02b2654e7f9a3a6e31b10d073e2ac99b5980f88669fbedc8303a1544ceb36d4999c85a97962898a12137971a90c2f0d31b0ee4f18a4becec604
- SSDEEP
  
  12288:7RsxWw29zdPSxEu4IrJBtC/Kv75tr8JFS4FRQA6vItBzBVIeAiOP1cASeZYfkhz:Fs92k4Antr8O4FRQA3tBweAVq1
Score

3^/10
behavioral25 behavioral26
- Target
  
  audio/AudioDecoder.dll
- Size
  
  775KB
- MD5
  
  03fc272a4c50cff36f70736edbcce65b
- SHA1
  
  488c228dcb44f000b9965a1e2e832c863f9614c1
- SHA256
  
  7c465a3fd8f15b6044af9394ff4c12d62be88685dc3c98ac39927c46f50ef7aa
- SHA512
  
  3f2b56953e203ef67947a90b8850aee000ca2b09fef16d1ea8d6a2a4e9512485fbab5e539416d4f35b1a911e245a0ef7b58421942ac7c57c142a5944ea97ec95
- SSDEEP
  
  12288:mOV61jKBxfUpmYOldacDazMyJEtjZKEZ0p7V37Nkze+TPW9OyRhT/lc:wj6fUpbcDaVqtKEZoR37NYjTPG7P/
Score

1^/10
behavioral27 behavioral28
- Target
  
  audio/AudioFilter.dll
- Size
  
  61KB
- MD5
  
  bad26a8ebf87dae047b8e3595a417d96
- SHA1
  
  f2537b30a25a65c753b7cdb2b5d65b73d45a030c
- SHA256
  
  b9f9ab3dabfaccbc5b09e93cd74ed0a1e148350465829e43f90a248e2c001ee8
- SHA512
  
  c5661d80aba11e477888db7ab37c60e13189d8b63f7788acbe7a4555b866b3cb72cb66be2533b9e9d856dc50fec18ee6af93d95199ea6a2efeb96dea1c7dceed
- SSDEEP
  
  768:fOjgnIuT93oDDXXTZfvll73k4yENkVV3HVFMSi68AStnvzE7U0mu4Fa3NAR88Ri+:fygnTT9YDDXXThgNe/tnv+rh3mRiwPi
Score

1^/10
behavioral29 behavioral30
- Target
  
  audio/AudioPlayer.dll
- Size
  
  98KB
- MD5
  
  000577144340d9bb127a2b6af6681e02
- SHA1
  
  59d2095d6ae329193b7349491cc27762b440858d
- SHA256
  
  3d15f7ca60c98a6162445ea130c36bf84c18470254c5b82dea5430356abd9f58
- SHA512
  
  6951ca72b75ef7e488311ec4c2f710ea8e87d718b577046b4e1f5a33905da40105024708e48baecf6b33a717b73930411e543fa7237c880c4411679a02e12bde
- SSDEEP
  
  1536:uW8KVX8GbWCOyKq7ydruFtZWu+vy6inEmvIv2fHl+kUu59Rz7Ve3l:uWVXvDdfPUu59Rz7Ve3
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32