d1132df2f76ce5a708ccf760732953f04f7922aecb2b86e9a5b1dd35494da72c

Sharing

Copy URL

Twitter E-mail

General

Target

7b219760ef21db1912738e5ae7927967_JaffaCakes118
Size

12.5MB
Sample

240528-a4xyfagb7s
MD5

7b219760ef21db1912738e5ae7927967
SHA1

92fff6ad7f99ff4c07735e1aeac3ee83e70e4f0a
SHA256

d1132df2f76ce5a708ccf760732953f04f7922aecb2b86e9a5b1dd35494da72c
SHA512

391296f4e9b108210fa620acf166b602f931a460a9e010a5f4b5056fec3744d8b9afeb48a84a3663d60a35fc7cebe1326fb19004e0aeac417c59ce0bc3eb4c21
SSDEEP

196608:bGwncZBiQktIdybz9Yw7GF6GWhAwU4FJtYAZVb9Ek/727svBgcghWz+7ehQcOVL:9ncZrtG7yW2whF/LVb9Ek/72MgD0ha

Score

9^/10

Malware Config

Targets

- Target
  
  360Base64.dll
- Size
  
  1.1MB
- MD5
  
  78daff414cb587699bed6980cebbf8a5
- SHA1
  
  eafca98f4b33643162eec9b2d6e1f558e3bad06a
- SHA256
  
  d972d608bc83e3642a8236f8f482d60dcf3138bbed55ef86fd228ee96aa9cb9e
- SHA512
  
  0f60f11d6ddbc8e38079093cf0889b6fd8cb9c2fb598fc83d838776771ce4c78c908c00f8980c14b8eb8ffdb6ecae9561db1291ea5cb68bfe8be9c2f1493b32a
- SSDEEP
  
  24576:OeMfpl5ChnUgQym+D5Lr6GQlTB/lb8Bf:OtpvCV6SD6TBNb
Score

1^/10
behavioral1 behavioral2
- Target
  
  7za.dll
- Size
  
  784KB
- MD5
  
  675df218585cc989da3655a8c40f8f43
- SHA1
  
  adfe145af9129f52164d32b1c055832b9f9a0313
- SHA256
  
  c797237dc1afe4a72fe44cead190d0f93d24c9444b0df135581fa11934dbb85e
- SHA512
  
  2f7b20000950ac67082ac046887932dc19bfb615ac58739fb426a7beaa402b7bf0fd0f81ac9da4b7fb824bd769627826a6ce479ed737a57aba07d009b22021a7
- SSDEEP
  
  24576:sITUed6re8xVQW5eZqfpMAHBEMiqqqYv0:pTge8wWqqfHRqqY8
Score

3^/10
behavioral3 behavioral4
- Target
  
  DumpCreator_x64.exe
- Size
  
  129KB
- MD5
  
  518e15c451374865735f3e3afd931d6d
- SHA1
  
  4ba28eaf23a9f3a645cf38049d8b5a8dd68a9972
- SHA256
  
  471eceab741d3121ad6c9312b876e6315541e7a4cf7761b4fd9b5fc3d1db70f7
- SHA512
  
  230717aa05f8b57282e32cc3dc405113444a709afae28a1166eeaf9efa6959e6b2ea6b8a70201ab3944f32e327408188a94cfc3b88fc903f9392d5192a37ebba
- SSDEEP
  
  1536:9k0CdgroxlsjE/1vrGXhWyKGRo1s3pjIB5g4AC3pWTjo+0ghx:iXdgro3+E8TrR1pjIB5gwpWTMy
Score

1^/10
behavioral5 behavioral6
- Target
  
  DumpUper.exe
- Size
  
  686KB
- MD5
  
  ce1696485ad018ad2bee84be3875b049
- SHA1
  
  49ec38b481f5a946dc6c3d8cfebc9503a7783548
- SHA256
  
  5a886bb855189d4f9344f63a2aef3cbcbec4e9dc8afa411721561758cd0e0b46
- SHA512
  
  92e2787fdf1b4e24d4d3a3a02ba1327efbd05d83f5de74bec86f1f7b4300728ecb7fe2952562658c8e60e64370944205a558e2569c0dfb74316fddd6c039cc64
- SSDEEP
  
  12288:8QGJD2hWogy5E1I4mkdjA06zkRUDWOOdeSnLMmATCZLM0Kf0PJ1Kcs:UXsEawdMkRlBeS4PTC08Jsr
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  GameMemoryOpt.dll
- Size
  
  513KB
- MD5
  
  1879948b9af2572a7c3b0841422603f9
- SHA1
  
  fc20653f50e6d32a621c104b286f1671ae1ac410
- SHA256
  
  9638678a98ed5d3530cc6d794506f61c6bfa70c7d57326065e75fcc4f37f4382
- SHA512
  
  cd1b19bb9f645beb0536d994e599acb839112007cc8ead162c989ea2c93bef9ce9851515b239ccfc17f6aa11534e141174c40a9ff712b0d0d9f1cd713d00b971
- SSDEEP
  
  12288:1zXPhDpl/A88izTEqdcv8fDmZjXhoyfAXK0:f/Acoqdcv87mZjmyfAXr
Score

1^/10
behavioral10 behavioral9
- Target
  
  GameMemoryOpt_x64.dll
- Size
  
  611KB
- MD5
  
  3e0dc4db77e7a5feaa7d6be62592a9d6
- SHA1
  
  21b968369a2881386fdf2109a84e1f05dbdb76df
- SHA256
  
  83119bcea617e27954fdc545ff07c826eeded29a4283d1daca9116a647ad1f6b
- SHA512
  
  3c0eb32826069a8fca17488fb2d8f768f2160a2a11b0ded06cf12e87d0bacfe6cceff44322c5ef8d44a9ead101734e3aee7f2adc644d519233bffbf6cb47e43d
- SSDEEP
  
  12288:50/Cc8xSbBAXHqCU4EfuRZiCwAQoyfAXD:50/C1SbBKqCwWR83AtyfAXD
Score

4^/10

persistence
behavioral11 behavioral12
- Target
  
  LDSGameHall/LDSGameHall.exe
- Size
  
  5.1MB
- MD5
  
  728f856fca04ba6ddd98e90e2d720968
- SHA1
  
  dcfbf627f49241023ef5dcd80689fc3cece893f3
- SHA256
  
  7b01d636cc4adcb5bd99906a68dc1c3090ea4e91cc7c7de6263b7697b391ecde
- SHA512
  
  eb2eceef9c6b10350ec8e0f51e7335c3a55b19eb62cbdc048a739ceb90afe7f8756d05396845306d6cda6d6d31fbbfe06262b40cca91dce76c196d0b48efb88d
- SSDEEP
  
  98304:HcEzW1ERES012WRxdos4MB1yLSgGo01eNbIe/9ErF:8bRISB1yLSshI2ErF
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  LDSGamePlayerPK/LudashiEmulator.dll
- Size
  
  430KB
- MD5
  
  d03abf8f5716a2873a5d6244d596826f
- SHA1
  
  6989a1be22ce112484459472708f59b880842538
- SHA256
  
  e70bc77297f915a34c72f4dc809cf18799b17272afeb994b7f5c16d86991c96c
- SHA512
  
  d7c8e18a507bdf87aff42fc3b164ec042c327bbab51543bba50012b2a107f77b7475a94d56d45bfc246c00a4b3113c4a39afc383c51059fc3b95a5d021173db0
- SSDEEP
  
  6144:PNp86HT8uQLkT4+AHcOHhDL0VmBKP4EpbAOwAOT/5rLcP:PUqT8bkMzAmMP4EpbCxRrLcP
Score

1^/10
behavioral15 behavioral16
- Target
  
  LDSGameVer.dll
- Size
  
  17KB
- MD5
  
  2ca8379fcbcbc54d81501158934f0b1a
- SHA1
  
  e879562dbedbc76b3d33992922208d6523d40c42
- SHA256
  
  4c822c5c2ac615723ffe590eeac3e54776918c9cc0d1f5123daeccd9025e70bf
- SHA512
  
  aa3680aad33841711917085c69c3b8fa4f6947fc60886edc2b5aa8099adc6f49840108027a2dba1aea8e7675a87b11c74be2ac75a58045dc17ce70c003c2ad51
- SSDEEP
  
  192:7LwQjS1RAatVku+pdhh24rW58gr9ZCspE+TMYr3ATA5crwh50V/7QKvrfGfkMQ3y:7LwUiRzI7deM/6I7QKvrfpMQ34YeDB
Score

1^/10
behavioral17 behavioral18
- Target
  
  Plugin/ConfigCenter.dll
- Size
  
  443KB
- MD5
  
  e3c6ab52c6ed4d14e7fbfc32309f3ba9
- SHA1
  
  f372c4a8599d46ae23ccc9325a08b9da689d86de
- SHA256
  
  c0d5a190b0daa1e06ddbe5801827b50eedf6bf70bd48271686a613726c97d04d
- SHA512
  
  ce8e2fb5c982b8c0c4622416d4af5a7a648eb793e027ecec6ee522b1cd7119490e682398a2847fe4c7e19b7a525577e5ae978544bc647d1a879a825957149d9b
- SSDEEP
  
  6144:iCkfLsNQigo5pnev/CX7OXcwxhH7n1W7FDcYBXAOQtghUau6:i1AaiTvneH+7OXR5w5AYBX22O6
Score

1^/10
behavioral19 behavioral20
- Target
  
  Plugin/ConfigCenterStub.dll
- Size
  
  226KB
- MD5
  
  1fcd2e7a7201286b8dc26f241f953618
- SHA1
  
  9d6b30df85e8ed16e72d2843b38f43922d9568cd
- SHA256
  
  fc5b93b4a773c0d8f657c873fa210e1e7702c8948163a12ad88e32771eaf240c
- SHA512
  
  f4253da097fbbe6f265339bef875374a5e34de85a0e96869667432b4466be505b503a28210a3e56f7dea28e0a50ef680b59493b0ab3e17eb03c853a621428cf1
- SSDEEP
  
  3072:paUfIPxGuULh0UJFuPw0W7rz5gzvVzEpF19E25QAZkiDt1mFk:SPx1phwl7rcNzEpJmmFV
Score

1^/10
behavioral21 behavioral22
- Target
  
  Plugin/PopMgr.tpi
- Size
  
  1.3MB
- MD5
  
  62787027f2adf82c2e1f07b93eb964d2
- SHA1
  
  7640575961d58f414e5f2ff78ac1f34aa7c67d33
- SHA256
  
  15675015eefb9bc51e991f3a0fd05f836694dca01a9b7fcdd1e42ffc7ce727a6
- SHA512
  
  19f935aff0056df79a62b151ff09691967c288010ce99c3d99b388837a32271b61dc7a5d11ad459aabe625d3a169b4395289eae3cfdcb4cb5c15ad18b435948d
- SSDEEP
  
  24576:K2QO56cvFDe0+KpYQ0LnePuoIR3T6XtYhLkjt5xhX:KWbDeLKpYQ0LnePuoIR3wtYFkjt5xhX
Score

1^/10
behavioral23 behavioral24
- Target
  
  Plugin/PopMgrStub.dll
- Size
  
  1.3MB
- MD5
  
  518da492cfbd3e8faa7eb3b8b7a68ad0
- SHA1
  
  274d3c5db56923a770f23518775e9748abb2c21f
- SHA256
  
  73fa5520e612cd8f15eac65ed5df3eb8ec3dd21d411d6f9ffc003d6b37d5af3b
- SHA512
  
  ceca19d31f3cdf1c6a70238a4309f7569b5908c5c6f981434ff284cd48ef82528cf56b06700854e25fd3df9059ba2ecb6491bf0b8555582c7cbafeedeb1a7f04
- SSDEEP
  
  24576:ED/1gTa2SAc25iiWwdZnHLGh/l+YBsXRk+liYFhMmEm9HZ:Eh2Xc2MZwdZnHLGhl+YeXRJiYF6mEm95
Score

1^/10
behavioral25 behavioral26
- Target
  
  Plugin/RunExtention.tpi
- Size
  
  410KB
- MD5
  
  24ca7ac4d0412adc64c88c66b8b5f013
- SHA1
  
  c113a62b140a4edcb52a003ac6b5a4ad14d6371e
- SHA256
  
  22cbef303dfafa9b192e31b803178083010dfa7de716d8da9dd32d046dc8e946
- SHA512
  
  969ab24e742810f3ffa56fd4e3fab6087557b585bd38b292c632274fd004e2c6f11eb1b10510bedea8c7d102de326fa5dfb01eaaefd8f9ee7e838b8bc23df3fb
- SSDEEP
  
  6144:Ynagjoki30GF8kbBfvsJQ8JPHpl6LbzjrroENm2eK7mnoUSgpAY8ODcDcm7cIsQ8:10KlBEJPpwf/ozDSemg+wy3f7wI27
Score

1^/10
behavioral27 behavioral28
- Target
  
  Plugin/ShellExt_x64.dll
- Size
  
  393KB
- MD5
  
  0d83f9c3fd4686065c2b043cafc6cbef
- SHA1
  
  21d1d93bd079269d5b80685caac952d097fead21
- SHA256
  
  653aba53aa7825b89065daccf985fce3e7386d5891f1ace71e79f2cd326c4ed8
- SHA512
  
  271cfecb7badd32b968d2d3535edca6ab08ce37e863371c079d34f8f5c0cea2f3b668ae42aa10343ca3878ce402481c20427c002261a0d0d21da56b51c978c17
- SSDEEP
  
  6144:nmE1o+/RLkgfIs64GhIL912xqtpCFZIN6D8jWiLLaj8TBzGcBXIi7NRCvB:nmE++ZLkgfp64GVqi7IN6DQjTlGclf8B
Score

4^/10

persistence
behavioral29 behavioral30
- Target
  
  Plugin/ShellExt_x86.dll
- Size
  
  352KB
- MD5
  
  744cf96dbd2755c2d35ffb9585bf905a
- SHA1
  
  3acd2db4152d44e26341884786cfc44e00237ccb
- SHA256
  
  3a643bff2038e2b841f21264f152cab26f352d47f979f311853b975930250803
- SHA512
  
  c24aed66990d9ba63d51354374d6ed91787e7173e9ff25d548fcbeacd8918f3a606aac35c398f84f274e4aa338d49a2659a121fb7e269f0f17cb3f1c3581b3df
- SSDEEP
  
  6144:aUzrcRjZ7vtNL4166H3N0hEbUQU20KWZYpUa1ZxTBpGMWM0B4/K9uQ:jcRjZ7vtNL8qc0KWCUa9T/GMWZwK9uQ
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32