e66d33caff1a5048e4a5b05e52de6b92957aadd9663265afe495965f9769a725

Sharing

Copy URL Twitter E-mail

General

Target

7de8831d620f6b80021a001b0816bbbc_JaffaCakes118
Size

11.1MB
Sample

240528-wvnjasef7x
MD5

7de8831d620f6b80021a001b0816bbbc
SHA1

52735138e212359dafe65cd538ead3921b37b4d9
SHA256

e66d33caff1a5048e4a5b05e52de6b92957aadd9663265afe495965f9769a725
SHA512

46b33f7ee5719f33dccb20f8c9db3a925d80ba9938055f645572bfda3f1daefc20fa40e670b03977474d05b2083f7f6f51e583a44bdcc1916cc8bf18437cfa2d
SSDEEP

196608:zYJ8eMIoGOcwQdMqIW/El74uam3dENLeOvFpfz+JwfOmqtEPWfS0eH6S7c:zYJXM0OcwcDS749xLJfrOYfaac

Score

7^/10

Malware Config

Targets

- Target
  
  7de8831d620f6b80021a001b0816bbbc_JaffaCakes118
- Size
  
  11.1MB
- MD5
  
  7de8831d620f6b80021a001b0816bbbc
- SHA1
  
  52735138e212359dafe65cd538ead3921b37b4d9
- SHA256
  
  e66d33caff1a5048e4a5b05e52de6b92957aadd9663265afe495965f9769a725
- SHA512
  
  46b33f7ee5719f33dccb20f8c9db3a925d80ba9938055f645572bfda3f1daefc20fa40e670b03977474d05b2083f7f6f51e583a44bdcc1916cc8bf18437cfa2d
- SSDEEP
  
  196608:zYJ8eMIoGOcwQdMqIW/El74uam3dENLeOvFpfz+JwfOmqtEPWfS0eH6S7c:zYJXM0OcwcDS749xLJfrOYfaac
Score

7^/10

bootkit discovery persistence
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $_2_/DuiLib.dll
- Size
  
  520KB
- MD5
  
  245800a8249bb62681ae36111ebb8c5a
- SHA1
  
  2c4ac5c2348e5842b871832e4682b277866c731a
- SHA256
  
  403d708997847a6ba5dc8191f43b1523b1250c4f1228604e880dbf3a3809ebca
- SHA512
  
  77631c8e191463b4715fcc70a9664cb67d519400f43affa53032d44ba20598d99f488160632cf22e4442fb8903ad5d7653a84983cd575ee95868ceb6b549c380
- SSDEEP
  
  6144:su0hVkZRTsr6g7Nfz+rPW2k9IjJm2EUlVK3AHzEE8JMdLwszBFFQQ5iTUQ:suggTslfzkMf2E6KwFZk4O5UQ
Score

3^/10
behavioral3 behavioral4
- Target
  
  $_2_/QQPCGameDL.exe
- Size
  
  1.1MB
- MD5
  
  e65651254bf168b62be506ed6200295b
- SHA1
  
  43a7d8b0ea2798dff76117598dfc992f621574fa
- SHA256
  
  af9a9f1b4e50c1f97c7ab2c603571d954ecb1e2450fe4d7bfb20200aa9507a6c
- SHA512
  
  ae37aaa692d4a32ef1054d3108c1d54a87f540ea7a9e29388bc078696d473fc4d36e9a114d2c8609c7fd465480da53ccaf0602b4ab952903536f99102641ded8
- SSDEEP
  
  24576:A7WfDJ50q3yHEfXGunbCAoaKSQyKLk+Gih:A23fWXAoaZQyKLk+Ge
Score

7^/10

bootkit discovery persistence
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  $_2_/SSOCommon.dll
- Size
  
  1.4MB
- MD5
  
  922212d3a6c2959ae2e1fcd7fab824bb
- SHA1
  
  2c8117bde0fda3269c967238ab239bc9534b3e8d
- SHA256
  
  aa2e8aa7f1690b2837bfebe05b5dc2d49d162ab6b6c5a5a5e00017332039eff4
- SHA512
  
  be65053b29c5feb4a1f2a5ffb2b574354702e8a1f3aee172840175542b6c8a19728417a2c473febeb4ecf23d033233b90df65cd1ebd06568da33c2da01c2a406
- SSDEEP
  
  24576:7obJkq3Oy7A2tuZ8aTHsTNlwX8+07bkgTbFfkscUbdXTvXW:oJ9OO+rsTsB6bF8sckdTv
Score

1^/10
behavioral7 behavioral8
- Target
  
  $_2_/SSOLUIControl.dll
- Size
  
  455KB
- MD5
  
  90c279a15aca8fb5c49e44ebcd9f1468
- SHA1
  
  cd8627fda648c817073ab95d45675861378bb55b
- SHA256
  
  b80a45987553102761e4b40c15c78a5e344438499efbd38fbb4cd32659894127
- SHA512
  
  a9b13b28bd1817c07ff43b62f4a80cd877646011c372bd2254a23ab2fefea2b03e922508c0ed4f1638e83c9f237cd0ae79ddcaabf1a219b959826cee450151f9
- SSDEEP
  
  6144:ewk3eV3WwuTQe9SECPc319fmlk5GRqGhs+/cvRpWgUtIflSBl3HGLGM3cCDd:cJLQwZCPc1Ans+/cvRpWTt0vl3cO
Score

1^/10
behavioral10 behavioral9
- Target
  
  $_2_/SSOPlatform.dll
- Size
  
  1.6MB
- MD5
  
  05775808640bed11a61d20aa6151eea9
- SHA1
  
  e58e28c08337ae8af061018028196e8037489bd5
- SHA256
  
  8267cf773bd9bfee3e7c414c676b71cb897dcc114b666366e0cd3a8a8a380b75
- SHA512
  
  1d0f9262ec1c27b2ab9f6f0f53d612c88f6213c10a0cbde01cbb93d9ee47efb51010260212a5f281295121db22acf9557e167694e92d9a479b5f109c34d267a5
- SSDEEP
  
  24576:rZ1nnTZ4JIonvTW68lkgh1bitG4tUNQdMc+92Mx55pL1iBUmz+IWt8kbqyI:rZ6v/gh1bitGaUGU2c55Ngz+v8kbqyI
Score

1^/10
behavioral11 behavioral12
- Target
  
  $_2_/TNProxy.dll
- Size
  
  377KB
- MD5
  
  858fc685a5bff591985394f9cdf9e289
- SHA1
  
  5970a28aab399d005885b9c6b79eafd606640fab
- SHA256
  
  3404212366a3aed4155e5d73d901e769a7005cadde5169a8d9677ab5a0585dcf
- SHA512
  
  620491b27ff281ad42f947fb9dbef3256624fe8d298740d6b9942627525a2d44525cbb9065d2ffa2efb0ab3478b8a33148fc9b0b4c531106cc8e421e2c59f0d0
- SSDEEP
  
  6144:H9u5ec95CL2ADz5izTNe/rCkMyELlc5VZ7ciL3QSGV0G/34r:NczXTNe/rCdVLlMNcW3Q3E
Score

1^/10
behavioral13 behavioral14
- Target
  
  $_2_/TSSafeEdit.DAT
- Size
  
  40KB
- MD5
  
  f302d404d0b29377a54f1e5b76f44595
- SHA1
  
  05f223ba86e6b8a2bd4cfede0bed5aa39d683328
- SHA256
  
  3c97da7b12ac519103851a23f56cc0b75df7b11f719813fc0d579d4e0f941718
- SHA512
  
  d33f682953514cf3abb786237f3e50774d444b525456ec025f1e41e049e0c250285cc22f6ecdcdbe0e1919716a135135f60a7cf2323154afff0045d1ef99d41e
- SSDEEP
  
  768:G2qJPIlSUR/9cT7DEGLH+DNLz/eyGI12ARqfhuXd04RTvLWHbCjr:v6PqS89a3+hWyZ12jJut04RTva7C3
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $_2_/TSSafeEdit.dll
- Size
  
  40KB
- MD5
  
  f302d404d0b29377a54f1e5b76f44595
- SHA1
  
  05f223ba86e6b8a2bd4cfede0bed5aa39d683328
- SHA256
  
  3c97da7b12ac519103851a23f56cc0b75df7b11f719813fc0d579d4e0f941718
- SHA512
  
  d33f682953514cf3abb786237f3e50774d444b525456ec025f1e41e049e0c250285cc22f6ecdcdbe0e1919716a135135f60a7cf2323154afff0045d1ef99d41e
- SSDEEP
  
  768:G2qJPIlSUR/9cT7DEGLH+DNLz/eyGI12ARqfhuXd04RTvLWHbCjr:v6PqS89a3+hWyZ12jJut04RTva7C3
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  $_2_/TenioDL.dll
- Size
  
  550KB
- MD5
  
  6e4ce3db3b79a958a0272220e3e1085c
- SHA1
  
  a62471b23fe8af07c31a46f9e77d42a950c8ef59
- SHA256
  
  ca6fc3ba36a8c7f55ea38e6a25f02202eca2f49152be5731eb75724b5b95f21f
- SHA512
  
  8a9d85871347b610f09af6128a3480f0703edda77a91f36d5e992eec6f6d28c1b4fe9258269fdd48e970a668c5edc74c166d23680cb18f12e154f607d2ec7aff
- SSDEEP
  
  12288:adsPgjGIDHtuYsTNQD40ZE1MCFUGdNRBjlr4hFap5kYWTb+Uf:aZjjZECG794hFm5kDT6
Score

1^/10
behavioral19 behavioral20
- Target
  
  $_2_/TenioDL.exe
- Size
  
  162KB
- MD5
  
  6cffedfea93aa0337fdccb70957c801b
- SHA1
  
  3f75529a9b5ae955b46295313f6ec68130e98397
- SHA256
  
  bede3a72617b844720484d8458b5c1bdd96860bade8e32330d886c25c22fe813
- SHA512
  
  a7f18d0d033ca006be1894520dafa8c4c5ff0e621f2d6d8e0d7f6b0cd50a33d460845bbf9032a61272049e13edf7f6375fbe64e2cf1102d6d8eba1da95582491
- SSDEEP
  
  3072:A9deLK7em5g4t1cI82rNJiuikZrkakx35N4C:A9deLKnxCI82Js4
Score

1^/10
behavioral21 behavioral22
- Target
  
  $_2_/TenioDL_core.dll
- Size
  
  606KB
- MD5
  
  678c53720a76f96dfcfeff9d4f000670
- SHA1
  
  09c4fce4b0453af042459e088368c2286aab129c
- SHA256
  
  ac1679bda83cb01c57ca605dc961a36e4970aee75d8d3f77e8c6c8ff998dd729
- SHA512
  
  4f7680bd77ccca15343fa6eda7aa253d74bb89690aecfd23eb2709f8ae24e140f8b733d9423593bcfa2b91dafb077bac3eeeb8f7827d9d6be853c4cfc7034911
- SSDEEP
  
  6144:TIGmpYbs16jNLtnBAcsVPmhYKvegLSsdFCootT/61K0ejdoDq8wAmLMmhhW+GOAJ:TIGmpSFVD7Td8ootTiK0QoWN5W+XAr0
Score

1^/10
behavioral23 behavioral24
- Target
  
  $_2_/curllib.dll
- Size
  
  228KB
- MD5
  
  45882035d3e92e52b511c497432c0f80
- SHA1
  
  beebd03fafda345f2068c8892272d66bf7726ac2
- SHA256
  
  f79808272d03aa7a2e904438f97a63dee8d0d62fd4ed77709eb80ca3bdba6510
- SHA512
  
  4a00a0d8d0dd4fa3774722c5dad647e86127f1a1abe83df7b80388c6ef1aa69089402fc12a06a3fc4f800335db5ca99345b8d75b584a2b467f9a43254c303817
- SSDEEP
  
  6144:8AGm5prJ+hxfZZmfrnY4LwKFWj6sd+xAI9:8AGm5/++rn3W+F
Score

3^/10
behavioral25 behavioral26
- Target
  
  $_2_/libcurl.dll
- Size
  
  312KB
- MD5
  
  7e650633115b91cda37ee68d26a6e3de
- SHA1
  
  035e389e71917f669a2419503fb8f6cf1d7dd583
- SHA256
  
  2cbc4df11be6677e7ae13c2196cfac689d67dd67235e0c5575221cc710f9a5f6
- SHA512
  
  55ee0db718fc500ac99a07c82b01e87d0a61f5cf10f292abfee71b7f6601265c93c939865e4b764dfc3804cf1fe86437a6bdafeee1a646f45b4127c39719a371
- SSDEEP
  
  6144:vXtxmxRsrnAnD1mq5pHkm5hb/CO/zNLSDlJeRACl/t8HsC3:vXtx+RsqQq5pHzb/CO/N0lAY
Score

3^/10
behavioral27 behavioral28
- Target
  
  $_2_/libeay32.dll
- Size
  
  1.2MB
- MD5
  
  4bf5c1803b351b3ae34fb01b77fb396f
- SHA1
  
  de7366ccfbc6c7c2797f7761d0d4971f6ff31d99
- SHA256
  
  0272647495f6fd5338318774e21da267923ce1a335ff21330dfa12336032acd7
- SHA512
  
  eb143bcbdfe72d32ca60cce0bfd02f504f611e7affe063bbd5911e7b89e9c9dc84a821a9a61219324562f5e5ed6b3e5c8117e9afb5233bbe613a85da6116abd3
- SSDEEP
  
  24576:EjQqFxZ8eAebwPpSF9LKz+lnU79poKBJtlDSu0:EtlVksF9LKz+lnI9poWJvDSu0
Score

1^/10
behavioral29 behavioral30
- Target
  
  $_2_/mfc120u.dll
- Size
  
  4.2MB
- MD5
  
  f4f2a4c459dd3aa22dd3984d13b15746
- SHA1
  
  d52dc1af7bf7eca1520380fac01f8ab225b11aa3
- SHA256
  
  c2d0e285e2333a9c620be04a5747881af0d5615da32226886e659ff31a9761cc
- SHA512
  
  3cef3f80a86c6247a4ee247b1887a612d3bd7c7a4a2270887521140d83f251293b7eb79ac41daa2e82d6083c5f7242cbed7bc77f0204be85d65762647bcf5b4c
- SSDEEP
  
  98304:alaoL0iNwdKWJeOA2mQ/rR6dSqImNelyykQt38vk7p87oCowg7xk5TLkNL7BFLOq:twg765T2L9FLOyomFHKnPPYyU
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies file permissions

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Checks computer location settings

Modifies file permissions

Enumerates connected drives

Writes to the Master Boot Record (MBR)

UPX packed file

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32