88cad3952c02dc2a6857ba73205d440d1326c051e7075bfb69a3429cb1f0a061

Sharing

Copy URL

Twitter E-mail

General

Target

7f38832772b97aa7cd7c11e130273189_JaffaCakes118
Size

3.1MB
Sample

240529-czlqqafh43
MD5

7f38832772b97aa7cd7c11e130273189
SHA1

e72700b338ac78333492c0cba6bbdca77f95be53
SHA256

88cad3952c02dc2a6857ba73205d440d1326c051e7075bfb69a3429cb1f0a061
SHA512

8d15e39cdd3d2b499b89b9655efdc696db45d5514a326baaf51e358e46e5ba06d6352fa82d320d8f07bde0465a48e1f7e21fd558b0588c18bec9fee83c1ec1ff
SSDEEP

49152:APOk/NpIHct1WceDSkJKQMaU33X4b+J6QcRP/bxxbvHgeUe4X0sq3f6g5KibNJgn:ZhHcX9BQMaUHWJ/Nxkg4JqLKYJg9UjY

Score

7^/10

Malware Config

Targets

- Target
  
  7f38832772b97aa7cd7c11e130273189_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  7f38832772b97aa7cd7c11e130273189
- SHA1
  
  e72700b338ac78333492c0cba6bbdca77f95be53
- SHA256
  
  88cad3952c02dc2a6857ba73205d440d1326c051e7075bfb69a3429cb1f0a061
- SHA512
  
  8d15e39cdd3d2b499b89b9655efdc696db45d5514a326baaf51e358e46e5ba06d6352fa82d320d8f07bde0465a48e1f7e21fd558b0588c18bec9fee83c1ec1ff
- SSDEEP
  
  49152:APOk/NpIHct1WceDSkJKQMaU33X4b+J6QcRP/bxxbvHgeUe4X0sq3f6g5KibNJgn:ZhHcX9BQMaUHWJ/Nxkg4JqLKYJg9UjY
Score

7^/10

bootkit discovery persistence evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  HFUILib.dll
- Size
  
  312KB
- MD5
  
  010b4d91d539d4e595bc5dfd0cc76d49
- SHA1
  
  0a72003557a8676705ebdbdf23b35f62202d0099
- SHA256
  
  93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
- SHA512
  
  fbb66f47a1e43732ed75b31aa420446544c6de29122df48f8d4ee6ff6f344faffe92ab669c74b9ff496a2eff103d7a70562d9c280e0f7661e886e3eb18399d53
- SSDEEP
  
  6144:5NJY/UbzDM7Zy1JM+a4E4ttTea21oTJ7VObmXfRR7:2sI9y1JZttL2qTJDX5R7
Score

3^/10
behavioral3 behavioral4
- Target
  
  HuofengGameWorld.exe
- Size
  
  955KB
- MD5
  
  f034531a701044350969d768a825b60c
- SHA1
  
  8763743d1d3e4c8a3cf151de06b34e67cec88465
- SHA256
  
  11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
- SHA512
  
  a58495b929556edc955449b02ce4f92f21a9022a08d5b557d0107125b5493ecdad040e9813e2973b4f7fb3ab97acf2b0f7d7bdb7229412da42e97d4396816fae
- SSDEEP
  
  24576:af/yTb1kKxB7aQhVWxlvosfW+DwZzOPdF5OFN/wFC5aX:af/gbec7aQme+DwM52+g5aX
Score

7^/10

bootkit evasion persistence trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  IEAux.dll
- Size
  
  64KB
- MD5
  
  3633de4079190b65d9c1a062db39b882
- SHA1
  
  70b6f944a6711b69b8d1a992456dccb3bc2618f2
- SHA256
  
  71141a084a6ccc601f9ae32b5a56476854efde219bdad3c4abc93865fb5e611b
- SHA512
  
  d8a7540713e34c74261ca542d3dc4ec1cb35da3953ba6fb390f4526147df1a14c68d940756a53a44676f6faa7ca9cc0bfb442ce390038c321117a832ace10362
- SSDEEP
  
  1536:syzCRxaBYqBh9W4rdIEYNvdfej3xkqKOZ0+OEU8Fx:syzCDGYqBh9fLYNvdWj3xkqKOZ0EUy
Score

1^/10
behavioral7 behavioral8
- Target
  
  bin/download/MiniTPFw.exe
- Size
  
  58KB
- MD5
  
  58bb62e88687791ad2ea5d8d6e3fe18b
- SHA1
  
  0ffb029064741d10c9cf3f629202aa97167883de
- SHA256
  
  f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100
- SHA512
  
  cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5
- SSDEEP
  
  768:BSODywYihzSrVPdQsNruuGYOLO3NNkFlBi1jSZIfjeGdJARt03juFGu:BSKywYDdQsQuG5L27Ui1SPRt0qf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  bin/download/MiniThunderPlatform.exe
- Size
  
  262KB
- MD5
  
  e2e9483568dc53f68be0b80c34fe27fb
- SHA1
  
  8919397fcc5ce4f91fe0dc4e6f55cea5d39e4bb9
- SHA256
  
  205c40f2733ba3e30cc538adc6ac6ee46f4c84a245337a36108095b9280abb37
- SHA512
  
  b6810288e5f9ad49dcbf13bf339eb775c52e1634cfa243535ab46fda97f5a2aac112549d21e2c30a95306a57363819be8ad5efd4525e27b6c446c17c9c587e4e
- SSDEEP
  
  6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  bin/download/ThunderFW.exe
- Size
  
  71KB
- MD5
  
  f0372ff8a6148498b19e04203dbb9e69
- SHA1
  
  27fe4b5f8cb9464ab5ddc63e69c3c180b77dbde8
- SHA256
  
  298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf
- SHA512
  
  65d84817cdddb808b6e0ab964a4b41e96f7ce129e3cc8c253a31642efe73a9b7070638c22c659033e1479322aceea49d1afdceff54f8ed044b1513bffd33f865
- SSDEEP
  
  1536:BG9vRpkFqhyU/v47PZSOKhqTwYu5tEm1n22W:E1RIOAkz5tEmZvW
Score

1^/10
behavioral13 behavioral14
- Target
  
  bin/download/atl71.dll
- Size
  
  87KB
- MD5
  
  79cb6457c81ada9eb7f2087ce799aaa7
- SHA1
  
  322ddde439d9254182f5945be8d97e9d897561ae
- SHA256
  
  a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
- SHA512
  
  eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8
- SSDEEP
  
  1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
Score

1^/10
behavioral15 behavioral16
- Target
  
  bin/download/dl_peer_id.dll
- Size
  
  89KB
- MD5
  
  dba9a19752b52943a0850a7e19ac600a
- SHA1
  
  3485ac30cd7340eccb0457bca37cf4a6dfda583d
- SHA256
  
  69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26
- SHA512
  
  a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3
- SSDEEP
  
  1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB
Score

1^/10
behavioral17 behavioral18
- Target
  
  bin/download/download_engine.dll
- Size
  
  3.4MB
- MD5
  
  1a87ff238df9ea26e76b56f34e18402c
- SHA1
  
  2df48c31f3b3adb118f6472b5a2dc3081b302d7c
- SHA256
  
  abaeb5121548256577ddd8b0fc30c9ff3790649ad6a0704e4e30d62e70a72964
- SHA512
  
  b2e63aba8c081d3d38bd9633a1313f97b586b69ae0301d3b32b889690327a575b55097f19cc87c6e6ed345f1b4439d28f981fdb094e6a095018a10921dae80d9
- SSDEEP
  
  49152:O/4yyAd2+awsEL4eyiiDoHHPLvQB0o32Qm6m7VBmurXztN:OVrsEcTiiAvLa0oYkuf/
Score

1^/10
behavioral19 behavioral20
- Target
  
  bin/download/msvcp71.dll
- Size
  
  492KB
- MD5
  
  a94dc60a90efd7a35c36d971e3ee7470
- SHA1
  
  f936f612bc779e4ba067f77514b68c329180a380
- SHA256
  
  6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
- SHA512
  
  ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab
- SSDEEP
  
  12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
Score

3^/10
behavioral21 behavioral22
- Target
  
  bin/download/msvcr71.dll
- Size
  
  340KB
- MD5
  
  ca2f560921b7b8be1cf555a5a18d54c3
- SHA1
  
  432dbcf54b6f1142058b413a9d52668a2bde011d
- SHA256
  
  c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
- SHA512
  
  23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e
- SSDEEP
  
  6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
Score

3^/10
behavioral23 behavioral24
- Target
  
  bin/download/zlib1.dll
- Size
  
  58KB
- MD5
  
  89f6488524eaa3e5a66c5f34f3b92405
- SHA1
  
  330f9f6da03ae96dfa77dd92aae9a294ead9c7f7
- SHA256
  
  bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56
- SHA512
  
  cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e
- SSDEEP
  
  1536:ZfU1BgfZqvECHUhUMPZVmnToIfxIOjIOG8TI:ZfzfZR2UhUMPZVSTBfbFG6I
Score

3^/10
behavioral25 behavioral26
- Target
  
  bin/xldl.dll
- Size
  
  286KB
- MD5
  
  208662418974bca6faab5c0ca6f7debf
- SHA1
  
  db216fc36ab02e0b08bf343539793c96ba393cf1
- SHA256
  
  a7427f58e40c131e77e8a4f226db9c772739392f3347e0fce194c44ad8da26d5
- SHA512
  
  8a185340b057c89b1f2062a4f687a2b10926c062845075d81e3b1e558d8a3f14b32b9965f438a1c63fcdb7ba146747233bcb634f4dd4605013f74c2c01428c03
- SSDEEP
  
  6144:qUWWnyka1c7u2SbdYUUvZjWj9gj0U+zlVKy5:qvKa+7u7bqUoZjW5gj0U+z+Y
Score

3^/10
behavioral27 behavioral28
- Target
  
  hfgwupdate.exe
- Size
  
  668KB
- MD5
  
  7500395f2c1353c49ba2ebf8b5a85546
- SHA1
  
  ef0cb174a919d92ce743d7e11e88c84eca19c620
- SHA256
  
  44e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7
- SHA512
  
  84721d6106ec6bd6fe333fb35f7ef926afccc948e3a2de1d1ceed30f95bd7f3148cc19b25c9652b07aa1bc6a956b4807b3e8c9d1067868998c27210b771ec33d
- SSDEEP
  
  12288:15UpeVxh/w3P3bl2Px5wEDVdSha16znPYAKdVRB5fFfkE7Z:15Upec0Px5w0Oha1BAKf5NfH7Z
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  msvcp100.dll
- Size
  
  411KB
- MD5
  
  e3c817f7fe44cc870ecdbcbc3ea36132
- SHA1
  
  2ada702a0c143a7ae39b7de16a4b5cc994d2548b
- SHA256
  
  d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
- SHA512
  
  4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe
- SSDEEP
  
  12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Checks computer location settings

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Checks computer location settings

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32