General

  • Target

    9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240611-kv7fma1dqe

  • MD5

    9da15fbc0c20586b6fa19a2fed2495a6

  • SHA1

    75284f4cd932565f7f3a43968ae503f29c046f95

  • SHA256

    fe941bcf1e0222579e29a5d305910cd2b96e72f46c78c6f3e3119620c9aeac52

  • SHA512

    0aa2308966fc0e886695893c94cdcc3d27ba08a4ad6d8b94cdef7db8354fa15431eea2c84d89f028bc9e02da55fefc45639e7ad48a27679ad2cb52ac705daeec

  • SSDEEP

    49152:HcGccpccUccL7cc2ccOcc9cc4VcbcoHcIykOA8ojMxY8ka/AcJcdTa32qb7OAWV+:HcGccpccUccL7cc2ccOcc9cc4VcbcoHO

Malware Config

Targets

    • Target

      9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118

    • Size

      2.9MB

    • MD5

      9da15fbc0c20586b6fa19a2fed2495a6

    • SHA1

      75284f4cd932565f7f3a43968ae503f29c046f95

    • SHA256

      fe941bcf1e0222579e29a5d305910cd2b96e72f46c78c6f3e3119620c9aeac52

    • SHA512

      0aa2308966fc0e886695893c94cdcc3d27ba08a4ad6d8b94cdef7db8354fa15431eea2c84d89f028bc9e02da55fefc45639e7ad48a27679ad2cb52ac705daeec

    • SSDEEP

      49152:HcGccpccUccL7cc2ccOcc9cc4VcbcoHcIykOA8ojMxY8ka/AcJcdTa32qb7OAWV+:HcGccpccUccL7cc2ccOcc9cc4VcbcoHO

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/InstallHelper.dll

    • Size

      242KB

    • MD5

      f951c36f0951a0204179a156031f132f

    • SHA1

      7e4c553f7df6451bdfd6555d2ed6fb716823135e

    • SHA256

      59207a9b0945dafb3d76737a9badfc133ea613ad80d2114944651b34826a3166

    • SHA512

      08b11be5701a153fe5f264ada1f94917f1a2b4646aff98a3221d45da81fcad3c9ecd2678328442f1cf17e2d8fa33bf9fc5bcf7bebf9aa159bc241c7513cbcc66

    • SSDEEP

      1536:mQARqh1D4gzYogvC5VM2kMbLBgBwaTIgPfRppxnnllm5ttEX1VT+i:0e1DX8UEwaT6tt0V/

    Score
    3/10
    • Target

      $_2_/ActivityAssistant.exe

    • Size

      731KB

    • MD5

      4332b65ce1107d12955fd9e04e24b566

    • SHA1

      a4a701b890e5d54edc1b414712f7823b0c9b239b

    • SHA256

      a0d5ee4b9ac82800ce91e365de8cbd1a98bb2e70f3b2e97185c201a6fd45f7ff

    • SHA512

      a8672c507dc965a6d139e146b32e4fa90974a42b4f5c32170deb64b727f6fe97942b57a19e8e8c8ad36a5a332a7b01c1473b86583f3e45ce74a9139cc8d0f81e

    • SSDEEP

      6144:JoT/ddj4tGIih8mtekdbWoVwAVxV9ELDYrWW0rW9gDaaaRkEgROS2XyF3GpXysOR:qddj4tGvh33wuxVy3Y0WmlBPyXm47U

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_2_/AppUpdater.exe

    • Size

      847KB

    • MD5

      e277dda638a21783b46473c3b7cb69e4

    • SHA1

      5c27a0547088978688c37d7a5f94e003614f6852

    • SHA256

      478506304886280b737953530145a0fc9cb52cf7bddbaedc6dabbdf9db94beee

    • SHA512

      e36002a0484e9b1b8802b34812c89a89c4a60f4985d0ae7f93de632118ded16f38635dcc0a3e11ef232e7bad5a680f305940d27d61e3ed693423c1f24f17d5e9

    • SSDEEP

      24576:VmVd/8cXDG5rm2RuQfyNycGccpccUccL7cc2ccOcc9cc4VcbcoHcIyccGccpccUS:EVdJ2RuQ6NycGccpccUccL7cc2ccOccD

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_2_/BDKitUtils.dll

    • Size

      68KB

    • MD5

      94ee23a4078d298f0821b69149d98e15

    • SHA1

      5e3abc45c5bc80e97bd8eb1a8811b1f422ca3433

    • SHA256

      d04d948dc391ce8868570c294b10b44d06288d84767d0ce99fd7ad2e5f2d5a3a

    • SHA512

      257c94b7c5d358fc72325ec8caa192bc9059603628460df7322ede7d7f80475d039aebd5dcc7e0678c6bf6f158f645cf69518dd9e8de5d1e37468fcea39e8d62

    • SSDEEP

      1536:UAFC4iLsy5bKZsctL3V8/cnONYsuIE6Ydyi:dFC7Lsy5Gv5l8/kONYsuIEvx

    Score
    1/10
    • Target

      $_2_/BDMNetGetInfo.dll

    • Size

      324KB

    • MD5

      581d31cb00e9c0eb2667c17441604975

    • SHA1

      f87704bb99740313c5c1c58638927df62a4e503f

    • SHA256

      6878c666cb88ec03b298054a54a3118123113d75c3dd42276a9604c60ed05896

    • SHA512

      231f8af00d80884abd8b13958f56169eb36b0c9c4088809bdf846f2fde5c1ad95f01be3570b8c2fd876743935052216b321f68d67f8b5c6a029da24916e919db

    • SSDEEP

      3072:7583c8rPTsOu3wG8nWnha8m9Utk5ELTln4s36iTO1bFMTkFq6Mk5M0gzeIliRgas:983L8+Whfkor36fbbq6f5MnGgaqZVL

    Score
    1/10
    • Target

      $_2_/BaseDll.dll

    • Size

      1.2MB

    • MD5

      907822e9f18bea93a88e5b3648913d7d

    • SHA1

      dba6179232951900377e6db161168fa426243a7a

    • SHA256

      0680a0ec3b893f4e8ea70537b271d6ff7804a94d802ab00b02eaf74e7744cd06

    • SHA512

      93e0acb4e804a87d7de44c5e6f1a28c5ecd9c5b2ac2cf1982f57076167024ab34f9a64a2dfd9085f2dc38e8b81c8794e83f7ebe5a11a4df258c3a09bdcad8a38

    • SSDEEP

      24576:VruqFJ8jhBltJ4wKWCRLbFD/56XxCCGiJTeXDEE+uITl:QM8jhsuI5+TeXY/D

    Score
    3/10
    • Target

      $_2_/BugReport.exe

    • Size

      207KB

    • MD5

      03f3200b1401abab779c05c010447f69

    • SHA1

      f3bf5036171a50170d608f0ac9e28ea9750fcbef

    • SHA256

      0f92c98ba21787b2b49ecddb154ea44c5648f9ec56e4dc36ccc3a4c903db1d6f

    • SHA512

      fc04c39b5cc5b2a025eb490b263ac831fd4e12c524296f0cfbd6f4bdc2b203a6219ffaad98622512d6149249f7d13de5a5563c9cfd2c8b96c118a4dd1305f83a

    • SSDEEP

      6144:dhTiiUZm/vvlTB3TArOJFcGccpccUccL7cc2ccOcc9cc4VcbcoHcIyH:dhbUZm/vvlTtTtcGccpccUccL7cc2ccv

    Score
    1/10
    • Target

      $_2_/DriverManager.dll

    • Size

      186KB

    • MD5

      2e93f5d93bece63e5ba0a50f2c375ab0

    • SHA1

      71db9d3c1be97946b0529e20a9952cb2fb233c4a

    • SHA256

      1238b34567f96a9a1eaada32e594169a530a1134714072ec70ad44a2f7786fb8

    • SHA512

      312827d4bff0014e4cda4c82f9662ed70f4448e3397d35520ad67c5f674dd81a3edd5ffb338bbe38b16b34b8d5a1370b4a86ba79b65f1029632d0e3d56e43ee6

    • SSDEEP

      3072:CB1Tn/8W1bP5tYLkpjDIxpztnWLDvO/iwZ7ZzZu8yOgYwDOXYhBn:CHTn51vThCztn0Dmnu8yOg6un

    Score
    1/10
    • Target

      $_2_/ProtocolDll.dll

    • Size

      426KB

    • MD5

      7a865be0292810b0e9549aca82cde1aa

    • SHA1

      1e67ff3bffe5173b9d65d4d6b08eac1387a3735d

    • SHA256

      d2c50b2bb55e61c3d6f5238c122d9a8e07c0c916640c48f224f5c1aaddb6933a

    • SHA512

      252f3aa37f7949fc8d774908e983d368df7d949bdcca6a781b882cfbbce494c213325bfae3310367f5e1efc1e04320a50e4fad40fa3055bb5f6c23c8bb476b1c

    • SSDEEP

      6144:VKGF+aVSgO3+EmnCC+O/RyiUaCIjL8Ho44Y9LBYFd1AmOckOg+BMkHk5H:kGF+acx3VmnCC+4RyiDjwH2Y9LbmXC5H

    Score
    1/10
    • Target

      $_2_/ReportDll.dll

    • Size

      122KB

    • MD5

      4f19598b82f9474563dabc22d7ec3825

    • SHA1

      028ad1014e671eb613c39126b3609746e19c4b57

    • SHA256

      d6961f907cef114b4d961f30b5b04070f30949d72f1f12ab5762d5347aa789ae

    • SHA512

      146b05c0b5b375d79eed34488089ec1219da1ecd795654d3c26861713ad55fd92242d2798dde231c882eea85d586b5bba2c1e8a3187b8e109f191f577365d717

    • SSDEEP

      1536:+DzK9I/Wc2NGUTs0xfIJ0uUr5pgIEMxTMbjkCSvwW3IUETpTYC5hpeOjnEFbRn9:z9coxfIJ0uU/T4ywGt8pMCvpeOjnE/n9

    Score
    1/10
    • Target

      $_2_/ReportRecordDll.dll

    • Size

      110KB

    • MD5

      d62d1ca45215389d38608625fbd72942

    • SHA1

      08dabce208c5306e199f0d53059573f3beef8fb9

    • SHA256

      7f4480499223bdd378e6a87a73d5ec85849a4ac36f442371ec9181696e6f609a

    • SHA512

      142f1d7250c5b67a7673c4cb6c956396c400c8832d205731a5c3b22a4f91d6cef6694f021d102ed4738d64f8fffe938beddcc398141b51b4a95e3fcc58d8be11

    • SSDEEP

      1536:qsDEbUtA9EZXSqifbJ2SQyVso7IfTZXAfobxctQsOgGWyA1wA:vHtA9EJiDJ2PThc6xeOgGWyAGA

    Score
    3/10
    • Target

      $_2_/UtilsDll.dll

    • Size

      78KB

    • MD5

      f82407ec4a24a86d80109c9f6a426d5b

    • SHA1

      060b7fd4af5940bb51a6b29671eee51325294a0a

    • SHA256

      234c935bcea55c2f1704968648b320ff8b043e0dc45c4378e6542d2eca3c8d24

    • SHA512

      06deb849ceaeaa16a7669756d9d5a7a4a076db99d7207c71b419ed24fc74bd669682de04e3465b4f4041893671f747dde297baf5fcc82cdb78b454de0daf6de6

    • SSDEEP

      1536:4yBXvS8nXTmR2FynILsEGB1HYYzYeqlNfAHB1s26ODwpxbE32+FTMvR2:4yB3TmR2FtZQ7qlNfAHB1s26ODmbEGkn

    Score
    3/10
    • Target

      $_2_/bddlsvc.exe

    • Size

      695KB

    • MD5

      d68b299fca1df3850f59adb1b29c6a64

    • SHA1

      a30792396b6c5c52ab115515efb1f911434d1761

    • SHA256

      f1dcbc8194ec04707afb909ea3dd8fac0bc973eae46c4154311ccf05a4393b19

    • SHA512

      fe635d3f3d8ca0026b622f556319886f2c5813df28d64da20131305fb47893ff7a3a48810bfe2b74cfb7f18b93672cf53ef6d096bc1bf9dfff45b3f77af9d175

    • SSDEEP

      12288:3OhzalLgmdwrM5GcxTxOIcSOki/Ac28CHNr:O2lLgww0xF7Vib28CHNr

    Score
    1/10
    • Target

      $_2_/bdrcdl.exe

    • Size

      971KB

    • MD5

      57fb171cc1de48296e1109abf9f47e95

    • SHA1

      af2cdb32605a2734dc52368b2ee5068045170316

    • SHA256

      351c234fd587e8d60557dd2c83e9bf834f52c47fe96106fd57d408c3d41e5bb5

    • SHA512

      7d4ea79caf57de88d60c25da27133067f553d3655c87dfee2ce9aa6e5621f4e60074ed5c3bb445b20aafad41ca909fd7fdb7c8dbf1d373ce195aca03528307d1

    • SSDEEP

      24576:9lwBjgw++ZFFgPkEUbuPbNcGccpccUccL7cc2ccOcc9cc4VcbcoHcIyu:98P+kEKabNcGccpccUccL7cc2ccOcc99

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Target

      $_2_/dl.dll

    • Size

      968KB

    • MD5

      feb4a2aa5a6850585b0f5e0ea0f5cf5b

    • SHA1

      b8299e2daed670ec3f873dc9a65b5b1ad012ff8e

    • SHA256

      a67caaa9d963f6abb9cae330894364bdb022e881778241b2c687652c04a20b67

    • SHA512

      e57cd68f043c8cf7aadc62c61a3db0401d24947790da531c789596abce90a44fa8985fd1ad6c4b7a8a7523ed91ee13706e1f8c219d8ab5845b21b599678d0c9d

    • SSDEEP

      12288:QHSaBUrF5ODvDnijSrPtjDDu4D1NezI2WSkFh+IK0VL4RVyefwvqPI7o2z8ovHyO:QsUv7iQ44D7RL0wzmsR+WFeUxnjOUUe

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoverypersistence
Score
8/10

behavioral2

bootkitdiscoverypersistence
Score
8/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

bootkitpersistence
Score
6/10

behavioral6

bootkitpersistence
Score
6/10

behavioral7

bootkitpersistence
Score
6/10

behavioral8

bootkitpersistence
Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

bootkitpersistence
Score
6/10

behavioral30

bootkitpersistence
Score
6/10

behavioral31

Score
1/10

behavioral32

Score
1/10