General

  • Target

    9dd47a244b5c04b947bc9cecededde93_JaffaCakes118

  • Size

    30KB

  • Sample

    240611-l96nbateln

  • MD5

    9dd47a244b5c04b947bc9cecededde93

  • SHA1

    e12e8c106eef2640255f22e31e0d3b906a7e6bc4

  • SHA256

    444f06e4a7f544c6d247969365ae6ac9385bf071ef08ada507f95ea9a8720815

  • SHA512

    57073834b045b742c848d9c0b8bb63c385546a33bfd62bb61431717e0716c407b0ec7376f81769f8537b1442aa7bfc850dae822e10529801e72f6c1f5201e358

  • SSDEEP

    768:FZVJTCL59tyXIWPdSHt5MC209IPIgc9XrOjiT:pJE5nyXNoHtkOjggy2

Malware Config

Targets

    • Target

      MEMZ-Clean.bat

    • Size

      9KB

    • MD5

      bbae81b88416d8fba76dd3145a831d19

    • SHA1

      42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

    • SHA256

      5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

    • SHA512

      f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

    • SSDEEP

      192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

    Score
    7/10
    • Executes dropped EXE

    • Target

      MEMZ-Clean.exe

    • Size

      12KB

    • MD5

      9c642c5b111ee85a6bccffc7af896a51

    • SHA1

      eca8571b994fd40e2018f48c214fab6472a98bab

    • SHA256

      4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

    • SHA512

      23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

    • SSDEEP

      192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

    Score
    1/10
    • Target

      MEMZ-Destructive.bat

    • Size

      13KB

    • MD5

      4e2a7f369378a76d1df4d8c448f712af

    • SHA1

      1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

    • SHA256

      5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

    • SHA512

      90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

    • SSDEEP

      192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      MEMZ-Destructive.exe

    • Size

      14KB

    • MD5

      19dbec50735b5f2a72d4199c4e184960

    • SHA1

      6fed7732f7cb6f59743795b2ab154a3676f4c822

    • SHA256

      a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

    • SHA512

      aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

    • SSDEEP

      192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks