General

  • Target

    a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118

  • Size

    5.6MB

  • Sample

    240612-rc66gaxfmf

  • MD5

    a0edc8e43c315a4fa36acd76db7a2c78

  • SHA1

    0184f1a13c073f2212d0eb8668613ce8047e829f

  • SHA256

    c418925ae13f92b6b2f4eed0e0f140ec09f15e7aa50eaa6ea447b7808d71bdb6

  • SHA512

    51613611795448c1db21ba6ca2b814bf9a6f6b10a7c45611299d0005d25199dc396ad7fc4476c6eab98f71ec98cc6c3f4b7a307010a003de9434b583d633ae27

  • SSDEEP

    98304:BZMjFtWxY3u/tluC/jhB75ZtC2/WSfUxcdCJWW8Z6c0lsMo63kqNEK+mcq4Quw35:YtaYetUChB75XFWSRCJ38Epo4k47Qq46

Malware Config

Targets

    • Target

      a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118

    • Size

      5.6MB

    • MD5

      a0edc8e43c315a4fa36acd76db7a2c78

    • SHA1

      0184f1a13c073f2212d0eb8668613ce8047e829f

    • SHA256

      c418925ae13f92b6b2f4eed0e0f140ec09f15e7aa50eaa6ea447b7808d71bdb6

    • SHA512

      51613611795448c1db21ba6ca2b814bf9a6f6b10a7c45611299d0005d25199dc396ad7fc4476c6eab98f71ec98cc6c3f4b7a307010a003de9434b583d633ae27

    • SSDEEP

      98304:BZMjFtWxY3u/tluC/jhB75ZtC2/WSfUxcdCJWW8Z6c0lsMo63kqNEK+mcq4Quw35:YtaYetUChB75XFWSRCJ38Epo4k47Qq46

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      eef9e469e8a30717974499f277d97e2a

    • SHA1

      2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    • SHA256

      1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    • SHA512

      d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    • SSDEEP

      192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d53886f68098c2006d8248993bb37d92

    • SHA1

      a35fafce1a990ac4017ce6645b46917de0d25eed

    • SHA256

      c7a089e0329523a307d5be32a8765b1c0409e49925965b9500d8a202b9e8b65a

    • SHA512

      b36e22b22df42d55b1785d8ac26a637725f74708302404cc29adb3b7e58fe1fd109fe7f8bb5e3255455dcdc66eb46ef9de418cc200daca1ea84cf0c31c071ba8

    • SSDEEP

      96:fiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8Cqp5tIRhElfL:fiqA7/ZH0uQMtcfCqbtQgf

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c6f5b9596db45ce43f14b64e0fbcf552

    • SHA1

      665a2207a643726602dc3e845e39435868dddabc

    • SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    • SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    • SSDEEP

      192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f2c993a0c726386d72e4640967cef83e

    • SHA1

      efe88db252b5e9edff2d859e783fcf1a349e553f

    • SHA256

      6739a2c8075cc383620a867e983957de0b4ae9ef0453baadd1469132893d7301

    • SHA512

      3873a87ba360702c72a6d3e853a0b6f2df219593cf5436d12a9d4d169029e939993c45330212008b628184da64ae98d6a7ab42b30d5f82c896acfc89d558169f

    • SSDEEP

      96:qBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8XQB0NKndY7ndS27gA:q6n+0SAfRE+/8k0NKdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/processwork.dll

    • Size

      231KB

    • MD5

      0a4fa7a9ba969a805eb0603c7cfe3378

    • SHA1

      0f018a8d5b42c6ce8bf34b4a6422861c327af88c

    • SHA256

      27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c

    • SHA512

      e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178

    • SSDEEP

      3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW

    Score
    1/10
    • Target

      $TEMP/GoogleToolbarInstaller_download_signed.exe

    • Size

      215KB

    • MD5

      3181e805c29fc2d1f8874cf4f5f862e9

    • SHA1

      fd999fbaba6744f2b4cd881e51cb4b818982ecd4

    • SHA256

      41c59bb80173675319776ca815b7ceaacbacf1da8e517f930eebd66773baeb91

    • SHA512

      51803e45c4d8d8594dc7191bfc1098c4f17996cb998a5db6b33e9ff7621cc9fdd654621038c380675597f1a0f5b7fa9de6207bfe1b15c7265e646acbc70a176a

    • SSDEEP

      3072:IqmQkDU0mmDTW77bB4dTg+0dBFFihCJz3/of4ineWIY4Fif5T5PB+haea:3PF0ry/8UIhmz65eWIY4Af1Aaea

    Score
    1/10
    • Target

      $TEMP/saayaasetup_5.exe

    • Size

      962KB

    • MD5

      fc11f6333e107f3baa48655c15a8afb9

    • SHA1

      d587181beda0582dce175b6a7871ce1709b715fb

    • SHA256

      2b365911eed6a512f302dc67e31fdaf9d897ee790fb6afdf88826d504c53d3a8

    • SHA512

      86bbd276ff673454d257d036f17f1e13611e947bddc6dd98401b38f29f7b12c7c258b378cf135310563d8fb3eb00fdca723f20786a5b1e2116def67a395fb446

    • SSDEEP

      24576:aBCbQEQ4Q8hsPdZLmTXlBGuNGeUUvLu4S:aEbvBhsldmzZBz9S

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d53886f68098c2006d8248993bb37d92

    • SHA1

      a35fafce1a990ac4017ce6645b46917de0d25eed

    • SHA256

      c7a089e0329523a307d5be32a8765b1c0409e49925965b9500d8a202b9e8b65a

    • SHA512

      b36e22b22df42d55b1785d8ac26a637725f74708302404cc29adb3b7e58fe1fd109fe7f8bb5e3255455dcdc66eb46ef9de418cc200daca1ea84cf0c31c071ba8

    • SSDEEP

      96:fiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8Cqp5tIRhElfL:fiqA7/ZH0uQMtcfCqbtQgf

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c6f5b9596db45ce43f14b64e0fbcf552

    • SHA1

      665a2207a643726602dc3e845e39435868dddabc

    • SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    • SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    • SSDEEP

      192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f2c993a0c726386d72e4640967cef83e

    • SHA1

      efe88db252b5e9edff2d859e783fcf1a349e553f

    • SHA256

      6739a2c8075cc383620a867e983957de0b4ae9ef0453baadd1469132893d7301

    • SHA512

      3873a87ba360702c72a6d3e853a0b6f2df219593cf5436d12a9d4d169029e939993c45330212008b628184da64ae98d6a7ab42b30d5f82c896acfc89d558169f

    • SSDEEP

      96:qBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8XQB0NKndY7ndS27gA:q6n+0SAfRE+/8k0NKdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/processwork.dll

    • Size

      231KB

    • MD5

      0a4fa7a9ba969a805eb0603c7cfe3378

    • SHA1

      0f018a8d5b42c6ce8bf34b4a6422861c327af88c

    • SHA256

      27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c

    • SHA512

      e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178

    • SSDEEP

      3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW

    Score
    1/10
    • Target

      SaaYaa.exe

    • Size

      862KB

    • MD5

      c22225dbb3c1ea89a5ad348b64901d68

    • SHA1

      ad1b47692e30c8cc8fcd53dc806ea9bcd7173215

    • SHA256

      e387b0a9abe7e2092952a7894079a404d0cb0c122cd22fd80b6fe7a315028ed4

    • SHA512

      924de9454b2fd5d3a6a45e1917665dcd62254f8a96bf129703c278b4ac832edc0fdcc7d083ba4ec9ffc3c789b859a3a1107f029c284afe29e51ca7115ef82338

    • SSDEEP

      24576:SvWwWILSv/l2871T4Qhr5oyAMG8NaX8UI:SvWmLSv/l28xTt9VrCI

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Target

      DefragMaster.exe

    • Size

      734KB

    • MD5

      d9dbee73b78627544a24d49db7b5dc51

    • SHA1

      35da7d0585706d973e1385477a9596cc80e079a1

    • SHA256

      512ce6357791e72e4d6c8237e71f0a365671219adf13438b172923464f2ef64c

    • SHA512

      c325ccc69eb28bcc85769dcafd6bcc784437acde95094c11ea0ea33663959c1b9fac826f72009b666aff0dae8625193d53fec46473665cdc493ba157055e3783

    • SSDEEP

      12288:/O4cUJZE1TgdMV8OFqC5Im4XoBoPooPovoWooPpS9yxkS4nO3lRkRc4YFwjsWW0:/OHUGcdMVfAC5ImAoBoPooPovoWooPQL

    Score
    3/10
    • Target

      DriverMaster.exe

    • Size

      320KB

    • MD5

      938aaf3cce1bbe0c7a6bd5f0a78287f9

    • SHA1

      9c95f74669195874170293ed6982f672beaa479a

    • SHA256

      8a7764ae6c44ee711ff4d3889179cc03795919d66d62f6405736c9835e1672f4

    • SHA512

      5476dabbe704af78f04f5d707b9815d1ba13f3fc0b60d7b747abd7bee513e4133fa56f8dc9fc5f8850869d514b0d7cdfd2ad87571fd3e8d4352334e2df75f84e

    • SSDEEP

      6144:jGQghr5GcbIkzuAkt3LnH/DBivMKa5GQghr5Gcb:j4zuAkRLnH/DBivMK8

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      FileShredder.exe

    • Size

      770KB

    • MD5

      ff6b91f775b5fe6b10d502fad64407af

    • SHA1

      a2c5bd1e2e2e95f7c2ac0897ae01e74110432b07

    • SHA256

      d7fd69b5e74ed1535979e118acc5cff839939b889e6243037cbb66a2df2c4c36

    • SHA512

      37a200a07624c1115fd098aa81f0ad4c1c877e815234d7cad5cb693046278d0e606264d648175847d69b081a89c37bff202a28ba6bf155ed1a7b7e02e2c324e8

    • SSDEEP

      3072:/u9oMCdW/oCrKCnwS0xOwYaiPdq9fkUdQaj0LZwDrTJhCHkjgXQlO70UM1lBUnaz:/whwPQYDBSKaxjWfywhwPQYDBSKax

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Subvert Trust Controls

2
T1553

Install Root Certificate

2
T1553.004

Modify Registry

4
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

System Information Discovery

7
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discoveryevasionpersistencetrojanupx
Score
7/10

behavioral16

discoveryevasionpersistencetrojanupx
Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

evasiontrojanupx
Score
7/10

behavioral26

evasiontrojanupx
Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

bootkitpersistence
Score
6/10

behavioral31

Score
1/10

behavioral32

Score
1/10