654eebb38506e36b159f0dda7b316e2b726548145a179cec49b32bb030d5aba8

Sharing

Copy URL

Twitter E-mail

General

Target

a9360745871d11e86208dfc05389ed87_JaffaCakes118
Size

18.5MB
Sample

240614-mk5kdszhpr
MD5

a9360745871d11e86208dfc05389ed87
SHA1

88c09ba1d029e0c6188a9be0281f3decc728ffb3
SHA256

654eebb38506e36b159f0dda7b316e2b726548145a179cec49b32bb030d5aba8
SHA512

75e1fd50661e07cc75556bc569218dc2b964dda601f950444c5db2598919e521a537b4a2fba802c21330fe93967d958dff9ffde945d26230d3a591f8ad08888f
SSDEEP

393216:C80lVaVagn4Htq0c0M9BPU7R4f7epIhmFdvn992eISHz/K6vH901k:CnVaEgn4NqUyPU7yfOcmbvn72nST/1v7

Score

8^/10

Malware Config

Targets

- Target
  
  a9360745871d11e86208dfc05389ed87_JaffaCakes118
- Size
  
  18.5MB
- MD5
  
  a9360745871d11e86208dfc05389ed87
- SHA1
  
  88c09ba1d029e0c6188a9be0281f3decc728ffb3
- SHA256
  
  654eebb38506e36b159f0dda7b316e2b726548145a179cec49b32bb030d5aba8
- SHA512
  
  75e1fd50661e07cc75556bc569218dc2b964dda601f950444c5db2598919e521a537b4a2fba802c21330fe93967d958dff9ffde945d26230d3a591f8ad08888f
- SSDEEP
  
  393216:C80lVaVagn4Htq0c0M9BPU7R4f7epIhmFdvn992eISHz/K6vH901k:CnVaEgn4NqUyPU7yfOcmbvn72nST/1v7
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  5KB
- MD5
  
  c24568a3b0d7c8d7761e684eb77252b5
- SHA1
  
  66db7f147cbc2309d8d78fdce54660041acbc60d
- SHA256
  
  e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
- SHA512
  
  5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443
- SSDEEP
  
  48:a7sTTDi+BjvqYR4gYFmsHFpXq65lZ9W5wOXnhLk4nOvlWxG5PZKuB:ri+BjSXgY8sHFE6TzWXzncsGSm
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  41a3c964232edd2d7d5edea53e8245cd
- SHA1
  
  76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206
- SHA256
  
  8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5
- SHA512
  
  fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1
- SSDEEP
  
  192:s/er7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4SyIXe:sQ7Xws4FVWig86/5eCBqSyIXe
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  c1f778a6d65178d34bde4206161a98e0
- SHA1
  
  29719fffef1ab6fe2df47e5ed258a5e3b3a11cfc
- SHA256
  
  9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87
- SHA512
  
  9c3cf25cf43f85a5f9c9ed555f12f3626ef9daeeedd4d366ada58748ead1f6e279fea977c76ae8bae1dc49bfd852e899cb137c4a006c13e9fcebf6e5e2926a4d
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/a/$_110_
- Size
  
  1.4MB
- MD5
  
  5b4a90d8d2c61f0e6fe2ffef347696e9
- SHA1
  
  23a45252deeba6f0faff3e8a17d503d1ccc42009
- SHA256
  
  89a90ef4e7db39e6c89f37527c66ca3ba14eee3ac3dc4fb40aae347fb2ed98b1
- SHA512
  
  accbd10c1d7698c19db170ec0e42a955a71e9a6b3286307778969d581f6f1f27c6825d73caf8e9ec8e93208115659c1522a69923ac47ea9603b907f4843ae166
- SSDEEP
  
  24576:G/9KoDw9QnfM1q8rAxsZc+HMa7OBolZJ9XXXwYHNmLMqRa3xDjuZFpCUguB0mD2E:G/TDaaxsZFHMa7OBolZJ9XXfU41BjGFT
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/execDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/g/PF-Chrome-2018.exe
- Size
  
  1.1MB
- MD5
  
  6ad2d8ca0f6bff52c5a32c0699c4a64a
- SHA1
  
  47c39785594de8826a66c6dfdb5c26cf9a2fecc7
- SHA256
  
  b74f0e71111dc756d897ad417213fc0460a4af485c086908ff4da721674bfcb5
- SHA512
  
  085137ba11d3d54e48cb0beb5c84c34e84e0451500cb77584972061f6467baba5245a1563843951e39bdc9c75a31b60e096b7c3b7d9edc421fc12151d3d1045e
- SSDEEP
  
  24576:JnvfB/d6pgI6ZCspkoL2VrDfktCIl1bvNhZHbK:Jx/d6pgI6Zfp9+7kT1bvNnHbK
Score

8^/10

discovery persistence
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  23KB
- MD5
  
  8e050192b6b98d8adfffc297e7d6ecaa
- SHA1
  
  bd1f7591c36a172caad81ef1b3ea51e998e1cce4
- SHA256
  
  4177e765eed3bba3794cd21b50779c097e8a943bc92c3621f2f51a85cef46def
- SHA512
  
  12d7694987fbb6aea59102a25498291ea0f8e44ac57ad2ac744199123534b8cb3c373b5fdeecc0e09f971db63f543bbb2809d24be29a0c03deaf4dfd5e463f33
- SSDEEP
  
  384:QsuiXfwnOEFMUgKWSeMPe3+6a+A6PcPpntKfh00g5j9nj:lfwnLFMUGMPenA6Yuh9yj
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/g/PF-Toolbar-2016.exe
- Size
  
  820KB
- MD5
  
  0f32452f14ff2cd57bea1b35efd6c839
- SHA1
  
  3b20f2f4a54b21f3fb0c9fb04d0544348e61a460
- SHA256
  
  fa53ce9ae4c2345f25f5ac61748623451004aa555a72d61162fbb266887d8b2d
- SHA512
  
  80a75aae72c366c0ccf2c89aec8ff120fcdc0def2ecaeb16373f1c930eb4c0fd311653da3230bc056e4acfe116f35db668a17f647a7252877e2fb6525e48157a
- SSDEEP
  
  12288:6mt6FaNUTjCumbaKQ9j2aBjo8koh41SN8SDajcXLWdfh9EoqPfY8N0bx:pt68Ej7nIgs8v4AN96dS3Yk0F
Score

4^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  301a9c8739ed3ed955a1bdc472d26f32
- SHA1
  
  a830ab9ae6e8d046b7ab2611bea7a0a681f29a43
- SHA256
  
  6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92
- SHA512
  
  41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094
- SSDEEP
  
  192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/GoogleUpdateSetup_1.3.21.169.exe
- Size
  
  799KB
- MD5
  
  7abad5635830cb8af3ea5b88e76f728d
- SHA1
  
  7809cb7c62fb6c95e7dd244bc480f3f93e695a25
- SHA256
  
  27785c7b3825d73149794527a8be2dbdedd737ad3d47ecc6eb30be7546c1bdff
- SHA512
  
  09c3e2b4726974db4ffd46c58f7177a52fcea2c85a8a22196555cfeefda7c6f4cb453de196f919a1e2ca2441379a36a9b40bb3d70d64c4148c31b58d0ce50be3
- SSDEEP
  
  12288:wSAQRtXumsaKQ912aA+o8kohKldN8NDSjcX2HdhhMxI7NGfWna490XAsNy+0O:wSA8teemzL8vKfNGSGq7NGen990xys
Score

4^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/g/gcapi_dll.dll
- Size
  
  348KB
- MD5
  
  2973af8515effd0a3bfc7a43b03b3fcc
- SHA1
  
  4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee
- SHA256
  
  d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0
- SHA512
  
  b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e
- SSDEEP
  
  6144:O3RIclFikwwYUP5SvL8z6uNMw4n8kUddV6F8Q4cfRUWj/aNTcES:O36SwwviL8VgnaddV6F8Q4cZBzES
Score

1^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/g/gcombo/ComboOffer_1025.html
- Size
  
  3KB
- MD5
  
  3876777e8e7b73a9a1113402fe54aca9
- SHA1
  
  d5fc2d953530949ebd474925dcc2f737058d09e6
- SHA256
  
  06ee0d941530d5bf86009e7df0d15dd5767be6dda2f955f2aedbd220edb261b6
- SHA512
  
  55ed0ceb960dfec3e77a583ff2db11f29b0c6b619c08ec44bba96d2c636c89aae09169e4a01d8fc4bbdf81a500f46c35ab14ed3496230c45eaaef1d93c70ecde
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/g/gcombo/ComboOffer_1026.html
- Size
  
  3KB
- MD5
  
  31f4afa1e87f0243c43b0203b89d50b1
- SHA1
  
  dba384c943d572d39ecebe68e9598945549d571d
- SHA256
  
  34c5182d004df6016042423e040a79f597e9286f5f75f38c0a821fc06494c702
- SHA512
  
  7ba8fb63df10b23e6506cb315f683b3fed5ffe1c925d1203e65be4da9f906ad3dde6799b0963f69c379ba43664a33770b8643426a937c803a5dffccb8702a9fc
Score

1^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/g/gcombo/ComboOffer_1027.html
- Size
  
  3KB
- MD5
  
  d23b9d2a41fb327025c45b392b8415a5
- SHA1
  
  8ac0e6f20608ef80e3a67cf6e7a93a6aa9d9d7fa
- SHA256
  
  36b5327492d4a1097a87c6f52ea89d90ab5245799a700e189c48fd41e2ea7179
- SHA512
  
  fd7af60a9946ab1acfbc5747da571e04807c4fcf3c11832738218f479b6022c22011b0a8e43820b16130c880718ebb820c917f3bbd90fbc6b32a93bdd93ee666
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/g/gcombo/ComboOffer_1028.html
- Size
  
  3KB
- MD5
  
  3c9d9a1818bede3e8e7fa99685d503df
- SHA1
  
  0db677e7ce9707e89c865a89cc6ab60e04af0119
- SHA256
  
  5cdeaa26f12096e1aecda8acc42516341599ae4122d8e9c95d461ceb0a7e3010
- SHA512
  
  9b9c06ef13ba802e0850fd98ff025479bd955c93925405bc7a181515e3c01d87b0b15c37057c2a26bc6fbb93fa814f4dc07d8658a542851c6dd2dd1cd4924632
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Modifies Installed Components in the registry

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32