General

  • Target

    aae1c3a61466412850b682a2038edc9e_JaffaCakes118

  • Size

    19.5MB

  • Sample

    240614-vwv44atcnl

  • MD5

    aae1c3a61466412850b682a2038edc9e

  • SHA1

    f528a925e4b6d5a90639ace872cf61946e4e3a25

  • SHA256

    1892a065fd4b4d5d60799fd3e10178de2452fc23014d0388c65f30aa7e103c8d

  • SHA512

    716d9928aea95083f43f4ea1e7fc53914cf76f27e1054cccf6463dd2e8f0cf864577103a1858c78c8988955959862c0d3a0fff38e30eff59f7ea26c6bbdeeee2

  • SSDEEP

    393216:iq3YRV4yyvc90EjzXsmninjnSji11KtFOiH91Jrr27GLM75EgKPnM2efMXL+zSCc:icYRV4yQc9JXGjSe1Gsitf2aw9EHnXDP

Malware Config

Targets

    • Target

      ACMConvertor.pas

    • Size

      9KB

    • MD5

      cad73f4c44f2a8c2d5e5df0481944d47

    • SHA1

      7d8a08be650b3b3a0cf2f38ba008fa3020883059

    • SHA256

      ce5d9e5b15c92f16de6b170b419165ee941a15836da92d490ab8734ca52ede2c

    • SHA512

      fbca6cdc9d57e0d35bb8765f00583a9aa20f583e686a34bf041ec8f599e4970fedb20c2938b96460a5ff0023352df5a437fb00418d3f9e4dc93d0e63444711c5

    • SSDEEP

      192:QeQWwaYdlqWe78YFpfIXhENUHSqjsY0WtQCwOX4hUik:UTElLNcjcWtQk6Uik

    Score
    3/10
    • Target

      BTMemoryModule.pas

    • Size

      25KB

    • MD5

      f702292cddcbe1d3b996409fa290e87d

    • SHA1

      c3e945cfea6b9aff27076a591b4b5b33f3bf5081

    • SHA256

      41e3e2a76bbd87b4820211311814d9d84fcb1c60a933602f3a040ae9a293cc74

    • SHA512

      489482772ca5a81c5e9e40e5c57cc6541d734e6e5b77b01bdef685639d871ffe7328be6465b33bd32499c2413bccae3a70b834007de30aef293a609ca4ea822d

    • SSDEEP

      384:h9jVD8gZAC5ZoRPdZPPIfVT12tS8nk4nEKM5I3rdUkNllnD:h9jECQPTPG8nk4nHrG+lD

    Score
    3/10
    • Target

      CompilarProjeto.exe

    • Size

      2.0MB

    • MD5

      7a2e9a13a0e3198e254e75ef6b3083cb

    • SHA1

      d07df9f40daa294904965ec4b0f85605306a88d5

    • SHA256

      5c99bee87318a19cd89c41239d6d3822f11b934b65dce084482c4fdc6fcc01c1

    • SHA512

      93f3e72b59b95f14ea519d06fc9dd43c59186fbbb240f352ab8ec8b79dcf75e4347cf66d8a0dc65329e2a202821d803f62318d1c0d491b8735cef5134851e763

    • SSDEEP

      24576:r+WxAZZizbDVu6j0JX/J/b68y4NLuKBAtHuBKS/rupr/4PY6o9JrlRR1KrMsFbSz:hSZy4t50Sapr/4PYn9JrPutSNT8TKTv

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      GeoIP.pas

    • Size

      19KB

    • MD5

      437e1c70940b71a61dc8cd3211ad7a83

    • SHA1

      1be310993ef2a766c844473cbde1f1977b28815d

    • SHA256

      dd6de3f0dd57ecb0459ddf508d8c905c5b7df09ee991f8545fb9641abdbf9b05

    • SHA512

      bd12e9ff6cdbee25c3e08347000015e4232192691725f9dd987a321e5c8622e1890b3a4aecd6da345ae5c2513a1ab5c88a615dc701e22cc2021436ae1610f060

    • SSDEEP

      384:oScxrwQAxo9nxtnKqG46CN2QeWiUYUqPb3a/m/jVSb9mkw7oUWGiV8ueAdYXXVra:oSOwQAxKjGBCQ7WeUIa/m/jSsA8ueJba

    Score
    3/10
    • Target

      GetHardwareID.exe

    • Size

      1.9MB

    • MD5

      a62352701d5d9d15819bc8e769f26806

    • SHA1

      c40d3f42fc529dba3d738484abe21f875ab87421

    • SHA256

      80a81dddee52f1dab62fb00b340df7db6b6b874dd8e500ceaf865b79ac5a9f85

    • SHA512

      ef8614a5c90dd50a511a0d63d870727b11c883e63ddec7cbd1b3f71f383ded62348f1593b2409e0daf74ce5da6395417d7eebb8b83ed0a925a78e595f0cb3453

    • SSDEEP

      49152:tlbFNOIcASaTxCeT8cKMB9hbXVTkTNek+:tx7WeTTK8Xs+

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      MSACM.pas

    • Size

      52KB

    • MD5

      8d3667d07add1e8427f3c0c8f942552a

    • SHA1

      5738b91274c1f51a643014c67e7aed8c980cdf03

    • SHA256

      ea4c401dd69474bf4516f4843da72b33b31befdc88b14f6face325b741eed7d9

    • SHA512

      4b5ea31dc67c1e6021bf0a0a229f92aeb3e7bb83658bd8523d09490b7b0e18de60bd68c3bf59dac499beef978160596e5dbacd7f962ec7e6c6fea02a69a8b7af

    • SSDEEP

      768:6jKgV7f4AYcFoAhLhH4tK8x9fw4MmcRQkssh5H/V3DFAaHafagqJ66FAaXazaNna:EGOLhH4g4MmcvP41

    Score
    3/10
    • Target

      ModuleLoader.pas

    • Size

      10KB

    • MD5

      35de3558bc7042b105c83c0fdae38e44

    • SHA1

      2416cc6b86c85c5dfbe18c5e9cfd5c9411e9ff6f

    • SHA256

      d83a754a011c3af8a7bebed1e7baf3e4592108a8d52a638a35a9b1dbf161b22d

    • SHA512

      a8e4a93e7b45284472a544e04c34d50965eb33d0061da1c1805a422b1989d71da8a65b61b6189df2a7ed27af526a951e029bb54419ad296f0bf5ce1b5fa8ea55

    • SSDEEP

      96:N/DENmNHf1gfV+1kNYh0IknHrkDHSrowTw6wnkWrlZGVgnHcgDHxEwUqwp:ZvHqV+YYh0RSyne9rl4S9R3Cp

    Score
    3/10
    • Target

      Resources/Mysqlite3.dll

    • Size

      171KB

    • MD5

      744dcc4cbbfbb18fe3878c4e769ec48f

    • SHA1

      c1f2c56ee2d91203a01d3465f185295477a1217d

    • SHA256

      33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163

    • SHA512

      706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21

    • SSDEEP

      3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Resources/dllcrypt.dll

    • Size

      199KB

    • MD5

      ffc0c52d8e0c85c6744cc391c066e569

    • SHA1

      5b322f12a80e104381e1de2b5e54762ac17d91a6

    • SHA256

      3bdeb12b503b2ee92af3e821a626b501fc7ed7aebf308a959e0eae5c44240b39

    • SHA512

      9b6c29ee451f3446ee5300e24f36e25cc1b87d23f9b294e060745bf4dcff45ecf060532ecb33513e895ba74c95dd6100c9481cf2b65de63f9650873c5499ea98

    • SSDEEP

      6144:dqaBK2c0EQCNmRjQnEbfNo4cltikqE6DhF/EGy:zK2CVEb3gtBqEMDI

    Score
    1/10
    • Target

      Resources/rar.exe

    • Size

      190KB

    • MD5

      82ffa428a9c4b7b49ef4a27e3ad13926

    • SHA1

      d89ee13598fd32078b54341411fabddf69eb4a3b

    • SHA256

      f07e332285576a713f0c781983b6b901d244f49f02cee7c312c110ad7e1454d4

    • SHA512

      ab1db03f6e93a20c95685faefd6c9fb321b91818839b8bd42d6004cc991f56d4db294569b38c23c8041206a5db5c2f0f5a97a6e6ee1b6576b1b1750ff96ccdfe

    • SSDEEP

      3072:wGEJuTyGwFM2lRsBGNt0JEFPpLunaHssRz1Uvt8zRO+fxnP+htM/MmfwSevx4z2V:wGEE2Q2MLeFPFunossRZUv5+fxnG4YSs

    Score
    1/10
    • Target

      Resources/xupx.exe

    • Size

      283KB

    • MD5

      be8eb456a576ac47d47a1781df21c174

    • SHA1

      315d006b5cdfd5cd9204aff36e014fa9f233e282

    • SHA256

      aa1aa0f123e01960959fbcb4e757cb450fe931c71d4ba5b2114f344eeeea28d0

    • SHA512

      db78fa40668879d9d33981cd28811dce88371d88cfc6d4a44d85f58bc3300790ab43cdf8e689918425021d124ed1545eb225c8542f18f937fb8e7678abaab2e9

    • SSDEEP

      6144:VxweyhoBdsmDFALbO8y15B7vCgv5NVlu5aZ8VElsvQ4P6QtXoOLEc:VxX+oB6mJALbO8y1LpI5HmlF4DZ

    Score
    1/10
    • Target

      SQLite3.pas

    • Size

      29KB

    • MD5

      833aa4c1ce0297639ffcfa1e07b40aed

    • SHA1

      eaf2b58365980bfec6004e0a057719b56b59be4e

    • SHA256

      ebd0f50173e8fc3a81a50313851c46a20df0f04f5bec55abe50eeb8e8bf947cf

    • SHA512

      e538cdbbfb441b0f64ae14d4c55c91a26ca06bbfe3fa4db503ee028788d253690a341ffe2dde582cdada03cb8aefd084d42ee613ebdc1b6ed975a14aa3e93249

    • SSDEEP

      384:ct16bhmadzkHpiHckev/kDOGM+D7mAyCbgG5NiiaafqXYxhV+afofhBuGe03+kMA:ctIhmGHgEihSghfiGe03+kMlLAL

    Score
    3/10
    • Target

      SQLiteTable3.pas

    • Size

      41KB

    • MD5

      547b3a3aedc16f6b9769205ae09a77cf

    • SHA1

      505df6ffcd7deec516ddf0a6b9acf57a8cf781c8

    • SHA256

      8a968753063f1f2ca89856c36caaeed4d0b08f5de2b1110898ba98b837c8a488

    • SHA512

      52d6fb9d1919b88231e156f6d0eecefa88d8025d3c99d75bb33b6195a18311bd73eb8a69b44a9d0030bbfabc556bab642a6b48c0a3de7b74dfbb51fea5256425

    • SSDEEP

      768:HbVvGS9t/dhxldXALVr7Xe/JuN12jaCB4FQgt1sgO7V80P:x+aZdhxldXi5Xe/JuN16aCaFQgt1sgOH

    Score
    3/10
    • Target

      Servidor/ACMConvertor.pas

    • Size

      9KB

    • MD5

      cad73f4c44f2a8c2d5e5df0481944d47

    • SHA1

      7d8a08be650b3b3a0cf2f38ba008fa3020883059

    • SHA256

      ce5d9e5b15c92f16de6b170b419165ee941a15836da92d490ab8734ca52ede2c

    • SHA512

      fbca6cdc9d57e0d35bb8765f00583a9aa20f583e686a34bf041ec8f599e4970fedb20c2938b96460a5ff0023352df5a437fb00418d3f9e4dc93d0e63444711c5

    • SSDEEP

      192:QeQWwaYdlqWe78YFpfIXhENUHSqjsY0WtQCwOX4hUik:UTElLNcjcWtQk6Uik

    Score
    3/10
    • Target

      Servidor/DirectX/DirectDraw.pas

    • Size

      263KB

    • MD5

      df97d2fcd1c430822b2e6ba5c52c2da5

    • SHA1

      22a6b7385b58ce6b8d3905c98f8009a35f467853

    • SHA256

      44049d7baf37bd667a77ac1ac9ed2004142ba878b874c1e8d45541110e4eefcb

    • SHA512

      54eaa702c5eadfe0d3726ae8e27283e7d134d5426747cbfb34225063bc8f4e056ec1f126cfd0788d0253ac742840d59039aee2e273337403cad762664e6e43b2

    • SSDEEP

      1536:U3VlUlNA2LztaqLzta3gIdHGy6jB/SlKtdilEudi5jfKidmu6lIw8tb07javny9e:TNACjGwhIa6Eudi1Cif6p8V07W8AH

    Score
    3/10
    • Target

      Servidor/Indy10/Core/IdAboutDotNET.pas

    • Size

      9KB

    • MD5

      0b944b352047adf25b9026336f0ec9de

    • SHA1

      e85668a2327e19b87280ec64e0447341d86d6a28

    • SHA256

      d4f39242568d6d1fa346b62f4fdf4900d595ca9c9db41554d88401fc18841b43

    • SHA512

      57dcbcf8da7981ff8174c5ddfd6b7673ea2927129c829559d06bc4767b5f9cfed50cff62eb7b331bfb906197c1ca3603968f8e5912942c27d6dd3021d927729b

    • SSDEEP

      192:AKDF1WaerfdguJifP0HhubUW8SVpWw8c29aV0z8cP91TuF846tXg25oJPRGn0nRf:5DF1WZrf2uJin0SUW8SVAw8c29aV+8cQ

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

10
T1059

PowerShell

1
T1059.001

JavaScript

9
T1059.007

Persistence

Pre-OS Boot

2
T1542

Bootkit

2
T1542.003

Defense Evasion

Pre-OS Boot

2
T1542

Bootkit

2
T1542.003

Discovery

System Information Discovery

2
T1082

Tasks

static1

upx
Score
7/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

bootkitpersistence
Score
6/10

behavioral6

bootkitpersistence
Score
6/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

bootkitpersistence
Score
6/10

behavioral10

bootkitpersistence
Score
6/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10