General

  • Target

    ab365d31e7e949098d533855500ad28f_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240614-yp4z7stdph

  • MD5

    ab365d31e7e949098d533855500ad28f

  • SHA1

    852e65fd92f26fc46a82a3c1d219de7a1c5a0d33

  • SHA256

    b285fe3977d0bd1f5ab5f72021675a5a4e6e4735cdb1d9a798b2baa08b1d7cd9

  • SHA512

    2f6daa54d06787a517e63da80052f2bca9630d670721f57ab2447c1c775475fc2d04cc750596ae3b0fb9b840b16a5a806a6122db68d5f9bd0283cd33ecb233e0

  • SSDEEP

    98304:FywMtxH5fEmDbwyHo2XHotY1hOqGxFamZ4V8UTmex2C6re:FdiH5ckbwyFHotY3DE/oLx6re

Malware Config

Targets

    • Target

      ab365d31e7e949098d533855500ad28f_JaffaCakes118

    • Size

      4.6MB

    • MD5

      ab365d31e7e949098d533855500ad28f

    • SHA1

      852e65fd92f26fc46a82a3c1d219de7a1c5a0d33

    • SHA256

      b285fe3977d0bd1f5ab5f72021675a5a4e6e4735cdb1d9a798b2baa08b1d7cd9

    • SHA512

      2f6daa54d06787a517e63da80052f2bca9630d670721f57ab2447c1c775475fc2d04cc750596ae3b0fb9b840b16a5a806a6122db68d5f9bd0283cd33ecb233e0

    • SSDEEP

      98304:FywMtxH5fEmDbwyHo2XHotY1hOqGxFamZ4V8UTmex2C6re:FdiH5ckbwyFHotY3DE/oLx6re

    Score
    3/10
    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS7z.dll

    • Size

      403KB

    • MD5

      d3850d9ef1d81d2ee2e0a1583e3292f8

    • SHA1

      36a88c987ac8fff6d97f5eea9af5c7421f0496ae

    • SHA256

      47ee083861b20a03a751593073dfb533a0aa447833bfb190a73732c7efb2a2b2

    • SHA512

      3af395aeb470f4f5f26d2072811be2d15e90597ed40d5f1a6ab53e6b66f8a143785868db0476cbf129751cee2ae070ddad179848830e1215393c826101f9caac

    • SSDEEP

      12288:PwuK6S/tEe0pY+IOLFZMMR2u6qpYvuhX:PwuK6S/toFF2+pY2

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      94KB

    • MD5

      0061a96c8ff17ad0927aae65b5dfe06b

    • SHA1

      9d1bd69d930ccda683e6b7c2c0d1dbe3b54861fe

    • SHA256

      2aaef1ed8a25097b3a807568daeffd3320fa29d6de66df90a57beaa8df8949cf

    • SHA512

      c6b887a4e1682ba1e126c93bc4d886c7f1ce392f97866e631c5b8a945824cbefc9af2429a14c2dac3b16d97bd33195d4378a7e92ae53fdeb47197452d4d90fc4

    • SSDEEP

      1536:0yy+i55jAPWrI5qXgcAZ5c4DB5G7NXE9eOO2xwN:3y+i5i+kEQcAZXGx0cr2xw

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      56a321bd011112ec5d8a32b2f6fd3231

    • SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

    • SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    • SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    • SSDEEP

      192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

    Score
    3/10
    • Target

      $PLUGINSDIR/nsCurl.dll

    • Size

      450KB

    • MD5

      6a221b227b7885b5aec037482d33a4c8

    • SHA1

      f9fd36464773e3f1c22e7fe7afaf9dc39b596c50

    • SHA256

      2e1e6ef482cb655de23a5ce4a5b206d50f0ba8676d03df2caf0e01d20978619d

    • SHA512

      a31bd6b98f736148401635a86d40c2d00813eae4817e321553e3dc110a496d83596cd34ef992600a1353831811bb83313c50d3862dc4fa2ea6ab87c3baeeeb12

    • SSDEEP

      12288:nJQrptp9d6QBFaye79Folo5i/bUF6LsEWRBh+WdbKMCktYD29yM669uO7Vje:neptoBcbM/SK9Je

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDM.dll

    • Size

      658KB

    • MD5

      3fd2319741b4c2eccb9ba941c73bc196

    • SHA1

      9d9515fe01e731d8798c893a2c1fc5cac8839f6f

    • SHA256

      07bfbd8942db358344e1a3259add6f2a8cf0152f39a529a9323e1f67c119fbf5

    • SHA512

      52d70e29ae2b9773b052cf451d57d8a4313be9bf2139b75de952d7ec44630f8d4fa2ae7c47919deee31c9c462e8a0292a18d0e6812d165e23eb3104d11298a86

    • SSDEEP

      12288:HV4eJ08cBim3qev6vbxUxZU2drcs4YnmthjmsywJLiGibk3Iq0xOrOGyp4jln5NH:15J01izln5siaKE/sTVSE

    Score
    3/10
    • Target

      $PLUGINSDIR/nsUtil.dll

    • Size

      145KB

    • MD5

      0bcfa4ec930d26bb4a1245cc3d2962b8

    • SHA1

      34816a9dce9c2137bfe6d3ec1b152b9521d57623

    • SHA256

      81d970704ae1c26fd9400cb002c9a0efdc46ae85768c01a27bc6486c506dcc61

    • SHA512

      11b49001130c92795527b8d757ca36d16f16ce52a71772348be128a346d53753d073f53b5e4f4e4ee7eda4d03aaebcf8d185ccce225fc62e3972812be0bd392f

    • SSDEEP

      3072:ud1VOLqqs2WNpt3pVgAd9VJkp/nJGGxdeDfl:uBNphpZd9VJAxGV

    Score
    3/10
    • Target

      Launcher.exe

    • Size

      576KB

    • MD5

      6bcaef62067ceaad6f39a13bb757feae

    • SHA1

      617945a3457f87b0917a30b10d1bfc53fe554d4d

    • SHA256

      8e357015aaf2efd4612f2c3edcf0eae6432ddfcde0f6028e66230e97e0151837

    • SHA512

      ba1d82b8e3c2608cfc1cb1ba7fbc1ec76f4ea728cacaf4c7007b32dde8aa76a5c09b4d341b838913cd13bcb29dd5654c57459f55ddb5f263b35640eeab8aff7f

    • SSDEEP

      12288:SEVwLN67lrllsZxsj8tvfr1yIaVhw9oU2ZO8G:6IDlsssTaZU2ZO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      2.0.1.14/BugReport.exe

    • Size

      266KB

    • MD5

      6ab018f604e0130298c55478c5a4d632

    • SHA1

      6a2eb5f461659ac3eba60d2122429779ad8fbe63

    • SHA256

      faf3573d83a672c944f1570a5f38ea5356a82910052f4d43bcd64a294a192c1e

    • SHA512

      facbb8c6a1d65b0ead997c7338b212e031626abc019da2c043a23782cf76cbc59fb0c8c9669e7eeef2d67dbf2da6cb4d10bf5243ea2ee7dc192a9edea14f8278

    • SSDEEP

      6144:Qzvo01uE8D7i1IIQL14aon1WCPyj6NB+M4TBTvs/3N81OviSh:Qzvo01viiSIQOR1WCPyj63+M4TdvsS3

    Score
    3/10
    • Target

      2.0.1.14/DaemonService.exe

    • Size

      565KB

    • MD5

      ba1434c2c54eaa1755527c2efee450d0

    • SHA1

      14a794a89035188665ede87e5e4eef285e438530

    • SHA256

      224be3088596aea28b4f7892439c8fb11960178b2b3f4976b8a4262bf4d276c5

    • SHA512

      d5799f492a4c08d8a8a2a4aae79f94de8d62d7e67b6d7e37029faec69a5ee9b8564b6755486a1208c8b1ad1e8c6f2a7fa5bd4ed4f93c0cdfd577583c72dcbb94

    • SSDEEP

      12288:HM1m5pWfWBXm4equ26QaBvlk1BqEufgfiVdqT:s1heT8plMBqEDfwE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      2.0.1.14/DmMain.dll

    • Size

      1.3MB

    • MD5

      324c06bde03d0f7df5957c69b361d05b

    • SHA1

      a3bdc39f15071380ddd73736b23cbafabb31968f

    • SHA256

      c06d83d2aac79b481530821b0917a475e089d38eb45cd52a525e4cf9f1ddf270

    • SHA512

      2e5f995887f7c885104c52f0c6271ad5f4183e71abed20da0b395dc03e6acc2d9a447900296de48b19af441d52829fa2221f7f7b565b5e59a3f74ce328b88570

    • SSDEEP

      24576:Z50jWHjzFZYm/1K2fQDIArICJRriL4YARrjRAyuu3BGI4B:v7VqiBB

    Score
    3/10
    • Target

      2.0.1.14/GPBase.dll

    • Size

      1010KB

    • MD5

      08be53c783040d3818be0b0e8236fc42

    • SHA1

      e88c081cc26fc259f2be4719ce7dbe4263f19ee6

    • SHA256

      e53b2aa4df2171fef54b1b70851b922ffe609f5711987235e5434d2ca330c03d

    • SHA512

      da988f84ec9188f166c6b95ec721571b2aa37fcedafdf079b31ac123dcd4b3a4f93ed81a0c3cce3b2edba8dc9bd1ceab2c12c5a76c34af26a5793a8047c0ac18

    • SSDEEP

      12288:8lR0DnFifkjromZgObeWAxIQcqGYjf8Vu7DnO3/v0PtsEWs4+HTs8iQ6y9vkMA9s:tngNUqHO2W3+YxQ6y9MV4hZOh2v9

    Score
    3/10
    • Target

      2.0.1.14/GPLogin.dll

    • Size

      639KB

    • MD5

      a1f2ef2f06ef852690c54f4085c982e1

    • SHA1

      55856a86a8e879fc892aff7db532de43ee694a0a

    • SHA256

      fc850654906a6c3649e7de53df1a212c3e989696c57622e3e5af8c032d9381f0

    • SHA512

      2936327033aebb090b24491c84f0a6dd922e9baa489ed7ccb45909646d50552e6c1b92fa3c247c127ea6a496a0c97d8b352f065aabdc9d88ceb95aefa2ef6658

    • SSDEEP

      12288:i6as2oAxGtfHz6FIxFS3xqn6Jjc+daNsTp:RFAxGtFMx+6Jjc1Ns

    Score
    3/10
    • Target

      2.0.1.14/GPRender.exe

    • Size

      150KB

    • MD5

      ab7cc4e164b82cce0e0cbdb688ac3d9a

    • SHA1

      1ef263bff4bebd0128613e1974c61a71e562b61b

    • SHA256

      8f56cf27a0b735e5adad6ea4162ca0c6a1e6077d5e4252f2a69cef4ca293352f

    • SHA512

      d4fbbb6c11cb89e43b2a34d392ea77e99a5e232262010caefb5d758d9c1f5e1fa1417c2234ed64ea92b292bedb07af944455dda10bec10a09132cb69a5d566d7

    • SSDEEP

      3072:uYYmY7wTYV1pGYnAUFdYf0hWCFbOqOkmqwUwphc4I36Ft4KKoXyOXKtK:uz1LUkrqFtZKoXyOa

    Score
    1/10
    • Target

      2.0.1.14/GPlatform.exe

    • Size

      1.2MB

    • MD5

      e7d7dcc8625b4a0e5beb3aaba1206def

    • SHA1

      bf97e814da1a57c645faa1f6c45577598af0a252

    • SHA256

      854e769a4004f28813e52b555a4fdc37ca9066efb32919984a9d65dbe5c90314

    • SHA512

      4200357517a355cb4b6748ec21696a7fbddd99f9e08a3c6d2b5b1e5f44971d9ad2537e15dfe76169ef98227e2b46b5a2f00fff9424243f3bf8c3c0df94b6a5fe

    • SSDEEP

      12288:PeFK96gO2U04Q0Xqn2XmSJ3PAgOIjwCKILETMwok/rll3pMj11ydegfSCuAPFx00:Zq2UvnCjbrlEj7y1fSCuAti/

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

3
T1542

Bootkit

3
T1542.003

Defense Evasion

Pre-OS Boot

3
T1542

Bootkit

3
T1542.003

Modify Registry

1
T1112

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Tasks

static1

upx
Score
7/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

bootkitpersistence
Score
6/10

behavioral18

bootkitpersistence
Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

bootkitpersistenceupx
Score
7/10

behavioral22

bootkitpersistenceupx
Score
7/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

bootkitpersistenceupx
Score
7/10

behavioral32

bootkitpersistenceupx
Score
7/10