General

  • Target

    af7323db4824b1ce7f7316783ca5db5c_JaffaCakes118

  • Size

    31.1MB

  • Sample

    240615-vgy77sxgra

  • MD5

    af7323db4824b1ce7f7316783ca5db5c

  • SHA1

    47df186878a9fbfed8d0d32370e9453cca574e15

  • SHA256

    b0abc71ca4e6d51fd6d1bdc37ff7d9c07ff5bbb306b8544a26e9ca70cfd69d30

  • SHA512

    378b69424ef3a8d81edae0a2810ceb2c14c01e7c3f95be85d588ea426e37052350652e71456277e2ef35369e7943a672afd705322bb70c62841e3435da14d248

  • SSDEEP

    786432:JuslZmGFW2Ih+4SPTw4m281SIziOtkcmKD6UJ7vqyCCK:JZZfIzSG2XI3P1YydK

Malware Config

Targets

    • Target

      999????.htm

    • Size

      101B

    • MD5

      75570b806f2c9930812b6b71c4f0d26c

    • SHA1

      111d0df233a973b15c7448bf96246d491655b0fd

    • SHA256

      afb5671178dc0edb69866c5cf996dcc237253187dcd4338265643fc904b94781

    • SHA512

      abf90fb21a2060ae6d2263da533ec2858ed46383d9dbf8769e7e4b0a5ecc77b6517a26d143d05f88807e2b1832fc982876dd32465bc2fd3f6680cc906bcb4e89

    Score
    1/10
    • Target

      ???????.htm

    • Size

      3KB

    • MD5

      e671b800230491744feec96674890606

    • SHA1

      f6b727ef6a51159945d63b598f96b9e57fb1135c

    • SHA256

      7d12dfb87a9b2093f7589d97e3aaad285c778d56a4c3f66bf265c0e7933429be

    • SHA512

      8d3f46aef16ed81be686c7e5e08c5f4f716b5453adaf6b475ca8137705b2856e8eba847fdfbb2433df95a096ffca75c57018f0a818849c6e776d839184692c07

    Score
    1/10
    • Target

      QQPlayer_Setup_39_936.exe

    • Size

      31.1MB

    • MD5

      1f1e2c0e38fc0d9241e3f83304a980af

    • SHA1

      2a7bb3752dd11ebde54fea6eeecc1795f6e33c69

    • SHA256

      a06c05e6ecf89cefaf82712cfc99d37acaf2ce9e36c8c52d3347a34172e3821f

    • SHA512

      ea13069f841cb32113da2f9f445537073ea0c35e9df750322ff38f478a5a4d0c0a35cda76adf288298c433a688c0abbb811207f1fe110d838e1dfa1558ab90e0

    • SSDEEP

      786432:8BueHvm4RQMGJos4rFSUMsQXM+/g49yikq5+WRFfuGCCk:8Bz9dGl4Ksl+77doG/k

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      6e663f1a0de94bc05d64d020da5d6f36

    • SHA1

      c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

    • SHA256

      458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

    • SHA512

      2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

    • SSDEEP

      192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/QQPCDetector.exe

    • Size

      1.0MB

    • MD5

      889a3d47b457b6223f43ba7d0e94bcb8

    • SHA1

      02e0ab90f31a47a32811aab0549e12b7e468439c

    • SHA256

      c5c89dd1fdfc508a1d76a1340d7b70173091dde9f04f9c18a9635a17dd386b30

    • SHA512

      646c88c0519ade84e48bba983852bb64fe4c94a9bb7feba9ecee193e58175e814569452393c005d05d3893a0e1622e0bd0dcefabb6314e7bd1dcfc146f3f93b0

    • SSDEEP

      24576:9cH3GjhQB2EBNfvkUY2222222iZDibQCI6Vd2Qy68pCx2U5aaUfR:W2jO2kfvkUgAbl8Qy1W22aFR

    Score
    1/10
    • Target

      $PLUGINSDIR/QQPlayerHelper.dll

    • Size

      580KB

    • MD5

      4e586facea72f75230fb08f1c42dfd44

    • SHA1

      dff381cc6c2c983ec9fc89113dff5effcbfc4a48

    • SHA256

      76fc88804224ab8a62dca91653aa1184fbf60b4dd8813aa72c68aae11f8249da

    • SHA512

      7f4cae033dddcad7b16ea1f34bd9cf19deb3439b0632f1110b6dfd70b57f6f66efaa2737e081528cc8e4f5c9accc7682c55803aa6c203156287c92a6bf2d31a4

    • SSDEEP

      12288:ZHzArlwJDhqWb3vL3of+vR7RkRYNK5Dw21w:4wPqWX3hvR7+R2ow21

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b9f430f71c7144d8ff4ab94be2785aa6

    • SHA1

      c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    • SHA256

      b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    • SHA512

      c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

    • SSDEEP

      192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO

    Score
    3/10
    • Target

      $TEMP/recinstalldl/RecInst.exe

    • Size

      385KB

    • MD5

      4088aa32ca2e2481d7015564a188f267

    • SHA1

      badc988d1a383d17aae6e74697123acbddc8deb3

    • SHA256

      ad2bbdad98c3ecba43b351a680771c3269b1b260a2c5f38030e82831d308232b

    • SHA512

      bf3133dc1d2563b5dbb3c034f4d21b1c2f777857b544abaab6f8e916f7e95f545122cf7b7b7e7097053178b46c36fcb2f06f10dcccb384da39a44c576118f7c5

    • SSDEEP

      6144:HG9aLDCBN07GGiYUL6bshg89JuKbgFfpxM:H7f8kGmUL6IC8LbgdM

    Score
    1/10
    • Target

      264be.dll

    • Size

      749KB

    • MD5

      2393f25444318d9fef32b656b1962b7a

    • SHA1

      5e49183aa0a981c3b37027f59662a62e256be954

    • SHA256

      faa78f80e9c23b4c0b10e0f15cb0855d8d92aa140e2b33a5df290b72de3c8e3e

    • SHA512

      6159557a5dd9ce093746d108888b08913b09be3fc1c60f925d715c72ea7278d8c99f8eced1af07b241519ebce3d6b76c2e53bed01e919312eb83c29e4c30d5c4

    • SSDEEP

      12288:jqc+sgZLAn1Y7iA7/zS8A5O3S9O1o1QuFxld+SV0x1HdhhOSpv+pAVxWT4lMFCza:enpZN7r9W9O1EQuPld+So1HdhhfopOxI

    Score
    1/10
    • Target

      264dmmx.dll

    • Size

      701KB

    • MD5

      a8189f7a407b4127ef37bc3b0a9102ed

    • SHA1

      e8ee27f987bcff5adcbbbee8b1b6b82416888928

    • SHA256

      c7ec406b4181a59173a8c8ae138686e737c02243cef7f506cb07583bd0d3b340

    • SHA512

      4614e8b11308d27e8a4dcf6ebb275781adf4995a49731acb0d6baf7c117982fcf1d93e80927944c5644deb97e0542e103cd302511e56c926213539d5ef062cb5

    • SSDEEP

      12288:gGcKKGoMltFK0ugYDb8qzldHo49MOr+upnVuAZS8lGKOBdI0/oEb9OwB6Ep98vd2:gGctGjS0GfHVospzcKCAEb9Owgg8a+BY

    Score
    7/10
    • Loads dropped DLL

    • Target

      264dsse.dll

    • Size

      697KB

    • MD5

      adf302d70f8a6ffcf7503605035ebc68

    • SHA1

      35e5ac5a2d8b5dfd8e815e87d5e47020235d08d7

    • SHA256

      aff768c132ca74aecd96c55a843bc34f0238acf4fc23837b92e6844bc701cb4b

    • SHA512

      7f1dbbda0cb5f87b81b0386e1b64080a0dcb3f4a38c9f92f7e3e2ec758fa996343486f06e3c5ddff3d7678fcb89d0d3808ea595dc15d0cb89260cffecf66502b

    • SSDEEP

      12288:HlLsRpWQQJVpbF26dqHG4G4hqp2vTUsSp+kue8f6lAJ7QZOy0miUUFE7RBw:HlL8pWQQnpc68mKTvTUsw+kKf57QZd09

    Score
    7/10
    • Loads dropped DLL

    • Target

      264dsse2.dll

    • Size

      809KB

    • MD5

      9c43576765dda89fcf822ea2115608e2

    • SHA1

      b38c32d8334d08849a45349c4fc7e318f334c750

    • SHA256

      7520672d5f03a59036123e9b07664c5ae374e825300a0bf6e5fafe93aa1245bb

    • SHA512

      5451b7aa212842b654f7f16605d0546dc2c1accd48452ac0ed6c054f8b60a3b9da9b16952b4a7c24295e05b759a57eae591bc30388428d81f486d3eacc4f3c67

    • SSDEEP

      12288:ftdHPi8dcTwIW1PcLEhG22eGmhmGBcIXD8/hIlK1bpexqy5TC2Ehy/xB6:fLHFIW1wEhcERpXD8/OlKqxDT+h2B6

    Score
    7/10
    • Loads dropped DLL

    • Target

      264dsse3.dll

    • Size

      813KB

    • MD5

      b8576011a4d270d1ad4dc17415b93a0d

    • SHA1

      02dfdec90f96ae3ebf2c7b3f7cd017f04478397c

    • SHA256

      7f0677d7e93ef501d3cb9475e65d6d9de5580192b3c3e85a554baeedf5431075

    • SHA512

      f27977bd694212324aaa166aa79a8c3299c37b4f4ec0370d723023da83c94752a9f5536ebfc4b20d2f54e1c04c4aa2138a29a546cbbd2d3e8482433001fb612b

    • SSDEEP

      24576:JhWOYMLGaYNJ45jj6/qxOq68Ye5GH/PuR50ndvBu:JoaGx6x6KA8b5GH3uR05Bu

    Score
    7/10
    • Loads dropped DLL

    • Target

      AviSplitter.ax

    • Size

      499KB

    • MD5

      357cb444650461ace42c7c6c1ab33c8d

    • SHA1

      f7cd49ba0b52c92575ff16768dd5516de82fef0b

    • SHA256

      3a4b5c8abe8c5ac72c79093ff2de5878f9b0868853ef1efbff2a395b6697c470

    • SHA512

      adce5042fee8da11212a37e2150293f8f9d843464126567a47eb137e484e7e66ea31b808f8afc0b48e55e6d3a0d37a3b44ec872f8387dd035ceb5cb397726d09

    • SSDEEP

      6144:4fnDhpw6pOHkUN2wmouRQmCtpgM0qDCKmL6dDzQnV0aF2kOj2io3iI:4fDhpw6pOuNLktP07KmL6dDzQV0aM035

    Score
    1/10
    • Target

      BossStat.dll

    • Size

      55KB

    • MD5

      d8ff4e858e02e1b00f0c9e96fd6590c7

    • SHA1

      e1b43577fb1cd3f93615315510cfd570e6e05bf8

    • SHA256

      14f1045b2fcc314e00f0a4dd626f2d8cf0b6f8037785a3a3bf95bb9ce6be448e

    • SHA512

      c26b35303c62d08e7d2eed81002e277353eb2bcb6635a88e78597f95ff0c0c709c4117c29e273031d0006452198364c7c786955b58c6a928cff9d1cc981c7381

    • SSDEEP

      768:7q657ZE/gt6oisxXqJnTuJvgUEUAb74v9bOAMdzMKKRXg8u8e:vdEItcs4kJvEL7qOAMdz/KRXcN

    Score
    1/10
    • Target

      CL264dec.ax

    • Size

      493KB

    • MD5

      f325790375e8781480d28da4cdde79c6

    • SHA1

      1558cdcdad96933ac4cd25274b18f9dfacea0c7d

    • SHA256

      eb08292c74703560e949601d5011b405f51a6bef143dbc359d52481fd862a6ab

    • SHA512

      cf1299b53fe5806bab87426d2e97e3a5834c902bc39723607ced447781a94f87cfa471d7639d189aaf576a989ca386c5faaa03ee0e62ecf532e92d010b75ed20

    • SSDEEP

      12288:rJ+JQSkIgjzNMHii9R9PnQFmYm/WdrF8OwYq+UqiWqZYuZTaAIBt:9+JnkIgjzNMHiiL9fQE/Q8qDUBW7IIBt

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Tasks

static1

upx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

bootkitevasionpersistencetrojanupx
Score
7/10

behavioral6

bootkitpersistenceupx
Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
7/10

behavioral20

Score
7/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10