General

  • Target

    b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118

  • Size

    11.8MB

  • Sample

    240616-lj9maascjm

  • MD5

    b2cf95a23a65114fe6c359a98bd3d9dc

  • SHA1

    6e0398d35925711325ec0ab7e85a6a2dfd3703d4

  • SHA256

    45219bb6bc2c659cb4368a8d70cecce4405f727b88bd4d6cfa93bb4bcecf67cc

  • SHA512

    2adfac81cdc8beac08c4b60c93c0e44b6dcf8cfaa912271291b5873f605adc1f7425f37d99652a9e36546544a4d34ee32aa3207bf83a56109f82404a3264af79

  • SSDEEP

    196608:qdkzxtklvvgnLRHDzDlstn19nDFrRi7RVR4ML7LnSk7APicAbnCIsuYRL6E06:deHU1D0RiNVuMekiicaCkY9T

Malware Config

Targets

    • Target

      b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118

    • Size

      11.8MB

    • MD5

      b2cf95a23a65114fe6c359a98bd3d9dc

    • SHA1

      6e0398d35925711325ec0ab7e85a6a2dfd3703d4

    • SHA256

      45219bb6bc2c659cb4368a8d70cecce4405f727b88bd4d6cfa93bb4bcecf67cc

    • SHA512

      2adfac81cdc8beac08c4b60c93c0e44b6dcf8cfaa912271291b5873f605adc1f7425f37d99652a9e36546544a4d34ee32aa3207bf83a56109f82404a3264af79

    • SSDEEP

      196608:qdkzxtklvvgnLRHDzDlstn19nDFrRi7RVR4ML7LnSk7APicAbnCIsuYRL6E06:deHU1D0RiNVuMekiicaCkY9T

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/K8NsisMiniExtend.dll

    • Size

      1.1MB

    • MD5

      4f06490fa958809bebe23f3ac9e65b9d

    • SHA1

      fa9a0dd8befe4bca210f7d9d2dfae13a7288f574

    • SHA256

      81f626ca246a626ff3eee65766ba68272e61b616fc73ab434f7095efe6a81948

    • SHA512

      d6695ddf9f91a82025989a61c01e1c4de1a42228887d6081bb6891edcd8b77dec665464bfc813118fbaf31aa01a25620a905fa6b9c9e188cee7f9e00765e03fa

    • SSDEEP

      24576:1bU2OgV349O8vzz6ro9+Y9DCjsOG4c3TjC7J1E:yj9s23TO7J1E

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      75ed96254fbf894e42058062b4b4f0d1

    • SHA1

      996503f1383b49021eb3427bc28d13b5bbd11977

    • SHA256

      a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

    • SHA512

      58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

    • SSDEEP

      192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV

    Score
    3/10
    • Target

      K8Browser.exe

    • Size

      1.1MB

    • MD5

      29995bc4d82683db3648557329e51d5b

    • SHA1

      4c7fc59bf7de887c138ecb9e38eff9c32d2ca8d4

    • SHA256

      0710121a5ddd4383cb9a770aba53636418ca26f9dc7006dd8cfc53a73910347a

    • SHA512

      95d032c04d9dfa69f65daf3c669e5f7e82783f3762d54ebb306c60370e424eca5dfa73478e56abfeb6e215df1ea5ab6b56adcb1f71a2b7501227d890040333c6

    • SSDEEP

      12288:v1p1Tkhm90N4BJRILg6NZJBJw5oGe9HJlfzIhyH7T878SDHS:vL1Tk09lekIZJBJeESh4o7THS

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      K8BugReport.exe

    • Size

      136KB

    • MD5

      603440f387936985edaa64cc8cf38d70

    • SHA1

      2fa21b96a26a76d8037a439101807bc19fe8983c

    • SHA256

      8a9949b936f91f5d02ca6677eae6864cb28eca621a41ff0f3d38dbf25116eca4

    • SHA512

      069d93bbfa734cdbd3089976dd0dde19b202970629c18aab1092f70e86ce9d45432260c96b810e37a8b3dfae37239c3683855d3935cab661074ed00c105731ed

    • SSDEEP

      1536:MjL+DdsW95d01huQaureRM2M44rBOaOUvI+n37tUCdxYTCCE0aod8fk0PgDT:psW95g1PCRMmIBOaZIK37tU62fofkg4

    Score
    1/10
    • Target

      K8Common.dll

    • Size

      3.2MB

    • MD5

      8fc25e0b99bb3d925ae711f6c7bea740

    • SHA1

      d73bbf2cc735a583aa27d4cf12d915ca4b87878a

    • SHA256

      5460584aeeae8045ec78d727401042b01d968cd579cfe972a93661dec66d527c

    • SHA512

      4dbf293cd79339bd921ee7cc6ab4f0c023437da2594bf5feb877c10bc3711c51f6c7bdcaf327916f8bee456a7da949b107bf73526edee96dbc3091737338529d

    • SSDEEP

      49152:3dQiASjgvO3nxfDltU7KU+VUq5aTZdsXo3T:td2O3NZtvm

    Score
    3/10
    • Target

      K8DLPlatform.exe

    • Size

      1.9MB

    • MD5

      9b70c3e4168654c1670e3b06a82b1c5d

    • SHA1

      4a48d7a84af53547f53a25af970f311f7a8b00a8

    • SHA256

      29225c2af35241c3bc81aff8e933ee36e9730abd82626696c9294f33321d5de3

    • SHA512

      6632ed5ce35819ca47f098e952458f6f2b3812da29f3bd1ce3f280f80be1438622db12756423690419350de5571f88d1b8989c1cfa87324808682227e08c7221

    • SSDEEP

      49152:hRsPokol6XqQKlh8JjW5B/Rm7DuUA16ZCZ6MA2Q6wWHSx:h+7DI5QtWu

    Score
    1/10
    • Target

      K8DLUtils.dll

    • Size

      836KB

    • MD5

      e5f2c90221dfbd05895506e27e1a06c6

    • SHA1

      7a11f8c81fa1e60b9d7b3fda178322eabc2385dc

    • SHA256

      8725b0148ba726d1c09bcabb34aace733b50aa42bb270832a9dda05a1cf9e41d

    • SHA512

      47e7866f2d387d3f1d2e0e6ef3e9c2dc5af965119dca5fea449d7a1adc9f5784359624b3d2fac5d70b735481c05da7c3cc4ed43f08d98fe1407041d8de0492a7

    • SSDEEP

      12288:6OJhBZBlNWzeqJD2byGdCMh8XryLJ/mQL6kS9bSy:6OJ3ZBlNWzeqobrwM9Lxb6kS9my

    Score
    3/10
    • Target

      K8Flash.exe

    • Size

      852KB

    • MD5

      22e8aa32cf188494cc10eac6649fd6be

    • SHA1

      20da399f93576e2d2e8d68175e277bc184606b81

    • SHA256

      89a6d4ac2dd90a44bb9c6e8e4127e8ed94deec7786c63ea187f6f1c6c8e7ea21

    • SHA512

      b4667722a43d29538d4f175448f96fdabca76972710f55c1dbeffba090bec6849695ad3ae0f332de3a937e60c2581b31cdc1bc2d4737c26317361252cab36ffa

    • SSDEEP

      12288:p1uTeu302Q5w+EP8WuT8hlpuXaD1MODT6mOmE7GWDMXeLAYb6:p1uTeu302Q2+EP9r1MODOCXeUYb6

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      K8GM.exe

    • Size

      6.4MB

    • MD5

      649de09108eb34a85c47a15888301bc1

    • SHA1

      324185622501cee300d09433ef9eef4a24edc2c7

    • SHA256

      fc31aae50b7a11f924581510f457b20a2ddb0c53b182e2936fefa7d0209bd847

    • SHA512

      89603ad349d6ec1d0a16080142fed3b211b3aac1417bcf98c44f419d0cc90613150e5b4cf02b00af24098a4b484286e87aa940c808d2e8b45528be529b97cde9

    • SSDEEP

      98304:O2lrOritJbOBxdSWRZG+OHDvVP/dQhxrTAJ22Yvq:O2lrPtgxdSUg+OHDdHdyxnVvi

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      K8UIRender.dll

    • Size

      1.1MB

    • MD5

      fb39336e039ddbebca99f9062dfcb882

    • SHA1

      b33f78e62e75338163367ccf9b1af172d7e8dd39

    • SHA256

      c60c3658f676c8607e16d279af943cf7a858ede2d1c1f91cd04a9401c6120a00

    • SHA512

      8e5781a7da3e67de3bcadf31f3f007dfa8e47a3caf80ede98f34a77808cef6acb2f377df2056ac6b9a85e9413f6a162e0df6e8c110c90e796d12556f0b3f1f84

    • SSDEEP

      24576:2/TugCqjXmcjeIToIwG9dtldeNCHOw0eCCyjap8pf:Yvbea3thmeCFHd

    Score
    3/10
    • Target

      K8Update.exe

    • Size

      352KB

    • MD5

      0a29343747b537a8a6e2091e1d8b6552

    • SHA1

      a7b79a823b64c39ce91ad8a978a21dd6f4fd2205

    • SHA256

      5aaec9dfc1d0cb79b035ccdfa07989c3949bd601cf2ee2c96c50172b7436eef1

    • SHA512

      f89b4a9a97c82e87b99fece4ce81f45eab2544bbbb5d35191e468512f30d27fb5541363d7f43225f28c645f8d85ca397783d562532b3fac7d64b6219571a965c

    • SSDEEP

      6144:iIXU2XB+RNDwGtlkYuu3eHqr9rsOQPEKqlRlNtRR:zXU2XeUG4YsHA7LR

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      K8UrlEncrypt.dll

    • Size

      38KB

    • MD5

      c2d7b02b0efd893f70a194629a6d701d

    • SHA1

      428135cb98b5f1c065aacdbb03923286bd8dae5e

    • SHA256

      4fc899e006ba4c2d474c4a97778a42a154bf90ef187f5afe245f1d6021dce6d1

    • SHA512

      64c656fd6f9f62441919e46779449652333dcee9a72e5a0427ac982b351be55628ba01f82c3512e3c61ff99c0cf4ccfc5ff2e7eb3645019de57d914972d52664

    • SSDEEP

      384:qBYcaN0PtDfaXQAo3liSgsRjP+zfb5j56qCViOM5OArZ69rEZsaMiBT6VMK6jrik:qm6b3job5IqGmOAIKFRDKgQuIhW

    Score
    3/10
    • Target

      K8Version.dll

    • Size

      24KB

    • MD5

      ca008ee047d2a1ae71a2fa1acad3d663

    • SHA1

      06c497d5746db3166070a026cd88948af414836c

    • SHA256

      5bf35c652a5f1faf9ae50347f480a8e35e28d3ad8fe929a8a692861174bbb64c

    • SHA512

      797d31d63948b53a4088671f5c67f0e6e8d21dd45fe0aa3590924cc9bd20c4f84cb333fe0e5f2e67148854cda204235a142479ead973c9c28254273954427b5d

    • SSDEEP

      384:p28rx6BS5Mdrq69Nqw5eAAfiBT6RMK6jGiBT6RjQPnhH2X:3rQBke7PoMzKgvCjshH2X

    Score
    3/10
    • Target

      K8Web.exe

    • Size

      156KB

    • MD5

      4019455b0cf699f6a9393bca7a0c1dc0

    • SHA1

      d3a3d83dc6b07f4a49f6c2c81dab581baf639120

    • SHA256

      a1307e89ee17cc334391b4ba59a235c579a968f7f506c5b4992c75baf91e7064

    • SHA512

      89e13addd93ec8e3c37cbf2c521d72289d071d9a6e059f7ce248af0a1a4fddf8b6f68411270550c7c98f6e1e4d3fa1f602eb6d6411624891dc227030f19c6ec6

    • SSDEEP

      3072:jIr4BKNrihzDWy6LmG/GKotQKBwtHK+OCL0MeO:jIr4sRYzyy6oQkYOCALO

    Score
    1/10
    • Target

      Uninstall.exe

    • Size

      1007KB

    • MD5

      7ab82c3050cd78c529cf3789ba4d0c8a

    • SHA1

      3d904497a84840340bc91125965fec5991fe9bb5

    • SHA256

      8cfaa49262e62d8474d5e21a5b206394189c601e776d37503d5b57e9af65b5a4

    • SHA512

      07289579aab37eee49e2ac2081dbfefefe94e3262d5497b25ac49f942d7798d8d067cb19ac0365c43a68e043ae33cf6e85b77aea9440826b76b8ebbca50d95db

    • SSDEEP

      24576:Jov35e2VBbPkyexsVUCr30PbYFjvVcbE6QSutPKVI6aZHrNa:GJpVBzkyS00PbqjqctLZHrNa

    Score
    6/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoveryevasionpersistencetrojan
Score
8/10

behavioral2

bootkitdiscoveryevasionpersistencetrojan
Score
8/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

bootkitpersistence
Score
6/10

behavioral8

bootkitpersistence
Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

bootkitpersistence
Score
6/10

behavioral18

bootkitpersistence
Score
6/10

behavioral19

bootkitpersistence
Score
6/10

behavioral20

bootkitpersistence
Score
6/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

bootkitpersistence
Score
6/10

behavioral24

bootkitpersistence
Score
6/10

behavioral25

Score
1/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

evasiontrojan
Score
6/10

behavioral32

evasiontrojan
Score
6/10