General

  • Target

    b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118

  • Size

    21.0MB

  • Sample

    240616-savkbs1grr

  • MD5

    b418c5e9d972d76de2fbf0bd68237c77

  • SHA1

    c33ff841d7cd1b3c904a7a958271b1c29c7042b3

  • SHA256

    879b766e2a825617f674964cef9f6db5b44de7b9db6b2b9b2c6d0e4d7b068989

  • SHA512

    c884f37b987ba040609553491118b74410e75e04f373ae768c8dcbbf75c768833e3ec2a7d0d1da9ebc1c1d404d545a3286d58275db9a6097727687dbbd619a3a

  • SSDEEP

    393216:8IQGgoYzEgFvXbDOMc6m9oFG/HKA0/sJW7ooIsu+fe44F29y+MsdxoanmcDkIlm:8ZoYogFvXGMcBwGvKrs4Mj+Uxmxl1YIA

Malware Config

Targets

    • Target

      b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118

    • Size

      21.0MB

    • MD5

      b418c5e9d972d76de2fbf0bd68237c77

    • SHA1

      c33ff841d7cd1b3c904a7a958271b1c29c7042b3

    • SHA256

      879b766e2a825617f674964cef9f6db5b44de7b9db6b2b9b2c6d0e4d7b068989

    • SHA512

      c884f37b987ba040609553491118b74410e75e04f373ae768c8dcbbf75c768833e3ec2a7d0d1da9ebc1c1d404d545a3286d58275db9a6097727687dbbd619a3a

    • SSDEEP

      393216:8IQGgoYzEgFvXbDOMc6m9oFG/HKA0/sJW7ooIsu+fe44F29y+MsdxoanmcDkIlm:8ZoYogFvXGMcBwGvKrs4Mj+Uxmxl1YIA

    • Creates new service(s)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/BHips.dll

    • Size

      639KB

    • MD5

      83b138b4a08d2ff1a7ab676e4361094e

    • SHA1

      78be1099c2162fb01c573a19b45254e66a56de17

    • SHA256

      fcec446562838780eef67d75d2a5bc7352629790b03c527f89e4ea7aeb6f62c4

    • SHA512

      ccd46c6281cfbeb1b3db2704c83df2455ec92bbc687d129196dbba5aa6f42b336283e930118e51d4c091d974a7f17f94bab16c1f980f62268c4acc78bb841ac9

    • SSDEEP

      12288:uSFTjQa8P6cYmQDYRqKvGaNqAQe8KKfdpo2QN+QZQZ5QQ3KNR6:uS/ogcpoq2QN+QaM0CR6

    Score
    3/10
    • Target

      $PLUGINSDIR/BaiduStore.dll

    • Size

      1.3MB

    • MD5

      4f0a89c68d582239e568e0122f12378b

    • SHA1

      44485f429e15f9fd4708da343db426af4798f4be

    • SHA256

      747cd184c27adb1785df6d9a7c607284a22834aa7a6d7bcc87477916dab252fd

    • SHA512

      ffb75a692cf12712419ced6830c51def360937b38fe7598b5358ea397982e0224eb59222e1b79887f6009b53301fcb1f16dd1b086944add62a2373ebf3648c0a

    • SSDEEP

      24576:UjrBoAkdufuFN1EqEPawGrJIlR7bKiyZipKvz7Zfnn0Bdd9Xs2CvrFTeAm:kBoADfuFNCqEgJIjByZiwvz7Zfnn0Bdd

    Score
    3/10
    • Target

      $PLUGINSDIR/Communication.dll

    • Size

      294KB

    • MD5

      57fc31f4ad5ce35a28e880f78416dac5

    • SHA1

      d30f12ea9e254afbb2f3ed1ef82dfbc24ba2b7a3

    • SHA256

      82bfdb645c71e49b1374b57f2751f5c2a884649ed35d8ea007d9e7a4b0118d16

    • SHA512

      b251d83977aea1f0c97477b4a18a7a2ecbc18fe08c1be367e8e8dba7b0d473894fd9986e6390dd2959c8af7a164998168d7c2846c59f34cbdd2edd6980a8c3a7

    • SSDEEP

      6144:ROU/hnnE4SfxXuQnvGLLHSmB67dA/TM5Kve3+yh:ROU/hnEP9uSv4LHSmB67yY5uSr

    Score
    3/10
    • Target

      $PLUGINSDIR/DataReport.dll

    • Size

      370KB

    • MD5

      9dec9d48b6749a5fc79ea490021c7a8d

    • SHA1

      23b213582737fada606ffea7dc746c7e4ab152a6

    • SHA256

      7f49ce3c95bb5cc8eea15076f06e1253cb38fd10022cf3393a1ee63f23599872

    • SHA512

      6965068fbb47063caf5208539dc83961660615445f422d48efc5669f87d576865f3f9d728e9a6ef9993672d58978e3413e0356e816a3b0be6b098c484a8a0a8c

    • SSDEEP

      6144:oLBRmIPFf5dvUTmnyHWGOVYlz/TsyuqAPhPLXDR5L0425291Fi:oLBMCf5ds39TZuqAPhPDFOg1Fi

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/DirectUI.dll

    • Size

      898KB

    • MD5

      f0b7e7337e0bb970ceda79b1dd22402b

    • SHA1

      c267d44b6f0727a58610884abcf3ee8b1de11fa7

    • SHA256

      91832c2d5d3ae7360bb744b35ae3a5dd4548d9b4a52a3272314b2aea24a7df9f

    • SHA512

      59471a5f8c36fdf17b5e72ed0c7f3d4f3e43db584e4a5c3fa8ecec15de42c40825fdbeeb5b10aeddf21e530bbd5d7248ba4e5c1e1ff588cdf4c2861535ed7a05

    • SSDEEP

      12288:twI/5HoxVSXDbbUEicz/NkUIvgbWaUwYCJdjtpTRhumfet:h/dTXzUEtzH73YydrTaaet

    Score
    1/10
    • Target

      $PLUGINSDIR/InstallCheck.dll

    • Size

      47KB

    • MD5

      0a37ea52ac8931bc0a89cab3830a2230

    • SHA1

      1743a791543468f6afe9ba22843ab6d95a0c3331

    • SHA256

      07c15067e428feb27a9c84f9fa5ab46436c9438cdddb63785167ca12c9966be3

    • SHA512

      c2acdd9061b488b376a23de9e1e3090210a44413c1edfd9933a32e0130f0c84f14381b814be53f7082676accae56cb7c44f6afdb98abeeced16f7dd4939e97d8

    • SSDEEP

      768:crlLZtBk8WguppPi9bQs5krizQpd0+KC8gYURs:crldb6Di9bQsCtE+GgY8s

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallUtility.dll

    • Size

      1.2MB

    • MD5

      05490f52c1576afa1465866f515f5409

    • SHA1

      53cd430a845d799a4c0c418b0ff2aee9a2b12885

    • SHA256

      abd182b1b8b9473ec3090cb09b137f2a1d07426754ea8f462be59c22628a3c02

    • SHA512

      e1f72f1c651d9603e6ed6ffffaf70af593aeda21582b7fad902981ebfd2befbddb2a131a918cd0a5703b241cf3cf2bdd07083727238af9d18274219f70398499

    • SSDEEP

      24576:cveHKWwCGFqheAJKgXf7/AxCfeqgJ4CM9c/45b:+kKWwCGwgGf7CCfaJRIc/45b

    Score
    3/10
    • Target

      $PLUGINSDIR/LogReporter.exe

    • Size

      509KB

    • MD5

      38d32107ec85918a171846050694ee47

    • SHA1

      4e66d40f7a6d56c95c4a8faddbcb3feefeb16e1c

    • SHA256

      260989602417921d3beafb9e77cd6b02c883b5965f0c226893d1bc6b0affef5a

    • SHA512

      258fa20e708f5f6f21871182a27cd3211e1e4c28f474a02f2d17f52d9abde64d18721fc445a15db33d545934c3cf6fb608770361c56db6382975f59c28d20858

    • SSDEEP

      6144:bV0XJOQ2ZjQu6I4vYM8gM+RSQYWMsM3Y+WhTn6U9nF75LJC31l1LBPImZW5/uIa:bV0Y+vBJ4dsUY+ATn6U9nF75IDwme/Ja

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/log.dll

    • Size

      112KB

    • MD5

      bd73584f746bb8a07e0c31aabde5b771

    • SHA1

      c9eb3a9977f6a0123b219a7683a150a24f72016e

    • SHA256

      0f63c1f9e3665842f9ab1e2f09b5b5e9a99615115cc667b2a96f732f9e77e524

    • SHA512

      0f0f61f6fc656faef0931d4e0568fd13f6434dc474940c81a2510ffe9e394a7253d4ee5118b33fce5b5a14a9d4ab0a8b9f08621905a101bcbb274562472d1a6c

    • SSDEEP

      1536:qIvp0z02aHT84ZdInLSmMRijh2O+Qt98e62snov2kxh0T1jd3KeoZ+pPrA:jT8/t4MoRhQeoZ+pPE

    Score
    1/10
    • Target

      $PLUGINSDIR/log2.dll

    • Size

      343KB

    • MD5

      b25dfe28f79f4a88d6f4b039fc00f0dd

    • SHA1

      dc969cbc6d3992b70f5651a63e98608a063fe417

    • SHA256

      b1fca533fb6257b5ea1da1b734223a4de68ac9b1cb3f9d5fd647f56c55db0768

    • SHA512

      1040cc9971853045f55ca72506c60b1fe09b1936c76c417bb67b3609afc0366ae2396d4296166e1c23922f38ecc67a5e918d42740fb479d6e5cb4b044edde427

    • SSDEEP

      6144:mPdLUzK0rJltsto7/q0eHB9tAoQA4ec2uDH+oDWwFGn:mPdLUeceto1iB3AoQA4e3uDH+Bp

    Score
    1/10
    • Target

      BETManger.dll

    • Size

      581KB

    • MD5

      0b1ea33835c27988f6ce672825c9c353

    • SHA1

      69eb77604360599e4812ab6aa7c1820f6487db20

    • SHA256

      388a97732ecf6b6bdd117d271b197872246f014587385af4a6f6fc639cc5239c

    • SHA512

      0b6e608ddd552951dee60f5b21ae54108b3650b83cad6c15754f088f0cd198c4a93f0308c5fad065880a039a9c173de29d59480ce62b2d934700c92f75b4104f

    • SSDEEP

      12288:ZwcK6iZrXA1DttLwU7SyLMuRxWLv4Su0jb+Z/Gxn14MAdHd5bp3k+KUTFznHBfRf:r1B5bpPKuFThRUTe

    Score
    3/10
    • Target

      BEVMApi001.dll

    • Size

      360KB

    • MD5

      a11d3e37f1c15e08065076789a58c550

    • SHA1

      10b9c65150ba5320f1f7002c04bbf13c51f57a0e

    • SHA256

      6d74ee58158aa60f26bd90b7fbfc31457273d1630bfb8d81a981d768d7061cb9

    • SHA512

      f81061cc04b96904840cf248331e701939acefbea1ed06699d46e84447fac7f1130d23fae5a77e8d3cdaf0f67b78ba639e471fdda8370a6e7bf9e5d3b2318140

    • SSDEEP

      3072:60heWlh/hxhlRSGjO1C8WWoYCDZSioDxfy7lTktieyCAou8hreNcJWX3eOez4aiA:VR/hxhWGjeC8KAqCfuo/JWXup4y8TE7

    Score
    3/10
    • Target

      BEVMEngine.dll

    • Size

      860KB

    • MD5

      21276ce6f37900a7bc7101f7d3916308

    • SHA1

      18bf30c5fbff86918c792887878724c5104c9fb7

    • SHA256

      30bc0bc81bc8e9c77c143a0dd13c534a497e3284843aae1c23306228c504a21b

    • SHA512

      da652ccb58f5afe3ab781b7a9dae4fe1a95231da94e049cd999697c6241f6b9235c8f35b12b9573db6a3ddfe830cf0e70c8aadcd873bcc957aa2eb04718936b7

    • SSDEEP

      12288:7wuIIE7SVII2jSlgQLEkZBaFZVpUQlJpG995YXJUL9KKKKztKgJKKKKKwKKKKKKL:ES72GAkZBaFZFlJp895YZULEIQA7

    Score
    1/10
    • Target

      BHips.dll

    • Size

      639KB

    • MD5

      83b138b4a08d2ff1a7ab676e4361094e

    • SHA1

      78be1099c2162fb01c573a19b45254e66a56de17

    • SHA256

      fcec446562838780eef67d75d2a5bc7352629790b03c527f89e4ea7aeb6f62c4

    • SHA512

      ccd46c6281cfbeb1b3db2704c83df2455ec92bbc687d129196dbba5aa6f42b336283e930118e51d4c091d974a7f17f94bab16c1f980f62268c4acc78bb841ac9

    • SSDEEP

      12288:uSFTjQa8P6cYmQDYRqKvGaNqAQe8KKfdpo2QN+QZQZ5QQ3KNR6:uS/ogcpoq2QN+QaM0CR6

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

bootkitdiscoveryevasionexecutionpersistencespywarestealer
Score
8/10

behavioral2

bootkitdiscoveryevasionexecutionpersistencespywarestealer
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

bootkitpersistence
Score
6/10

behavioral10

bootkitpersistence
Score
6/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
3/10