391e080880375fe93108469b21d9312d244bdd86b5f8276793117dfcbcf2245c

Sharing

Copy URL Twitter E-mail

General

Target

05a12676dbbfa3e35001e5fd37b81bdc_JaffaCakes118
Size

754KB
Sample

240620-nqlvxavgjg
MD5

05a12676dbbfa3e35001e5fd37b81bdc
SHA1

201b99f12cacf347e48f63ba72d7fc0998b7eb03
SHA256

391e080880375fe93108469b21d9312d244bdd86b5f8276793117dfcbcf2245c
SHA512

51aab33025572fe3229baef9d33e3e4a02222323f165c09ee287ffb7e31878babbe300eac423aa190267a1c45beb582b177394806155a759da212865bf4e372a
SSDEEP

12288:n/Kl0Nd8sozzM9LCffdoBKAWtadWBW7DnY+b7Y75a84dk98G9Zy98giAVDt6GC/I:/K08RM9OflQWt9abF7dk9PwTpJYI

Score

7^/10

Malware Config

Targets

- Target
  
  Manual.pdf
- Size
  
  63KB
- MD5
  
  50599f04d7719d26e46174f31f8aee0f
- SHA1
  
  14a5bb8bd6e84a5deecb41020d3e27aa043230f1
- SHA256
  
  f6a2fed8f7635cfc0eba3c011d625186883c01ecf59e3595220246740865c4e6
- SHA512
  
  d4588c66b1c8f6b7966fa6874ad05cb712195124c920fd068caa781dd369448cea5990758246fd273c0ab2a5795d6f61d24610f84b9bb30d966ecdac8caa5a47
- SSDEEP
  
  1536:khF91z2E55IT8X2AuFsC6uIc7IVeW6ihZMDB7p8MF2g2P:w2E55IT8X2AZCNIVeUWs4l2P
Score

1^/10
behavioral1 behavioral2
- Target
  
  PARTINFO.EXE
- Size
  
  24KB
- MD5
  
  f89fec6b1c4c0259140874047f5455d2
- SHA1
  
  eb68e8039fefebd993df22d620210565a603ff4f
- SHA256
  
  08b2592f183331240aa4881ee05d0dc30e8bf5e3bfb491ac7c01aece59e2e5fc
- SHA512
  
  221585a9d41815b8ec98b156694b24b7f72ddc63c4cbb034c76f2b47e0b8c0ca5b1b3fb5c28cd8010583d79d7e7bfe135282b0221abf9031a4a3b23b43b8abfd
- SSDEEP
  
  768:CkvlPIyzzKZDtV+gO2tCwSCwyoBA3tz+VT:fCbZDtcct1SCRXET
Score

1^/10
behavioral3 behavioral4
- Target
  
  PSDOS.EXE
- Size
  
  168KB
- MD5
  
  5873c5e9b7f93fbe0375210280bf3933
- SHA1
  
  f42c8728f224272a277a6e8865bcddc67afe8026
- SHA256
  
  c220b6c6f210b6470268dc4955a0d8d4ac1e3a65974ca5f72500a2c6c4650251
- SHA512
  
  a8a7332527f7a7cebdb300b2116282687886e0876e4a65141acadafc6eb21665d8677b461abc109a473b48c9d75eab51a528e47a58ee2d56a0ebe0afe73e5aa7
- SSDEEP
  
  3072:JH1whSmGmUHEF1C/agX5spR0FI97hhsgW9BgZFm5xPd83oAEcc7+YtcwMWraVrjb:JH1who5mia3pRaOsgW9iW5xPdfAEr7hc
Score

1^/10
behavioral5 behavioral6
- Target
  
  PSWin.exe
- Size
  
  311KB
- MD5
  
  474a12b1eaffdb28820e92b61d4e291a
- SHA1
  
  90d971e74428f2f412523e938b91a5be4ea614c5
- SHA256
  
  23b3d0ea99bf847f6cd0e4bbcb56ed920eafd215845b80b01a4040b7b964b7de
- SHA512
  
  06e33fd812da116c30163851c3b9b018f6a298056abd62d7f4009ac908d1882a3a7bc5baef8c78c71ac90759195f7c9695c896a3cce7f202a50f1a1f2279a92f
- SSDEEP
  
  6144:1j7WCpKP03mIZLQPFHt5uq2rsyfbXIGK6ybfp7VwNwf:1WeKP5vJt5wfbXIGKjpP
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  Setup.exe
- Size
  
  68KB
- MD5
  
  5ab23721f1bb34445823d8fcfa695864
- SHA1
  
  91e49d9d5237f24b927b921eb543b5c27ad9236a
- SHA256
  
  bb857288a71fb2b24d75aa364c267185f076e696a19760a2de04d325a2fe6cab
- SHA512
  
  e567da73431aefcde59879702d8ec36ee28da7f2d399673b3c6a22c412b659d119f2a120bdd7a387933f3ec6a980b6277444be6cedf0e7dce8a0a9dfc0242275
- SSDEEP
  
  1536:iat3RCiIokRs2roTBYXgcY8aDuUYpZc9Le:ikrXerodgnlYMbOe
Score

7^/10

bootkit discovery persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10