General

  • Target

    0473fe0a24721b1387628c5123341c28_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240622-3v64zavarr

  • MD5

    0473fe0a24721b1387628c5123341c28

  • SHA1

    39e2d629466b2cdfaf0c3c71f0d7fec7aa9279ab

  • SHA256

    d5591268aa16c9c2eb9c2edfaec9981da9fd142c28a6a0744de7427a29f58ee4

  • SHA512

    a99a30c1b2e6820365d92b6c241c9e1b9b97b36a50f41d6257c4b306cd33318b985942f495b3fa88b5da1cf3f9cc477ef3790526c20b250935bfb35124817609

  • SSDEEP

    49152:U33x46RiPDuQIGDjlIwkKjZSV69z0PUH8+bWIQvsz4HsNwmV:Az0umH6wD9I8Wbvs0MJV

Score
8/10

Malware Config

Targets

    • Target

      0473fe0a24721b1387628c5123341c28_JaffaCakes118

    • Size

      2.4MB

    • MD5

      0473fe0a24721b1387628c5123341c28

    • SHA1

      39e2d629466b2cdfaf0c3c71f0d7fec7aa9279ab

    • SHA256

      d5591268aa16c9c2eb9c2edfaec9981da9fd142c28a6a0744de7427a29f58ee4

    • SHA512

      a99a30c1b2e6820365d92b6c241c9e1b9b97b36a50f41d6257c4b306cd33318b985942f495b3fa88b5da1cf3f9cc477ef3790526c20b250935bfb35124817609

    • SSDEEP

      49152:U33x46RiPDuQIGDjlIwkKjZSV69z0PUH8+bWIQvsz4HsNwmV:Az0umH6wD9I8Wbvs0MJV

    Score
    7/10
    • Loads dropped DLL

    • Target

      $APPDATA/ppstream/codec/cook.dll

    • Size

      64KB

    • MD5

      fa220dae3898b8578c34791648321a38

    • SHA1

      12bdd5396e996d071368980d36ef6f6c7b39f936

    • SHA256

      f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835

    • SHA512

      9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34

    • SSDEEP

      768:79rczOVJc8avUhcRxV6Sz+b2G90YnGZosMwCJtVSk7K+t6tj6tVDWVp3Ghv+Xb:7uqc8/aUSz62G9LnOnMK+t6tR

    Score
    1/10
    • Target

      $PLUGINSDIR/ButtonLinker.dll

    • Size

      7KB

    • MD5

      dd85ac7d85c92dd0e3cc17dfd4890f54

    • SHA1

      a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa

    • SHA256

      27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504

    • SHA512

      e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1

    • SSDEEP

      96:q0GBDU3ADeEZlBLx6sWHCKGKVR3YXqNNtFa4PaaU4x:X53jEd2n3Y6NNtFBaa

    Score
    3/10
    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      5KB

    • MD5

      b1e657d03702bfaedaddfa7547adbc02

    • SHA1

      effa16ce36c73c5ce49020fded94a840c6c35482

    • SHA256

      5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

    • SHA512

      72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

    • SSDEEP

      96:8TrfV4XT3gTyxtwLOU6Mx2UpBi46AQucH:8vf+XuvXxpBi46AQucH

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      3809b1424d53ccb427c88cabab8b5f94

    • SHA1

      bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

    • SHA256

      426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

    • SHA512

      626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

    • SSDEEP

      192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      997ae296af5b7ca9aaa52f6844075439

    • SHA1

      9814f0b09219ac2eed875d842b9362c3b32bec6f

    • SHA256

      1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8

    • SHA512

      a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349

    • SSDEEP

      192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU

    Score
    3/10
    • Target

      $PLUGINSDIR/PPSAP.exe

    • Size

      159KB

    • MD5

      480549b16a13b1dc8a5508855854e574

    • SHA1

      07a0ce4caf33b065872094aaaa6c6b0abd3287ee

    • SHA256

      7545ce739383c9f86e233445ea16e60718faca4c143eb60bd7020e25c75ec01a

    • SHA512

      0c10b02be85b8f5b4a8cd4b27994277a72f9355690f38a5c4711da0e2f198cd0ef1ef9b77272b228804ae389403e8f489304ce525895fd05d1ef1005e79d1aa7

    • SSDEEP

      3072:05OAedV/rUxZ0pq+jPe/7rSLXUhgB+wCBA9Dl0nJjJYH:SO34xSk+jZ8IS9JI

    Score
    4/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      32465a07028b927b22c38e642c2cb836

    • SHA1

      309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

    • SHA256

      eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

    • SHA512

      9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

    • SSDEEP

      192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax

    Score
    3/10
    • Target

      $PLUGINSDIR/ToolTips.dll

    • Size

      4KB

    • MD5

      9a0da2692764bb842411a8b9687ebbb7

    • SHA1

      5c3a459faa08a704bdf162476897ad4580ae39bd

    • SHA256

      28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

    • SHA512

      814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

    • SSDEEP

      48:apm2+v7BWCLWQqLa7JZ0ZK59HXesxdrqZZSakw6/K:Ymjv7BWoTicJZ0ZKPHXVx1MOw6

    Score
    3/10
    • Target

      Livenet.dll

    • Size

      947KB

    • MD5

      4b7a6dd3eeeadf577d8ad89614e5317f

    • SHA1

      3c691a3618429ed4a47705b5f7049c542307008e

    • SHA256

      c2dd9d1d5b689cdcbe69b1799f15f1889d2a3817d7144ffd91f9b5862736faf6

    • SHA512

      985551e1cbceff6e1d61f2134c9b02846d285a8e4c89784dc31a1b6e414c8915d18a0ae28726fc8216f69d092523b37b4b4411fcb2ed5da867cc02ab2a5d3009

    • SSDEEP

      24576:Aj4uKVS/kfv9hMdFYbJckZY+AzJqmA22Y9r5q:8KVSgiFYJ/2pLq

    Score
    1/10
    • Target

      Livenet2.dll

    • Size

      947KB

    • MD5

      3cd5f5c0447abc2e7a63f6c6df224c85

    • SHA1

      9bafa8f3cc9a1667383d8828ae6c7ded3889632d

    • SHA256

      e6c2f51b8a5a2988e33c3a225d027d02ff1b35bb4492b586041c9059637e7e52

    • SHA512

      7c0590a4c94ae8004a8425ca406b33700d50bfa98e3513bf40323a7fde311e4b2784a94d7cc9433db3e75d0a7bf26f4cb8b932403b6143e33d18907c050ebead

    • SSDEEP

      24576:Aiv3zx6+98oc0kL0XPa0IHiG9iPQG8aGd517hL3X6WV:hzx6+9OB0fa0FGl1D6WV

    Score
    1/10
    • Target

      PPStream.exe

    • Size

      1.4MB

    • MD5

      ce0912f0f140bd06095d867439db4f9c

    • SHA1

      e6df2819b2a49dade625c4520f7a167d8dcd5207

    • SHA256

      f6a06d711c45d1ad3886a72f81c8cecac8ca4f00daba4a7d99bc7defda2a093a

    • SHA512

      a920ead159dd52b2d40562fd7772dbd05ff27f8bd5ae5707263bc3f46168bf4b0e7b53d133efa6eb9d108fe936419e5415a4475acd468302a44396c389dfec34

    • SSDEEP

      24576:4xZc/kJG9lcnRtllMYCFhbrMFAVyEVnzG/pxTho:4xZCJ9ObEFhbrMFAVxzG5o

    Score
    8/10
    • Drops file in Drivers directory

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      PSNetwork.dll

    • Size

      339KB

    • MD5

      3160bc03df9726d605aeae8d8aaf0e57

    • SHA1

      0f0c53cb40f43c5e8315405b66104e146442c45f

    • SHA256

      20159f64fb2613870a1c3fc4984f91299436d5b8cd990337dda99ef72b350e3a

    • SHA512

      1d2319dd303b35a58d452498ed90278f8a151ad1b2f24c04c5c3ca5de350170eb4211f2d7403680559cea022dcd9a1cd950dc5ac8a81ce0db59a28749e1a54cb

    • SSDEEP

      6144:jvusjL/twjFm+FLEutDP4DhvyNLkxnJv/e:r7jrtYM+FL9z4QNOF/e

    Score
    3/10
    • Target

      PowerList.ocx

    • Size

      450KB

    • MD5

      dfd1caeeb71056367f1484b5152bb9ef

    • SHA1

      0b1711414fd6f9181d95771d5fed845907c1efc0

    • SHA256

      63e751eba423498d4bbae69dd23f5c83690f19e4ab0fbba3bfa0a3b8bcf8cb83

    • SHA512

      a8af2195deeac24536409374b6c3ef7154285d6224a957fee92dd0d3c34c57ee90a09c166bd15543bc17a59c14b855828e4c8a56563129e9c5075cbc0a4584b6

    • SSDEEP

      12288:Yk07nb2EWUM5sGYEKh8hbACHlZ+HFPSc+vWD2R:Y/nb2EWUKHJ1Z+HyvWD2R

    Score
    1/10
    • Target

      PowerPlayer.dll

    • Size

      598KB

    • MD5

      3e03c7ff0f52ca76de56cdd0bb382a37

    • SHA1

      66ce44175d190f0834e441ffc9e6c0a85ce227b6

    • SHA256

      bb25a9352dc3495813f231110241b02a23cd19ff71642b8851485af78975921b

    • SHA512

      a951cdb621ff0141e9919d3ff604cf2bbb747469ac1780042adcd0db359e4a3dd21d04d5bbaa33f80bffacd73ba99ad0342de4fc4eae8ec1bcc822bbb7609ad3

    • SSDEEP

      12288:D2/ANXGKkgHEenFUHb3EbJxZgBpf3Kley:CcXzkgHEenFUHb3E1bgbfdy

    Score
    8/10
    • Drops file in Drivers directory

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
4/10

behavioral16

Score
4/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

bootkitpersistence
Score
8/10

behavioral26

bootkitpersistence
Score
8/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
8/10

behavioral32

Score
8/10