1b528cd6af41487740fee96f53dbf6db60b55458c847dd9a1212c3bcc6f59e3c | Triage

Sharing

General

Target

0b456d5ab382efe1110d034c75846a41_JaffaCakes118
Size

914KB
Sample

240624-3h2zgs1epq
MD5

0b456d5ab382efe1110d034c75846a41
SHA1

83968840f364ac9ebf3e418af181121fd43ab7aa
SHA256

1b528cd6af41487740fee96f53dbf6db60b55458c847dd9a1212c3bcc6f59e3c
SHA512

64bca40d07811dca0d148d618c8d87d755f3f337d43830901c2c724359dbd8fa7184e34e6062fd82ebb92754f72324cd616677699fba246fbf1e1db9cffa3b2d
SSDEEP

24576:BWHxBGcJQPVrwvxhbKOHPB8wFdXbz0Z+FvTbVYIY1tb8EK4B:B4xBG+bBCwFhbzI+lYIubnB

Score

7^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  0b456d5ab382efe1110d034c75846a41_JaffaCakes118
- Size
  
  914KB
- MD5
  
  0b456d5ab382efe1110d034c75846a41
- SHA1
  
  83968840f364ac9ebf3e418af181121fd43ab7aa
- SHA256
  
  1b528cd6af41487740fee96f53dbf6db60b55458c847dd9a1212c3bcc6f59e3c
- SHA512
  
  64bca40d07811dca0d148d618c8d87d755f3f337d43830901c2c724359dbd8fa7184e34e6062fd82ebb92754f72324cd616677699fba246fbf1e1db9cffa3b2d
- SSDEEP
  
  24576:BWHxBGcJQPVrwvxhbKOHPB8wFdXbz0Z+FvTbVYIY1tb8EK4B:B4xBG+bBCwFhbzI+lYIubnB
Score

1^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10
behavioral3 behavioral4
- Target
  
  QQTMAC06SF.exe
- Size
  
  595KB
- MD5
  
  89081778bad68400c754205dddf7f5a4
- SHA1
  
  cbe76938e67c9f66c22c9f2c250eeec283c62e55
- SHA256
  
  c23413f734c2f489ca2586a56f297fc40ce80025e1c12d9c419ea303b0981de1
- SHA512
  
  5434c124cedcdebd0177a2d907a49b4d60d4d7a61a8e5fb11636291a60a4a01f903b5bfa77a240aedaec4805d3014b4a9b77a44a90f1b1904ed585d491d224c2
- SSDEEP
  
  12288:UbwE9yTJQQgnVtGI7w3gxqPgx6kZ8dsbv9l87z8+rQYR+Mxv8I9:U1cJQdVjwwxhx7Zm/7zVR+kX9
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  Uninstall.exe
- Size
  
  47KB
- MD5
  
  2cb8a99eb1df0d62608298575086d5b0
- SHA1
  
  f8b7416417116875b1586ddcad4719a642569835
- SHA256
  
  86b244db700feb64c8d96803be623d171b1ccb5b0bda22fc8b88fdca777598f0
- SHA512
  
  d074729f99135685507f88aa64a99afff2cd96e3d252ab5612fd73b32ec3ce8e2d1a38b4e7c025d6c0a0444dab18cf6b0d64119cd5c24dfbf0472a9fb29ae065
- SSDEEP
  
  768:gG0D3L09yOJRZHR8Wm8REzAwtbTBu4VVhG5b5PIAIYHLLE8JC+eJRn5Am6kRRJ2Z:gG0Db1wJdBREzA01xVubM8J5qAELVigu
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  hook.dll
- Size
  
  263KB
- MD5
  
  076086e7cab7e84d10959486375bdd62
- SHA1
  
  d9e758e270cca95c6850e6ce756a0159238301d8
- SHA256
  
  8214099df804c0a0c4f544da3ff5b76ed96293d63248335d9bdbacbf500c1e37
- SHA512
  
  7c21bca0e64732776ae8036d8a0cbc4b0fe53df9482d459c068ed4c3e0ce679c93c98bd9ef651e48ceb35d4fc804be79bc1b617219e70e89e77a6da1efce5f3d
- SSDEEP
  
  6144:beOi9WBv7KlOfCW3essjKMOma934QsM/5HM/ligKlRJK:beOiIBvaOddsbQN/iNklnK
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistence

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10