563d0e670d8ff0fb4cdf870452b30e945ef34c01f9c4d41a52d44e0066d2ce6b | Triage

Sharing

General

Target

0ec35d4fe5ecfc469d07b8045bcd04a8_JaffaCakes118
Size

4.8MB
Sample

240625-t1tlds1brf
MD5

0ec35d4fe5ecfc469d07b8045bcd04a8
SHA1

c4b52829b24d51d22944fd3db6013398fb4f9af4
SHA256

563d0e670d8ff0fb4cdf870452b30e945ef34c01f9c4d41a52d44e0066d2ce6b
SHA512

9923ff7a29d0093462423d61f854bab6cb11866f8e6fc33aa4e1719e90c5d4ced69aee33dc5ebdfbf80116a1eadfbdf45ab0f0774ab4cf7126d595a3268609d2
SSDEEP

98304:kNs7J1CyafhVhJDWoB5um+K5YddJJ27HksVdeWinY6LE4hrJPtlSz:kGATMvh3J27HkKd0TlJPPK

Score

7^/10

aspackv2 bootkit persistence upx

Malware Config

Targets

- Target
  
  Archivarius 3000/A3.dll
- Size
  
  163KB
- MD5
  
  0c80f5bcc11f67b5b5e036d9539f4432
- SHA1
  
  12f143eca39d39bd301fd0f7d5e9b79ed034597d
- SHA256
  
  529a2e81425b1c0fa76fb376d856f6650bfc714d6216dd8c6499bccaaaed871a
- SHA512
  
  a8b5544907f05ebe899270eff93b74464963f41c4beeab5c87f3eb509a9495005016d8799f7b32df330e8044e089fdb258650d99875b779255b5bba3431664c6
- SSDEEP
  
  3072:cIXzx+zxlmGEH3b6sAXMkIf/4a8ehLsdYEGrBQPF1IKnz2ImG/iLQLqhvCOJUDGZ:cVfmJXN48/p8eikrKFiKnz2ImwiR3oS
Score

3^/10
behavioral1 behavioral2
- Target
  
  Archivarius 3000/A3Shell.dll
- Size
  
  60KB
- MD5
  
  86884db817b36d6ffecb29606becaf62
- SHA1
  
  c5b3e03122a1617327708cb7c0ec71d37fd26334
- SHA256
  
  df68e5144b2d2b4808ed1d5f6fcd8d28667c38df224ab350159b0edb5ff18b3d
- SHA512
  
  b5809aed32b9f261ea35908fafa4fd8a23030230bf6216129685e6a7de3213d6cc02c1811df88af5f854abf4247966ecc707839375d5522e984f3b4f29fef06f
- SSDEEP
  
  1536:5tVqoeEhnP962ykTPp7jCVs3hFAytHzxJYSAm:/OgPfTPp7YsxFJVxJYSAm
Score

1^/10
behavioral3 behavioral4
- Target
  
  Archivarius 3000/AI.dll
- Size
  
  134KB
- MD5
  
  8e62bae2e4487a9df1494fb683ff4415
- SHA1
  
  4af19c3f94cbb2040ffe67ada0801896a5572554
- SHA256
  
  fb5118df0d5bd5a498e1bb027e4a53684f8792524e79ed275e6be53d62be5f4d
- SHA512
  
  d6c0082326db7c763ca64c28394cd3a5e38ea1c9eb4b808c329403ec61f144348e58ccab9bdc00577da5ceea0c7039bedcf44639d975599f88c5d7619a96227c
- SSDEEP
  
  3072:w4QD5C5zDLZdqWbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU71jEJ:w4QdC5DzqYwvP6bQ7yMP+DE8271jEJ
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  Archivarius 3000/Archivarius3000.exe
- Size
  
  2.5MB
- MD5
  
  f74c7e5aac7bffb10a29c969c9417263
- SHA1
  
  43e43eb1e2a7d2ce9e58fd7c107e5a95330c125b
- SHA256
  
  2fdb9fb114fe9b6deb4adf958deb2436f59f779bb2ddaf6e75c2d5a4c7496adf
- SHA512
  
  b2f797e8828ad8ff4e04bf113eefe95cb70ac4527631d8b760729873a8c029d72401d3f7d632d5e30894527a0c7e8799c2887f76621bf402d2cfa96ac137d701
- SSDEEP
  
  49152:TiNAfpb+3bsbL6BD4US38JPAS9wHZAy184jfuBpTBOw/KC1nEpjKQa0jp:TiNARb8bsXVUS38pAS9IhrW3B5XW7p
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  Archivarius 3000/Data/StopList.txt
- Size
  
  7KB
- MD5
  
  21fab0bc71af6ec8d37dd9b109541c63
- SHA1
  
  3b71c893911a49d4fb8b88c3a7be7f222b169757
- SHA256
  
  e7a0ebc897eb6cba1c62b6dcd45e92be86cabc7d86dcc0ae92f5804cd8462d83
- SHA512
  
  9d25cb52b7d8caecb96330a9108274c93c554b70dc377fd007a6aa8659d3ba68b98c52833c1276ce1588fd424499383f0f4282f41c2d414eeb43bf86d029696c
- SSDEEP
  
  192:L25fE/+k9Wry5zGidHuc+VnK46orncTAwY2djxFhYG:LwfEGk4O5zDdHuciK4xrneAwYKjjhYG
Score

1^/10
behavioral10 behavioral9
- Target
  
  Archivarius 3000/Help/Dutch/About.htm
- Size
  
  2KB
- MD5
  
  337ccc4d4905e1d6ff306ce861383bbb
- SHA1
  
  6eeaaceee4c611b574b7af6f3617682f9353a899
- SHA256
  
  b5ac62f07c6b4ac5b80eef402b854b985c317641a8e4c7b71b9bd1fe0a130d5f
- SHA512
  
  0ac03fe6ba7cdf47c146be24ed51f839ad584eb38858332387fa4ada894c4fd476619beefae2a54e55bd6356fcef7fe61aa0f81596eedfba109b80cb136a12f2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Archivarius 3000/Help/Dutch/Contacts.htm
- Size
  
  2KB
- MD5
  
  ff085247dbedeceaf1cee8b67ec4cf25
- SHA1
  
  69dfd8e17d8f8659f2fdac81b9ebc4a948df952a
- SHA256
  
  c96a75da6867d86ea670dcaaffb5d7111c20f8b12f01e023374ffba8407e3a34
- SHA512
  
  a40972aaada828228c688a734dd27b62384185bc91148a16cfaded60d074aae981205ab8dab0d365a25cb00325bc006cf76a7f94c9091212085119d296285231
Score

1^/10
behavioral13 behavioral14
- Target
  
  Archivarius 3000/Help/Dutch/Create.htm
- Size
  
  2KB
- MD5
  
  28c9355b3bd0cb18ba0ca211d9eb8f15
- SHA1
  
  a3191c9c6236a88ca28249f4538822d392ad0060
- SHA256
  
  90fb93e9b0d2d631e80494815796cd9fec3ad9433ec74dcea3bf16b3ef79594f
- SHA512
  
  f3da094f714460a847216c54ccc0b6f0e978bf73d921b0e4cd6b54cc0dc1d57d1524b2918d2b44496c3b094d44ac1faae59ed4884f1971abd368dde1c98be539
Score

1^/10
behavioral15 behavioral16
- Target
  
  Archivarius 3000/Help/Dutch/Features.htm
- Size
  
  7KB
- MD5
  
  e05085d6780ae3e672d69b5abf3acb17
- SHA1
  
  3bd19a10cdcd4d15dd54b9e6ff052b2c29fd22d6
- SHA256
  
  6aa8b72eaf511300853c89c8749005775fe7364eaf78207e477e6e08b11eaee7
- SHA512
  
  b6e0d77f62d362c2dcabf22720bc9dd3ddd4e03be36e1ae109afc8cdaf86e76d7c27960524b3e23890c0374eb66bd69a1f664d8ec330ad11cff4b8b71cf4d40d
- SSDEEP
  
  96:5d1JRkKBJRQKyvvMoaGwS88wbRwJ8wSwKMQw2GMzved9vEnGmUuCHw6weuA8wXfo:5L8KBKcos5G0zcUev5MvPSUPL8KB5
Score

1^/10
behavioral17 behavioral18
- Target
  
  Archivarius 3000/Help/Dutch/Index.htm
- Size
  
  2KB
- MD5
  
  29ab6761565db92a54f24fd58f080f0d
- SHA1
  
  f514d7408669da433e5fcd9afb751bd42fec17f0
- SHA256
  
  87f502f03d5af7c74a2478dff5aa4525e04a82101a9bab24abd90388aa291d25
- SHA512
  
  f186d20a6d308539f2af32ec40b4d5e0d9214c5bf2f5461eb283cdd6b070f3cc636fae94d918bf2665277f2a0a98260cd8fb8e0679a65cd26fdedbb46157f1af
Score

1^/10
behavioral19 behavioral20
- Target
  
  Archivarius 3000/Help/Dutch/Indexes.htm
- Size
  
  3KB
- MD5
  
  b4edf668c05ada1582d17b13a58ac67f
- SHA1
  
  6a6439c39e3ad59606e65adbff5a86d0e4c362f4
- SHA256
  
  d809055250aef78ecf01a5baa448b898b8989f6cdcf17d4f517734014eb0e74d
- SHA512
  
  d865715a337f20544413623ca54ecb9d2aee16e887144b2bcd9001aa345dd5a214b376756e33cbb16ea19795f4348640e7acf1c8fd5fc66acab8f72a66fb165d
Score

1^/10
behavioral21 behavioral22
- Target
  
  Archivarius 3000/Help/Dutch/Keys.htm
- Size
  
  2KB
- MD5
  
  29ca4721e18e22fa8f997d642dc84085
- SHA1
  
  e5ab3c408db309848a51712769d0ed0864f325b7
- SHA256
  
  ab6597b00dbe22420957d2bcf3b84531d6fbf922a4cb5e948107c0a2392a0d11
- SHA512
  
  8f2e14f451ee35b3d489696d9d4c106953c2e25b2eeedf430890aab82e47df9bb03d8e6b965ee73f385297d02fa98dc9f159c340d98a30998d23905830011ad1
Score

1^/10
behavioral23 behavioral24
- Target
  
  Archivarius 3000/Help/Dutch/Ordering.htm
- Size
  
  3KB
- MD5
  
  6dcefce1f1958afe784fd214368ef43f
- SHA1
  
  c163983d7c0837c987d7b10438616b18443556e0
- SHA256
  
  8aada6e0c2678586842fe3e818698f0eadf5c8b120fe1abb01ff795b2ca5d3b9
- SHA512
  
  329dbbdc050dd7105adc6426ca1bef82f29649d1b799b9f7d39c986d2e9fd22a5feb7f523fc2fa415108855f3bbc0e68fcd9d705722cf99604110c3249a5f29a
Score

1^/10
behavioral25 behavioral26
- Target
  
  Archivarius 3000/Help/Dutch/Queries.htm
- Size
  
  5KB
- MD5
  
  d05c7cbb2cbd710dbeb47e9563e7aabf
- SHA1
  
  cf98fac7b3c1ac9c3a44967eeed7b95478ebd3c7
- SHA256
  
  b34dcf6a8e548db20d45308d2afedadf4aae60d5f481b4d33823912cd3f5d83a
- SHA512
  
  da94a1cac73b9474d3e9989700d92c7f839f92676280a46982ada0d982d980d16757e09f73722a3ac5f86e7667d70d7459610f754dd916b3e38a715771de06a1
- SSDEEP
  
  96:5d1JRqD7BJRQN0nQCnyltU4F4MGnGoMEYmEXEuSXvoAUMpJL5WXEQ3FzaGNf5hEW:5Li7B8hX2BrrCZ9fk/vLi7B5
Score

1^/10
behavioral27 behavioral28
- Target
  
  Archivarius 3000/Help/Dutch/Results.htm
- Size
  
  3KB
- MD5
  
  604c447cd1bb199f91f055f2aae5f832
- SHA1
  
  53766541976daadf96d0ee0ef988a5613b738ae5
- SHA256
  
  8e39a923f5f5e5889156ab83875953813a47d93d278009d03b9aae0c994d05f5
- SHA512
  
  b07fcef9a68bb81fa6f9dc4a244672997c686b48d6a0b7c822a1c1f8770882d7019d522c715a3692ad448ef4220cc29f5223173336c9a81d1fe4a44c83258dbb
Score

1^/10
behavioral29 behavioral30
- Target
  
  Archivarius 3000/Help/Dutch/Scheduler.htm
- Size
  
  2KB
- MD5
  
  7d2d0fa394624af7965880f2e94be3cb
- SHA1
  
  090c1bdb6e96932570b5998218132314f4050b58
- SHA256
  
  99399c84b52c989a8f685544e024c397b8d5061947ca37361fd155e59237ffe4
- SHA512
  
  0a483c1af554ba8adbc7cb5768bd0e29d8d0ffcb601917519444cbcd0c9a9a103c053cb840d8bbd310fadcf2e5ee1a184e3b625a70a3559d636cca6251904525
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistence

behavioral6

behavioral7

bootkitpersistence

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32