Overview

overview

8

Static

static

3

PaiPai_Sof....6.exe

windows7-x64

7

PaiPai_Sof....6.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$WINDIR/Sy...vX.dll

windows7-x64

1

$WINDIR/Sy...vX.dll

windows10-2004-x64

1

$WINDIR/Sy...ec.dll

windows7-x64

1

$WINDIR/Sy...ec.dll

windows10-2004-x64

1

$WINDIR/Sy...00.dll

windows7-x64

3

$WINDIR/Sy...00.dll

windows10-2004-x64

3

PaiPai/DivX.dll

windows7-x64

1

PaiPai/DivX.dll

windows10-2004-x64

1

PaiPai/Feedback.dll

windows7-x64

1

PaiPai/Feedback.dll

windows10-2004-x64

1

PaiPai/FreeImage.dll

windows7-x64

3

PaiPai/FreeImage.dll

windows10-2004-x64

3

PaiPai/Htt...ad.exe

windows7-x64

8

PaiPai/Htt...ad.exe

windows10-2004-x64

8

PaiPai/PaiPai.exe

windows7-x64

6

PaiPai/PaiPai.exe

windows10-2004-x64

6

PaiPai/Pai...te.exe

windows7-x64

8

PaiPai/Pai...te.exe

windows10-2004-x64

8

PaiPai/Uninstall.dll

windows7-x64

8

PaiPai/Uninstall.dll

windows10-2004-x64

8

PaiPai/Web...1.html

windows7-x64

1

PaiPai/Web...1.html

windows10-2004-x64

1

PaiPai/Web...2.html

windows7-x64

1

PaiPai/Web...2.html

windows10-2004-x64

1

PaiPai/Web...x.html

windows7-x64

1

PaiPai/Web...x.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c8ff173ee39377033f5dab91c279807_JaffaCakes118

  • Size

    4.7MB

  • Sample

    240701-1b52fsvclk

  • MD5

    1c8ff173ee39377033f5dab91c279807

  • SHA1

    fe4a6879d111b3f31f2630830d6bb08ece69ef49

  • SHA256

    60d30a20c039c6a27046a2e47fde076895bd48ea4a019fb40f6cf9d75f403592

  • SHA512

    9564bc948c1dce0c09ec14744f06977ffea09ed8461616f681ba2e21f4390f306f950faeffccf6f2bfc8cde971320951c009b1a6ea41c049407f91e9ebeea1d8

  • SSDEEP

    98304:kiMPw3ua5E9Slm8Vt1rBmekFc0+XwEgVWkiAOB/Z4+UtsV:kiGUVRNVLAc0yaWkiAI/m+UtsV

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      PaiPai_Soft-v1.3.6.exe

    • Size

      4.7MB

    • MD5

      416e0d70a392f3d007525dd1a49b45bc

    • SHA1

      7f7ac2a11e6a87caadcf2269a6786bb2a12025fd

    • SHA256

      30058b07daf1d843d10240313c9cf416cbafc10a0eb568b7a7f5fd6504d4a3ee

    • SHA512

      29d6714dda7ede728ea814aab456d75e774c5d3d2e2aec3670eb4165b52b5042c3e01c12805af094abaeaa4b2e21b0220e2937e09b62a957b4f10b91c06d3110

    • SSDEEP

      98304:GGnCuaktd9mFtHTCzCBRHng6YDY+snHySDfdW:znTtd9YV2z+RHg6XFnSSDfI

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      eef9e469e8a30717974499f277d97e2a

    • SHA1

      2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    • SHA256

      1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    • SHA512

      d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    • SSDEEP

      192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c6f5b9596db45ce43f14b64e0fbcf552

    • SHA1

      665a2207a643726602dc3e845e39435868dddabc

    • SHA256

      4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0

    • SHA512

      8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a

    • SSDEEP

      192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw

    Score
    3/10
    behavioral5behavioral6

    • Target

      $WINDIR/System32/DivX.dll

    • Size

      680KB

    • MD5

      3e57706d1ad3e2fafebaa72ebe12939b

    • SHA1

      263262f35bd32c6eb8b5cbb39863ddf8adbf6f6a

    • SHA256

      2e57b2f705e5aa0086e87c2f8bced622b61d1d69c942a81257a3d5017e56b01a

    • SHA512

      b6c1764ed76ed83a58afc08eb22bad4b5564f424b116e26548241f12fce6af014b60a5194c1e87c6691c53629648e5a61def2ae3f3b5ccac9f79f648329fde0f

    • SSDEEP

      12288:/O3nKjiQA+oFZNtvYjR37lVCnxg+hWbvywzpg6ln2KLvLmBKrb/30g:8nKO+oFZId7lErhgb1NT0

    Score
    1/10
    behavioral7behavioral8

    • Target

      $WINDIR/System32/divxdec.ax

    • Size

      712KB

    • MD5

      8d4ae6d727a26f5ce5bbe224bb017be5

    • SHA1

      3307eb5f3deefd80a8012b219fd02a504d8ae6c9

    • SHA256

      24a94ae9cac79f6bbe65020099a26b9cd06018306c6561a907b8e2e99989884e

    • SHA512

      4c55d7388ba7e2063bcd85812ced3f3c77a65e73997de558284d19175328ca78ef45f86d2e232599e57fc4c586911fa07d7ff4fa457a7ae066a4dfa1a0f706ab

    • SSDEEP

      12288:PZk+r/xSZiOnvpJo3c8K2hkl7BrDSzp7f0ooIeuCgu:hka/swOnvpms8K2hkl7xDSt7f3R7hu

    Score
    1/10
    behavioral10behavioral9

    • Target

      $WINDIR/System32/dpl100.dll

    • Size

      88KB

    • MD5

      fa73e857397f44a63f245cb2298a24dd

    • SHA1

      2e0d4326aa670739e0d8abb1b7d8548625936bd0

    • SHA256

      647a3410415207db7a3fb06b00f3e4245e523617648bff997eb439c06b0389c3

    • SHA512

      7fd87488ad6ed4946916452b11c3403b14e96c4b31b15001ca19aae8e11f1fc6ef4ad122fc8a2781fc8e81b260bb584a7df785cdedb2e516e62424907e477177

    • SSDEEP

      1536:IDgEvQgXkwtBv2TMZBFXoJb+OaOgY7X6V5jf/:6gSPUwsMZBlcb1aOgY7X2L

    Score
    3/10
    behavioral11behavioral12

    • Target

      PaiPai/DivX.dll

    • Size

      680KB

    • MD5

      3e57706d1ad3e2fafebaa72ebe12939b

    • SHA1

      263262f35bd32c6eb8b5cbb39863ddf8adbf6f6a

    • SHA256

      2e57b2f705e5aa0086e87c2f8bced622b61d1d69c942a81257a3d5017e56b01a

    • SHA512

      b6c1764ed76ed83a58afc08eb22bad4b5564f424b116e26548241f12fce6af014b60a5194c1e87c6691c53629648e5a61def2ae3f3b5ccac9f79f648329fde0f

    • SSDEEP

      12288:/O3nKjiQA+oFZNtvYjR37lVCnxg+hWbvywzpg6ln2KLvLmBKrb/30g:8nKO+oFZId7lErhgb1NT0

    Score
    1/10
    behavioral13behavioral14

    • Target

      PaiPai/Feedback.dll

    • Size

      64KB

    • MD5

      f7878279263b1c846af3bc5d944a8f2b

    • SHA1

      df2f3b4db94ad3a59a718afec5218c425012cc03

    • SHA256

      d0ae8ec1e4db033de9a1058598f03f8e582c822a7daf2dbc6a042c59e5fb77ec

    • SHA512

      0187bcd4fe874ff36815448f271fb630c21bf3478be71d149cd8c12b70a522cd541a1d35b6ae5fbb6d0b1ff92e75489890a38772c92acfa9884ea7b6509192f3

    • SSDEEP

      768:4ro1pjgMZCdZwn40c/haXtLFInupb1mn2Mzq5YGxuRZZ6q4KK:6AlgMwgdcZad6n+1mX/g6x4

    Score
    1/10
    behavioral15behavioral16

    • Target

      PaiPai/FreeImage.dll

    • Size

      2.3MB

    • MD5

      5167e215a75753eae72e7834943bae75

    • SHA1

      e9a4769cb17cef314f414ef14238c8c6869a3c66

    • SHA256

      af2a1ae66d9963092a7de6756335caf39a9c2250ecd77bd07e62ca4ac6046259

    • SHA512

      edd747c7332949a4fcb3d601f809acc175aa6fbe80724ed0bbf48ba6f29ec1415fafb0a46a663bd52fb0e5a2e14ed7a453212cd08e74298fd6ff7e07c8937bc4

    • SSDEEP

      24576:nplmUIUWq2i2B+PyB793HjOTM6qoAVEWLx+oylAjPo2vWazbiwpOpTRzTMy8N8GT:npltIUha6ybOgNtQVlAUWzuwqTXC7

    Score
    3/10
    behavioral17behavioral18

    • Target

      PaiPai/HttpDownLoad.exe

    • Size

      72KB

    • MD5

      1e90e53f6e17320ecb673418ca3948ba

    • SHA1

      d2c212d5d45798542c7d166ba81d16053eb18c38

    • SHA256

      4292096f0ffea5c071386e521b789b14cec10e3b21ea147bbdeb89fab552a020

    • SHA512

      2801c1c4052b09b2cf61a0ac328b5ce8b2345aab57b5cbd63cdb77fdf687c9c52496691ff4aaa9a6e2d3de9323eb759ce53bfe43982e744768b1c07952dee800

    • SSDEEP

      768:Y6/Gtn06D1WRCjejeIXnQWt4aUt/1lOQNNWTK:Y9Z9efBeaUttZ4m

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral19behavioral20

    • Target

      PaiPai/PaiPai.exe

    • Size

      1.6MB

    • MD5

      c8ebd94df4e01e1564242d4b702697f4

    • SHA1

      dfef21961ad53ea31569cb173b3cc308e45a1990

    • SHA256

      806883e18987e0fe868e42c1f32af3b55436d28eb8c8759bfb223dba4caafb74

    • SHA512

      76b77bcc1b626eb34060aa09945dcacc7fa22d3d57cd833309aa0ef0f45538966f32e0e49887717c215caa0589461f26104b6b37198468eb541579b38ace4ec5

    • SSDEEP

      24576:ahh15Qt4PlxtGsmRDHm8IUpMCCZ32fekslgs8s6slg4sRsm/+DWbDPa+DWrrDP5u:aZ0q86CCZN4xBxnyV0VTk57Uc6

    Score
    6/10
    bootkitdiscoverypersistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral21behavioral22

    • Target

      PaiPai/PaiPai_LiveUpdate.exe

    • Size

      524KB

    • MD5

      c39281e2d2a98b235410ddb1440f965d

    • SHA1

      0d5b19c4bbd21c77a5ef4b3886da7bb5d6541908

    • SHA256

      d43f7c85121d6bd402731c689ae7f7c3ec1319488292c3467d466bdd515c3f37

    • SHA512

      1163ae4b103ed29fe39a2fb6137506048453e820f89258ad56903a8fa82595010630895782f940606a2cca0c16ab1430bb192ba6df6d54f186542af501ac6346

    • SSDEEP

      12288:4laf6gbfo7vCQ8PE1wdHpCJ5LjnDPEAh5mIUXw6Rh:4MG7vC3PE1LjnrEAh5mtw

    Score
    8/10

    • Downloads MZ/PE file

    behavioral23behavioral24

    • Target

      PaiPai/Uninstall.dll

    • Size

      20KB

    • MD5

      f25f1605df8048c56127cf4e9d116aef

    • SHA1

      f84b0cf1dc77e0a5ca461b24a3666cb7d14764f1

    • SHA256

      7e11a9031d32b9e13da6b292338710b25dbc14a58e996f5e4f7ee6dbdba7e223

    • SHA512

      fb6ad18cd3c3c0269434e355053384bc97ce7502e96a0154fad8ebbd094b67d0201de6ac1b2a600d6677563a20198896b12646986fd0e514b60de90357d4d3ce

    • SSDEEP

      96:EZaGJ6FIzAPRa0tIcw++XT8aWuM6qhotA:7yNAZa0t6+y2WyD

    Score
    8/10

    • Blocklisted process makes network request

    behavioral25behavioral26

    • Target

      PaiPai/Web/Sucai/local_01.html

    • Size

      1KB

    • MD5

      3ac243fdba0ed0d6b4980ff3608ab344

    • SHA1

      1cd73cccb498a9693d3af11a8c53a27660a747f8

    • SHA256

      376a7620bd4b6bbcdc7c4717c09023ad74ae825fbe4cc195d66ab62911f12498

    • SHA512

      05f75866f52b598b905e7d5ba901ced2f8434c70188297ef0f262d300003fb4e42a8d40fbc2647f6b81facdd9a90f70b7bae42b8e0a75bfe83ebefcde2698aa7

    Score
    1/10
    behavioral27behavioral28

    • Target

      PaiPai/Web/Sucai/local_02.html

    • Size

      961B

    • MD5

      99dc1a62697877ee6d170ed015ef1b89

    • SHA1

      23c453d04b74a273214150ca1e0995ddce3c01ad

    • SHA256

      77597e6a61511ad64f740fb3d46dd39efee0f3c31c7daab5eb017f8bbc55bb9b

    • SHA512

      4102514d8c39e60f918ffc91b1ddaf8452d7e9f9515e57ff5563ba980dfdff13c19a15ac404100d36f79949a3a940b23d50ad582cc7bea29176cea24da0ca781

    Score
    1/10
    behavioral29behavioral30

    • Target

      PaiPai/Web/Welcome/index.html

    • Size

      5KB

    • MD5

      0f541936b8558e2b3aa97188db0a461f

    • SHA1

      493f6a6dc1cb068c8b43c6b23b788decc3392a64

    • SHA256

      c1bb3992635a6de116290551c68263bfe4d756a28528fec72fdccc7f558467b4

    • SHA512

      5dbd804b3335180a9586d54a53253518bd40521a6917a9e714b3709f6db579a97974df5e915419118742abfe77e08b077834d800bacd7909226e2ed6a560cec4

    • SSDEEP

      96:S41evnhpFaeFaHwhGkx4xrVaoHMTLnZ9KpKi8ZMQUD44:S41evnowQplHMTgKrCQq

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

bootkitdiscoverypersistence
Score
8/10

behavioral20

bootkitdiscoverypersistence
Score
8/10

behavioral21

bootkitdiscoverypersistence
Score
6/10

behavioral22

bootkitdiscoverypersistence
Score
6/10

behavioral23

Score
8/10

behavioral24

Score
8/10

behavioral25

Score
8/10

behavioral26

Score
8/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10