79f76160fd12d29b59c066ef907e293cc4802a7549edf0019842ea87936a742f | Triage

Sharing

General

Target

1c2ca43a825c7fbc9a0d12a26481f5d1_JaffaCakes118
Size

731KB
Sample

240701-xwkz8svapg
MD5

1c2ca43a825c7fbc9a0d12a26481f5d1
SHA1

374da0bc19bf318238c775a27efea34fed6c77c0
SHA256

79f76160fd12d29b59c066ef907e293cc4802a7549edf0019842ea87936a742f
SHA512

b8f02ada930f70500e1fda817be6f60472c85c1c065134e4489c68fc19b34be7941516d536374bb4599af97dca5d66a9e6dbf3f642f6d7c875ad5d6ad2945b7a
SSDEEP

12288:fByyr9BRUR0Sgt+ydwcm+aqKyospKya12pNfuDkCCytzd8ab5sgXFf81f5:fByc9380Sgf/oqQya12pNfuoCCytzGaM

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  754KB
- MD5
  
  374cb3a845b0d0e7ae2ddb359b613552
- SHA1
  
  459be1616ebc4b0466a7bb75df09480a1b77f4a7
- SHA256
  
  483829d44a5e055c9dd037dbf10ab1f60977aa1cdad2b3555f16b4e0d48ef0be
- SHA512
  
  f2925f2ffa4ddf9b07e69b9961b51af7e5ab101f9a677462585efc9ee3e6dc963d3135da18c69a0368fa845d6cfef0bf28fbc64707672dce430e77095873b4ba
- SSDEEP
  
  12288:g+FslaBKQXvgEyl9WBIW58qinF5a5wHz9pDeRzHv8NApUECw2y8jJPPhG:dFsl6KQIW5+Pa4ptwbv8NYUJNPPhG
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  2c3c8976d729d28478a789217a882291
- SHA1
  
  10c18b23fac957419547ef0f8ec3bc1b10e91e79
- SHA256
  
  799f91bdd59f2133bf195c5b4ca685ee91666d981a6bcd8a6c45b7c8ecc96eef
- SHA512
  
  749c650974f94cc5009124d3fa3d9bb1ee5824a3fa0a76b81733e08379678a2a1b7c54b77d1709fb6de24c81c68c03c0ec3e9ec5ccad0d30d9237300794f1213
- SSDEEP
  
  48:aefTYzqi+/XC1aQbkMIwovgxbLuwOWd8s/d79C6O4MWNEYJvRZJ0dfh80:22XC1XkH/ohLZDSs/d799O4MQE0R4
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  388c408cff35a38d04e3cda18f63af07
- SHA1
  
  9c2aa2ed8b526ace4267acbcf5648b2601019ac4
- SHA256
  
  4f945ad53b7aa8ed516b2f58c2ed9f15c13bbdf0e489d71c7347b80583cee5fd
- SHA512
  
  542292d61ff209f6c98c62ebad549024611a7d42fb951f8cc211b886f0d202d5e0da3b754c84c8a00043c748ed527351fc524357412cf88875e6bf729cbba46f
- SSDEEP
  
  96:MFJsQxcnqakqeStS6+NMKQwECv0nGhFZxTxZ05hU/61:C9xcnqakCN+N9n0na1K5y61
Score

3^/10
behavioral7 behavioral8
- Target
  
  ActiveStartupDeluxe.chm
- Size
  
  89KB
- MD5
  
  0fe7ed11b19b1d9eb707b57508effbba
- SHA1
  
  1a707d836194cb69f545ff7eda2749083bed8e5f
- SHA256
  
  7cf039758cde132f07666324f822557543b2d34f9080ebcf7eac113249e3336f
- SHA512
  
  eee3d63c7c65e5267189e783d13e95707fe72c622c6ba8e8ada14508f27cbab2bf1de986199788bf3a5fa1f638db9d22f36c54d851496cf97f1407ff98cd12c4
- SSDEEP
  
  1536:vTZsc0Jh5/wkd12s/R4SKUSoRHlixpcXorSJqF1HnC7iX1/CTSrkwMXhaCRfkl:1szJhdwkd1RvKUVRl2pc4r9HCulqT5wL
Score

1^/10
behavioral10 behavioral9
- Target
  
  ActiveStartupDeluxe.exe
- Size
  
  502KB
- MD5
  
  b48c6eafd3fbbb7879eb5fc455ff8d81
- SHA1
  
  c7aa38b1b7023d918086c9201dfe6f98ef2ad281
- SHA256
  
  c0d6bb12e8ad19ea72e34b67dfa985ec0e54936b21c738fc95dad7b0c5fa5e69
- SHA512
  
  29d6a8e73ff9e2bc60dd089c7db376b60f58f6f7984c1b8542de1d6022a2132e6878f9ff5b427907c35765c72567d2f53be2d89cb9e041db76aa136dc57fc456
- SSDEEP
  
  12288:X3mB8jikF5J5tHz9pDdRPHvhNAKUEbLbKhcksQ8bE8FJcaGWKrh:XWB6PJnptXfvhNVUAb95QiFGWKrh
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  uninst.exe
- Size
  
  74KB
- MD5
  
  493549cee2474da75dfeb027902ee1cf
- SHA1
  
  90a24f03f9b9cb00a5ca3108cc011a52ae7a830d
- SHA256
  
  439078046f9fab11b164ead16497d5e05e23d23bd0f074386b69bf1424fdc80c
- SHA512
  
  2b2cd892b7b08f2397f4c6c6d867f9ac3a8c5266c9b56bf31045c9774c274581d64224e98f9b1f1ef66c8f6f79946b40ba16da5c3b0b83d0eba6efee741f2a4a
- SSDEEP
  
  1536:sG0Db1wJdBREzA01xVubM8JFbqAELVigmvDb3nTrfBskSoxx:ADb1wHBe6bM8JFeAI0xvXffZx
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

bootkitpersistence

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16