5b74b6f070d1c95c92ce2c4def40aa0f4526c549a079ce2dffa72dec80aa6f88 | Triage

Sharing

General

Target

34afc63bde64c57e5f0fd8e9714c013a_JaffaCakes118
Size

137KB
Sample

240710-pgs4asxdjm
MD5

34afc63bde64c57e5f0fd8e9714c013a
SHA1

61710db8e0a61bad34c19062624365c77360eea1
SHA256

5b74b6f070d1c95c92ce2c4def40aa0f4526c549a079ce2dffa72dec80aa6f88
SHA512

580e46f3858dd84cea721cd58832840834a8c27cc55da05dacbae3d16148c543f2cfee13d809354a7ca5f0484c18e277ab7c3a2239fcc3e66955f3f9ab600740
SSDEEP

3072:AhBG3AwFat/mclL+ovHRoQ6ZgsHbrATbN/iPU/jqThoieNe:5wwy+cQEtqHQNSlzeg

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  ForceKill.exe
- Size
  
  253KB
- MD5
  
  fc477743ceaef6633c474cd6281f1f5b
- SHA1
  
  306bac2c59bae7b7c6000643ca31bbb9583c4a04
- SHA256
  
  eb4b16d4fb16aeaf06c2a8f231dc65f50a1942b86a7784baa20ea000af286c8c
- SHA512
  
  a80b2f4ce6ed04e09d1305d883c2abd0ebed47bd3bb68d9be47d039aff7944f099ebf546cd481c9046f8233b86945382efda2e88ff8ab49819983c3da9cb378a
- SSDEEP
  
  3072:8n6+PdZA6yTI+7caIprQiD1w3uN4FdgLFAoqLG4W53g0KbYoooFKWAnND:gF6c3lQiDGRO14W53g0p
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  ForceKill/ForceKill.dll
- Size
  
  185KB
- MD5
  
  e17de1eb5303ef604a833e4cc4061ce1
- SHA1
  
  64e002881cc4588cad4b6266026c93d60ff8b63c
- SHA256
  
  f03864be26722c740ee6c5f8665ec085c033201848079d17c534684c2b2d8a23
- SHA512
  
  b5336d9bf7706f216919584a30641ec9f4a5f2e9f85fe1db449b986aee1560181acb14feddf64b009f6c2122a3e742c6c307c45c20b03cd7a7653921fbe59ed2
- SSDEEP
  
  3072:6czuDljCBMoX+9lMbkR1ut+aNkT6ribpgIzn+:6cCDQP1AAF
Score

1^/10
behavioral3 behavioral4
- Target
  
  ForceKill/ForceKill.sys
- Size
  
  12KB
- MD5
  
  d0429c39f7f37b2087a9bc0dd28cf36d
- SHA1
  
  531a9e66755e71bf5cab8a6051a0e23b910a4c5a
- SHA256
  
  ca341d96450929deadfedf2b3eda36075595ef891de19e668b82792bf2fb4407
- SHA512
  
  a7912a53ce39ced6e5140d84fc2e251ec7a48f2aef677cd2eac03ef257218ce280f143456d364444ff8fb4c67550644724b2831de5824a4a5c6873b71ddab0bf
- SSDEEP
  
  192:mi4Jl9OtZmn/4du89EyncjWOeyowJL/RONb8ggW5Al:micOLB7nNYJLRyGl
Score

1^/10
behavioral5 behavioral6
- Target
  
  ForceKill/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral7 behavioral8
- Target
  
  超级巡警.url
- Size
  
  152B
- MD5
  
  372fa33e544ff3c4efffca0ba75c23fb
- SHA1
  
  9a9f8ac1cf96f4c9def535fe3db97dd3e64bf630
- SHA256
  
  777dcfde4d5b6eac14ae05331725139f63d1dc4c794cea4ec1a7a0475d427247
- SHA512
  
  ea73db3708b936d59e09562341e2c64c70cdacaf8667c1b2e441e5094135c03f33791073102b628acd8a87eaaaaba85b815fa780b7ca4c3c0f19097779459fdd
Score

1^/10
behavioral10 behavioral9
- Target
  
  问题咨询.url
- Size
  
  152B
- MD5
  
  000507733faaba6852bf5d4136df339d
- SHA1
  
  9d6180619aaeb53343887c1f13bde0c7862200d4
- SHA256
  
  04aeb5c19753ada66627c17c98c45f9f15493ca2e17173560f733bf7c0a0d1db
- SHA512
  
  a57a423ce9a7d1d42387ea4f48d81c686b2b42cef41f543243c91339cfaabdd970228847269a5cb579aad8dce78b159fb59793145affe6f654ace21d6f6e6a94
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12