bd9b6ad5174c3335f8b5ac2a5bf97b9e0795c6fab039dea099d7b53b57a82da0

Sharing

Copy URL

Twitter E-mail

General

Target

3b414e0926a680186c7ce7c6f4411794_JaffaCakes118
Size

2.6MB
Sample

240712-ad1lmszgnr
MD5

3b414e0926a680186c7ce7c6f4411794
SHA1

78b6ddeb05fa6a9accb39cc20f07d14118b5405f
SHA256

bd9b6ad5174c3335f8b5ac2a5bf97b9e0795c6fab039dea099d7b53b57a82da0
SHA512

6897b402219ddb5f8bb1990d6f32059d5064c1c984e2157b9ee5be8c3ff9ad27af3658af4313c06f08e786ed7debd1909e85fe063c7223caa9b201cb39d53e34
SSDEEP

49152:MWFWIlWY5redsTRcV5ksGhs1xj9zOJu+t/2n+IIy7PNW9z9snnSPJ+aWiDf:xFnWY5rF6iyB7+IIy71I2nSPMu

Score

7^/10

Malware Config

Targets

- Target
  
  tbassass-v110901.exe
- Size
  
  2.6MB
- MD5
  
  38606228ec49f67c342c17aa85b86343
- SHA1
  
  6a0a77ad1e43a66bf7c6bab745c72e65dc694f3b
- SHA256
  
  962f9979951a5f9e9ad4148f4164e64a5ae3c8c9e5ef69d19512037d4c930d5b
- SHA512
  
  d60ecafd22f74799b3aefee3151c51442504d363ceea512915974a5a8162ff4bbd4b92629c9d004f41ce1ac0426e051c86e195e01bcf91b4f3335bb9f3dd90e4
- SSDEEP
  
  49152:UnLwy7zAgYdL1dHmxbpeuP+8ryrJFDNM5dgfFaotSNkxysU1Qm2L3FjH63gr:gb7zXYhcbpei+Hr7NXINk4V4jHUgr
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BrandingURL.dll
- Size
  
  4KB
- MD5
  
  71c46b663baa92ad941388d082af97e7
- SHA1
  
  5a9fcce065366a526d75cc5ded9aade7cadd6421
- SHA256
  
  bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e
- SHA512
  
  5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  107737e3282fefd85684f2fa3df6d1c3
- SHA1
  
  3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f
- SHA256
  
  21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0
- SHA512
  
  439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4
- SSDEEP
  
  192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE
Score

3^/10
behavioral5 behavioral6
- Target
  
  7z.dll
- Size
  
  893KB
- MD5
  
  04ad4b80880b32c94be8d0886482c774
- SHA1
  
  344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
- SHA256
  
  a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
- SHA512
  
  3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
- SSDEEP
  
  24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score

3^/10
behavioral7 behavioral8
- Target
  
  7z.exe
- Size
  
  160KB
- MD5
  
  f100a8d8e8d98e0876fe2cbf29d9646d
- SHA1
  
  dd20628deadb3672c490040ca7104d334a057dce
- SHA256
  
  cc2cc08e535dacf1873415de82f8a611d51f3f42cb66b36d45f64d78fe3f032b
- SHA512
  
  bf74dd600f91fc1a417481695d4246fe0626966d3f9d40a38481e370578e7990a184ac3d73eff05ac0ae7e8b27c50c05bc0459730303e5407baf8f525d68e381
- SSDEEP
  
  3072:6nkCMZlG+fHlDum7uVouWEHR92dZH5TTY8A7GyH367uPoDKw:6kCMndv8WiYZH5A8sGw367x+
Score

1^/10
behavioral10 behavioral9
- Target
  
  GTA.exe
- Size
  
  482KB
- MD5
  
  a42f2337f34b5ab3e86586904263b2cb
- SHA1
  
  38d59d75cfd8a726b4b6b4f8027a8e6e8da417fa
- SHA256
  
  85375250e7f5a0de02abe57f649f3388c86bfc4d7162713858e41a82790613ee
- SHA512
  
  da7c9bc8907fe933ba6cda9c97d6eacc63bd5303158444b91d23284b8c1e80e2c296cfc604f5b6801d5d319bf51d7e8171a6c65180338d18f00d2acd7175b619
- SSDEEP
  
  12288:gp6I9KoS9AMwXQLT1WKOhNdg3NlWH49f5oW0aQ:g9LMwXQLT1AhLg3NlWH49f5oW0a
Score

7^/10

bootkit persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  Resource/Bins/AppPlus.DLL
- Size
  
  80KB
- MD5
  
  5f914a89bf4ed84141c66da479e1bc22
- SHA1
  
  94d580f012dfd5fd6c5ec2b1ea6cecb4d11b8bdf
- SHA256
  
  cd334e4cabe7b3600ec792ed0cf5e7e2bfa4c50f1b1dfbfb20d4bee0f347df89
- SHA512
  
  702e403637f9441e946d94c7d4c86bf0efed2ac14d9125625502fe9ca962528bd9ab91435deb82c915987b30e17e8af43cc8c96cae869c59e0c9d0d5eaa7c86d
- SSDEEP
  
  768:y1lGBHTWWiKShScAZtFgDGTGdECHqtl7PDlJNLAa9B8oCspG:yvGBHUKShScA3GKTqEL3lJVpUoCspG
Score

1^/10
behavioral13 behavioral14
- Target
  
  Resource/Bins/CommandBars0.dll
- Size
  
  2.2MB
- MD5
  
  6c6458e3bb4bd6e346f641a7171047b1
- SHA1
  
  600b0860594dcd30ff0add0d5f634b1df094dc4a
- SHA256
  
  60c87e76600e3791c589be521478197c1fa48b64889cac5e3878146ddb0e0317
- SHA512
  
  d03bca96086c29d03c776a50ef9106eaf9b4b09ef101b6401de5773fd330ded20318d79ab4a106f6bd4190f8a3ce31d951fe1bdf508b6059c67f517dab71a9a3
- SSDEEP
  
  24576:FN8SCxFtWIwgXdXWCHRMfX++xsfDFzKKVUa4ryTSFoNkhVQR/cCOWOlDqVTR:sSblaEyThkh4/rOWOlD4d
Score

1^/10
behavioral15 behavioral16
- Target
  
  Resource/Bins/Controls0.dll
- Size
  
  1.7MB
- MD5
  
  cbe355bd30da368e8f9633f7131fb1a0
- SHA1
  
  a4ed633aae05f89c52e76b584b4e0c9773fabc1a
- SHA256
  
  3fdf6930b9c1ff56dd58ee59ff6f8578818133a6512d9f56219e02d18d2d0375
- SHA512
  
  a8deeb0e7f9b22a09f589c8b1498309faa1363e0e5b6fdce8832903827829e03707f544aafa26a345a2032c98569078595f7aa6a4fbce75bb020141c6dc959ba
- SSDEEP
  
  24576:EVbuIOFRWIm7vbqwXUyZTACDVyDKEZlcUHKwUg:UIEqwX/ZTVZQ7zVH
Score

1^/10
behavioral17 behavioral18
- Target
  
  Resource/Bins/G.dll
- Size
  
  1.1MB
- MD5
  
  9ce98543c1870135e0c5509e139cda2f
- SHA1
  
  ca50c6b272f8e564b5c3b19ae312d2fb3bd4ce13
- SHA256
  
  c799b18d709efc330bbdcd224311e8f0750bc1113f883479a0cab67f44d64752
- SHA512
  
  b1cbada4fba47426a55eb1b9e84b2e0f390b55f9af405da0537c589b63472793dc309075519269b346be2d799bd6679a4c2f99172a020d6301ae43047dfcba7b
- SSDEEP
  
  12288:Qjf/H5IlI18UeF/P7EYwhEJqiBSxBAAQwAXO81PJlcFNXvMbm:eOlI1FmyEJLB3ATSO81PJl2NXvMb
Score

1^/10
behavioral19 behavioral20
- Target
  
  Resource/Bins/Gax.dll
- Size
  
  260KB
- MD5
  
  1c7851ad8ce5d1994881fd13eb96e20b
- SHA1
  
  b35572cb78b11142daba2a4e96644198db68ecf9
- SHA256
  
  87c892303c9b4c35fb15eb4b340457e83517e35f3a13ef8d65d870037fcb2256
- SHA512
  
  7dc67d735b755fcada2cb950e399cbd621ea92126ee30888d8865a8de54466b1c6114e8ad7abc4deb64af66dc5e3677ee54495174c986c3ff536293ba4312a21
- SSDEEP
  
  3072:mE3SRWawqQX1yfxL7CfDyiOUAVvzUT3F4a3OMn08Mm/5zIuBEgWo0iMd/Uh6N:D1eLO7PAhzUx4agasHd/
Score

3^/10
behavioral21 behavioral22
- Target
  
  Resource/Bins/GmAPI.dll
- Size
  
  125KB
- MD5
  
  58a9607cfaf3c8a6883ddebf93e0fe1f
- SHA1
  
  dd1095643d0d6530305f360b35741fcac0e9b085
- SHA256
  
  05596201bc9aade4c1facb441867d105c93a378803fd9b90bd2c70bc7a0164ca
- SHA512
  
  2e98e04965122380ac64e3d3a0b2b5328f52ead334f701576e12220aa8da37de61e913f354db3e108c4007c92a982ec6aa7b97b1d9c88859d4db76ae3d6346ab
- SSDEEP
  
  3072:Iiq7vl+04lXR8eBvJpBRFzlN4PZvBq/s6IdRUFcV:devlyvpBRF74PvspIbm0
Score

1^/10
behavioral23 behavioral24
- Target
  
  Resource/Bins/hyp.lrf
- Size
  
  37KB
- MD5
  
  c95529a48110c2354342df3863c732af
- SHA1
  
  8b2196138fc8665137387a4e40020f2954a94622
- SHA256
  
  e7b6bb326b9614e6c4824460b76224c48d195989444ead00a62da5251c9823c4
- SHA512
  
  0880d54cad8a17ad54a984e2759c2859c38f6c8d5a40f1c3c9c4a47afc00eda8267ff0d519dd640183bdd0451163dd2c8bcd203c5a03352546e65680d35e1eb2
- SSDEEP
  
  384:7g6y8P/P58BTAugcmoSnO/++qtbUsH4GIrHXveAlYJLWIybdA8:8x8P58BTt5ym++NilkkLebdA8
Score

1^/10
behavioral25 behavioral26
- Target
  
  Resource/Bins/xml.dll
- Size
  
  84KB
- MD5
  
  64ae9d3408769a65b262106451e3528c
- SHA1
  
  61c598443103cb9cd85d39e8ba231f5643624235
- SHA256
  
  3454ec5af915b76969b1619c2c73e7136fcbf031e4c33f3cd8cf6b8b87f9aeb9
- SHA512
  
  d6a5a1f9a653c089cd64c1aeb2f8a4270593eadfba7acd700505524e3c172ad204107f6dd6a7f28ba84a2fd85e7b04637aa9de0b038efe85525afca43024eace
- SSDEEP
  
  1536:zi67XayAvZcDFaYruTJY+R8gZaGor9SfhS05:267XayAxcDXkagMGorwfES
Score

1^/10
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  50KB
- MD5
  
  3d1b49d41ef71a3c3cc2b326ebdffe12
- SHA1
  
  54d308b0fe7b0f16b3e8ce104eb7405c11473698
- SHA256
  
  9ec5f416372c0b168a756ac40d7741033019c543b19753dc5d7cfa244346b2a2
- SHA512
  
  67e4247eb5553d45824ee56646776ef95397565123e6f07b504bd21112fce220ec93beb3f1e926e9b4f87c19bc416c87539f8da28bcfea1e4a0b79ef5ac3723c
- SSDEEP
  
  1536:Appal05FyuC/jL052PgFEla4ZJJcCwgdLeAyN1zh:Ap8l05FyX0mpa4ZJJchceAy
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Writes to the Master Boot Record (MBR)

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32