6ed560478e9cc3e9b33ca4fb675ea9c592c68cfcfc247e9bf8396c1a04678809

Sharing

Copy URL Twitter E-mail

General

Target

4576ce9deabc3c9a042046b03cae1d35_JaffaCakes118
Size

2.9MB
Sample

240714-mrvzjazcke
MD5

4576ce9deabc3c9a042046b03cae1d35
SHA1

852e0d1b9879077e031f132a05633705d5ba0c88
SHA256

6ed560478e9cc3e9b33ca4fb675ea9c592c68cfcfc247e9bf8396c1a04678809
SHA512

293e29267af7ed9d5dc095ad2c77ce7c98384fb97d4125f454e21e7a873276dec6ed0deb218bf90ca8352781f921207ccacb49c1ba89807a24bf76dc8547b519
SSDEEP

49152:wDG2kgCoCsdSeJW7UEyRIhfTEw4PcoE4rmo8qp1H3yXgkmlQms5NWWXoxQgH:wDG2JCrR77qEEw4DEGm+5evWCoxpH

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Havij 1.15 - Patched/Havij.exe
- Size
  
  1.7MB
- MD5
  
  5dce7f54dcf627e83cefb2dbe8a037d6
- SHA1
  
  35d0e1c186c32822c8f72550749928fe7d58e94a
- SHA256
  
  bbc05fda2667ea14c4cb557aa985936520eeae1ef5134f7e6c28d891cb843fc5
- SHA512
  
  61a3293beaabee0dbd41fe2ec780dfffaf7ef3e58858358b8959fd4867b3330abf9378b94e44233c219376ec46dfefe7e2a3b30b7d5376b88e2fe7b377ffa3b9
- SSDEEP
  
  24576:0yz+HhpV2bP6WRvz7TSdMzLOE7PjArataCYwfnLr593J4QL9DJN:09HvV4P6ATSdMzLOE7PjdaNwZ93J4A
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  Havij 1.15 - Patched/Help.chm
- Size
  
  847KB
- MD5
  
  0738de0e76bc6a1143e74ce37b1de1c2
- SHA1
  
  201b67d4f72712b84aa5d43db72fc3f08dd7fb79
- SHA256
  
  11714e86d77e36f170c99f2856e3c924ac6ba962191b459844ccd0cc51b605b3
- SHA512
  
  cc3d49a59bc868ffa7d2a3693e8f057c8193074edf98dd2777e245445a32336193c8193e3a0ffba3263a5ea99f33f53b8d550db67f1ec677e882af50fe5db891
- SSDEEP
  
  12288:8y4x3SFofEgMThIRvtk+HebSH0N/RMZYnI2ecT9nbuCJ5YBSpu4UH:8yC3S1gihIRvtk+++UDMpudEBSg4UH
Score

1^/10
behavioral3 behavioral4
- Target
  
  Havij 1.15 - Patched/MSInet.ocx
- Size
  
  112KB
- MD5
  
  7bec181a21753498b6bd001c42a42722
- SHA1
  
  3249f233657dc66632c0539c47895bfcee5770cc
- SHA256
  
  73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
- SHA512
  
  d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc
- SSDEEP
  
  3072:i4QYXpLZaH+kCp1RCaSCF/6UMiySQYPfrj:i4rBfL1RCaSC0ej
Score

1^/10
behavioral5 behavioral6
- Target
  
  Havij 1.15 - Patched/Mscomctl.ocx
- Size
  
  1.0MB
- MD5
  
  ecc7d7f0d3446de36045d1d9e964fafe
- SHA1
  
  da6b0ec081d628c33b150327f3bd16d3b7fa4729
- SHA256
  
  bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4
- SHA512
  
  443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632
- SSDEEP
  
  24576:s0LiK1d6dxOehwsj5dC33M/jYVRDSfaF0gg1CVGO7oVtNKG:n6dAehwaY19G1u7+Ln
Score

1^/10
behavioral7 behavioral8
- Target
  
  Havij 1.15 - Patched/Mswinsck.ocx
- Size
  
  121KB
- MD5
  
  e8a2190a9e8ee5e5d2e0b599bbf9dda6
- SHA1
  
  4e97bf9519c83835da9db309e61ec87ddf165167
- SHA256
  
  80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311
- SHA512
  
  57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee
- SSDEEP
  
  3072:9PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sB:9PBUyhsdEI2++M+RlTHYL
Score

1^/10
behavioral10 behavioral9
- Target
  
  Havij 1.15 - Patched/RICHTX32.ocx
- Size
  
  254KB
- MD5
  
  21034a336e16f30345a96de9bd8cec25
- SHA1
  
  c9fb876a001874c4ee8670fabf12c36036f54a1f
- SHA256
  
  251a419bb5998882227a11188311b82f20c4952865ff916397973bd9a50c69d5
- SHA512
  
  ed1f33cd13f6cda5aa4696271927ff2497a2bd33fee606655ed50bb5f13cedb81a3597844c1a8030e6ffa3c46ed34c217a55dab062ba00a76f2f079b7da2e86f
- SSDEEP
  
  3072:Q2yywZ8NOAf90tLOsFZdASaIaOXUX1RmY1viVg6y/jg9FdYJEhN9dTmmkSER/Um4:c78vfEBFZdASUT1RmMQxFdYJErlj6f
Score

1^/10
behavioral11 behavioral12
- Target
  
  Havij 1.15 - Patched/asycfilt.dll
- Size
  
  144KB
- MD5
  
  c89e401800de62e5702e085d898eed20
- SHA1
  
  72fb4f088c6ac02097b55fb267c76fbf5e0fa1f7
- SHA256
  
  de83c9d9203050b40c098e4143ef8f577aa90016c7a64d4f2931b57a4c43e566
- SHA512
  
  70006d70dcb47361ff43e4f7c458655ad2474b70cb917873aa77d2cc06465a68d375d36c494d154a03dbbff891df7dd6cab3d2c7b08e8650b9ff170e30838070
- SSDEEP
  
  3072:h+qD1Cd/Oa5kXFlqkFGr3CAP7LCyInPEggen5Ez:hlCd/OaaFEjCAPKyOE6na
Score

1^/10
behavioral13 behavioral14
- Target
  
  Havij 1.15 - Patched/comcat.dll
- Size
  
  21KB
- MD5
  
  3b180da2b50b954a55fe37afba58d428
- SHA1
  
  c2a409311853ad4608418e790621f04155e55000
- SHA256
  
  96d04cdfaf4f4d7b8722b139a15074975d4c244302f78034b7be65df1a92fd03
- SHA512
  
  cf94ad749d91169078b8829288a2fc8de86ec2fe83d89dc27d54d03c73c0deca66b5d83abbeaa1ff09d0acac4c4352be6502945b5187ecde952cbb08037d07e8
- SSDEEP
  
  384:23Fob3slaN3oF1fHICOoMzMv/QTIBjDVquODJXsUW7ftWs6:Yo7s28JnOxzMv/QsBjRqugXspd
Score

1^/10
behavioral15 behavioral16
- Target
  
  Havij 1.15 - Patched/comdlg32.ocx
- Size
  
  137KB
- MD5
  
  b73809a916e6d7c1ae56f182a2e8f7e2
- SHA1
  
  34e4213d8bf0e150d3f50ae0bd3f5b328e1105f5
- SHA256
  
  64c6ee999562961d11af130254ad3ffd24bb725d3c18e7877f9fd362f4936195
- SHA512
  
  26c28cb6c7e1b47425403ab8850a765ac420dd6474327ce8469376219c830ab46218383d15a73c9ea3a23fc6b5f392ee6e2a1632a1bf644b1bd1a05a4729e333
- SSDEEP
  
  3072:3ESIiWD8uq4hCqUt6mqD1gRshBgH/voqJrwo2CocrJbQN6N2TRqEydzdHv2:3ETz566VgRyOJ0oDxQRHH
Score

1^/10
behavioral17 behavioral18
- Target
  
  Havij 1.15 - Patched/msvbvm60.dll
- Size
  
  1.3MB
- MD5
  
  f28eb5cbc3ca6d8c787f09f047d1f9c8
- SHA1
  
  70db1fac822974bc9b636a984bcc1da2e67f8de5
- SHA256
  
  3ef32e0152cc3fa07c417e6aadf9ead83a17b5fdee73799044e1bd7564725d6e
- SHA512
  
  84f811f75e9d5143898728d2109b349802a292d4ef2ccae4b4421d20268a33c6ddee9c70e8bdeb474a3ac70307b2554c00ce786ca1f446807610fa2717f3745f
- SSDEEP
  
  24576:jrWIEO0eDfcPOvCOpMEPJonhql5oHS+zh3JajtObuF+T+NUFRjUgIeX40sgdp:jrOuCQhJohq3oHrh3JajtObu2+NUF5Vd
Score

1^/10
behavioral19 behavioral20
- Target
  
  Havij 1.15 - Patched/oleaut32.dll
- Size
  
  584KB
- MD5
  
  7b156d230278b8c914ef3f4169fec1cc
- SHA1
  
  6b58e20b2538cb308091da838710f6aad933a301
- SHA256
  
  baeb2f7c1b8be56738d34e1d1ddf8e0eebd3a633215dc1575e14656be38b939d
- SHA512
  
  e4ec2bc714069e0a6b56d89b52aabad92e5ba741dc6f26d2fc2d72aa9ad2ec465dea523cccd810331ab78b5fb8a1244b2b521303418ead5bd6be5a58b43794c5
- SSDEEP
  
  12288:HCKynQWKglDhrUtrvT/NInIk4NDXsR6lMlpGz:HGXqB8V6lMlMz
Score

1^/10
behavioral21 behavioral22
- Target
  
  Havij 1.15 - Patched/olepro32.dll
- Size
  
  160KB
- MD5
  
  ce0155405ea902797e88b92a78443aeb
- SHA1
  
  8adff69050d14a57d7f553ca8978439af188c192
- SHA256
  
  789c3c45eda1749bd939f4a96616e1e9ef1b7dcc62a2889f65088954c64d0938
- SHA512
  
  3fde09067f9ca8d315de07c8db972f99723ea4c3f997dc58210f9d6565caa9935c79f13e8b2d20adc5609919a381e4c2a90a0b3123a35947997229d7c615e162
- SSDEEP
  
  3072:+VrhrwLXcA2Ha/joWklbo/Acjwm4AaW7zozn/zgOh0Z76:fklbsqmyWnoz/P
Score

1^/10
behavioral23 behavioral24
- Target
  
  Havij 1.15 - Patched/stdole2.tlb
- Size
  
  17KB
- MD5
  
  1b02577f0addea32eb02a50d4a4cdd1e
- SHA1
  
  36f701ccec78a5d218fea23fd05351890f14cf7d
- SHA256
  
  6ea525bface5467c1045c3708f339a4b92a3a273f70656e061c7f7322c56d667
- SHA512
  
  87fd4aa5158d09eb97b6131e651db2a4761546907a960af7792f8e95947c0a825e84f88eccf42ec896ff5bb2bbc461488b898d5f1bd853847317493c44b330c9
- SSDEEP
  
  384:cogoEvM/uFrR+X6QNn1pcJIrWocDGWct:cogoEvM0rgqQNn3
Score

1^/10
behavioral25 behavioral26
- Target
  
  Havij 1.15 - Patched/tabctl32.ocx
- Size
  
  204KB
- MD5
  
  908938d3ba2d870ee9fc6238a4c6af95
- SHA1
  
  e8648d6d69fd5cf900c4bf98b210f6921bed3ef5
- SHA256
  
  40cadbfb2eb5732f025d687664f34239db7153a192bca0287f9208852b201fb6
- SHA512
  
  f9433f48330f7ddc64edb8a64229c1490fa31978e9f4ffdc5fa5ff8b18430317a39a07a559d560051ba195b730429acfb18edb38bf712507b00ac788ffca0b74
- SSDEEP
  
  3072:kBOrV7gwFcKneF9s2x+eDYIRXDc6VNeFjzBB9g3A/Vt8DbtUfREm/UmL/8zc8N9R:k0rVdCVrsEncIRXDdVNeFBIk2DgR4d
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28