12fc266d9c4ea0c51290c86e94e97014c57d9549c23932b0656b0b174cfacc21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e5d0c28d85a55677283cc2d04c36878_JaffaCakes118
Size

1.4MB
Sample

240720-az78lsybpm
MD5

5e5d0c28d85a55677283cc2d04c36878
SHA1

35cdb5ad418d3eb711053ec2abb4011c0f088b55
SHA256

12fc266d9c4ea0c51290c86e94e97014c57d9549c23932b0656b0b174cfacc21
SHA512

aafd0d21b4803b14d0449ec372a50eb5dfef001e6ba950ec3fbcfebf7551b28fa4db7fecdbe1ef431b0a3f3e8b2390a145dd8b8118d8199f3c272e4a0bcfa562
SSDEEP

24576:xzZ6gz9wq/4hdsfUqWcn9ZKph9dGzS10lF0WsJSunKBFJ6FyESrC:Os9l/0hk2ph9QRlFsJSuKdASrC

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  BadCopy.chm
- Size
  
  70KB
- MD5
  
  07e039c94f336f20a6be37b812ba3cb2
- SHA1
  
  d13ab4ae32f94eb2ca53cd972cf0c6e70a3181e6
- SHA256
  
  0206ebd2331154ee83cc19d9f9c47efe26f17f762f45aaa8f524b02e9db41001
- SHA512
  
  43bef3119f6b4df04c354e21e7b77e16e5a476ad0e14612eb1ad76096940a58a317471234760cd75819d731828377c8571d042ae950b34a49c66a2b3d580de24
- SSDEEP
  
  1536:ve/6l1Zvy0pdwBFe7DK8mdQfnY0t3oSgOAxd5LNsGvA36YVQ:Wil1l98FADKsY0lFZsdrsGvAvi
Score

1^/10
behavioral1 behavioral2
- Target
  
  BadCopyEng.exe
- Size
  
  634KB
- MD5
  
  0a75cdf1935a1eb1e03a1a431e16e47e
- SHA1
  
  fdf610ac52b02bafa022462fec68233307f4769a
- SHA256
  
  c2556d888dafa5b1eb4bf8d633f8c140a8b926f01f258b32a61adaa7e6c52ecc
- SHA512
  
  9ff810927dcabac860e1a738cfd94f30ca4d6c8b6964bfc906a46aa6256bea2e2118e8ffb65fe13dbbebff2512664aaec4a857f463abd25153fc52c69079adf0
- SSDEEP
  
  12288:VCCVrX1Yld/kQ9EEOUhBafcfoIbZej9SCTEYQ6b7MP+Dd2d:VCCVrihRrl2WyjTTBx7MP+h2d
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  advisor.htm
- Size
  
  1014B
- MD5
  
  25a6f12a469be1e194b48a2f398f0b57
- SHA1
  
  c0728993305c81443133e4c48c7c7cf774b433c5
- SHA256
  
  d5d89b5f1bb2249c0d0cdd01df681ff954a1bdf6c7f3ec5b30770305e9059f24
- SHA512
  
  706b99d2ca5a4e345f861d750fae9d56a48d3620bec53c067ef343c7e58ebc496bdf02138068e4a9b1644004a412e1a0c5469df304f10693651416ffb96e99bf
Score

1^/10
behavioral5 behavioral6
- Target
  
  badcopy.exe
- Size
  
  642KB
- MD5
  
  d7457926c22d9bbcda0c8cdcc70432bd
- SHA1
  
  d46fe1a32feeeffa4cdfb5a2b314cb777fd4a73f
- SHA256
  
  4c4bf00aef7ece29f897ab6c3356bcb863575f89403360dbb3416a79873f6a7d
- SHA512
  
  e2d3901091f6121bba415a8335b6f9422ad679a84bc3d8fb4f747a23a7735cfbdd1524bd336bf632d4dd874097d495a2033920957fd18e028fc19e7d094b94e9
- SSDEEP
  
  12288:wYEc70t89d25eTkqi8J6GT9FK6i5FBGTDSZ8N0jLyTN+HI0CV1kFI:L78k4qtlEpGTDCbLyJ++
Score

1^/10
behavioral7 behavioral8
- Target
  
  soft2cn．com汉化说明.exe
- Size
  
  71KB
- MD5
  
  0eb07b93aebae90361c57a2460f8ce9d
- SHA1
  
  c78222f48d53af2fa1a26e8197b9ba32133508b0
- SHA256
  
  cf1469e4828636912a1329454ae667a8682d011c4123946ce7b7b5afa63acb0d
- SHA512
  
  e6290250c1d3d466d40bcdd70f699661853659c5475b4d575d83b1fc9c6d1a1a899a0f544bc1d6f21ea83c7dbfc609b7adfbe7f0c052851b9c263bb3a3db70c7
- SSDEEP
  
  1536:zUD4tOy4/jsgL5MxyWMp/rmER83YI5GGMNOv:zUVb/d5MyW8CPm0
Score

1^/10
behavioral10 behavioral9
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral11 behavioral12
- Target
  
  汉化手记.URL
- Size
  
  49B
- MD5
  
  ab80f0f00bb677bd1743e732d58b72d7
- SHA1
  
  124e866cc76fb1f8c0ac04517cd082a9dd59add0
- SHA256
  
  0dcab3ee81c7cdd44f6ec547a1be813b0c90994c604141938bc1adc7c01b4421
- SHA512
  
  4ed8a90757431bd7954ebb2182f76c894c3136f7382586906a23189208a8f68d7c9bdd66912f1d49757be2801255d9ddb826801fdebb37aa465cea8bac827a13
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14