531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b

Sharing

Copy URL

Twitter E-mail

General

Target

5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118
Size

10.6MB
Sample

240720-g8z2xstfja
MD5

5f614b3d2a686b4995c38b91324d8fdb
SHA1

72c298fb258d9e318aba64e900e91f3174cb2dbe
SHA256

531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b
SHA512

778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c
SSDEEP

196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb

Score

8^/10

Malware Config

Targets

- Target
  
  5f614b3d2a686b4995c38b91324d8fdb_JaffaCakes118
- Size
  
  10.6MB
- MD5
  
  5f614b3d2a686b4995c38b91324d8fdb
- SHA1
  
  72c298fb258d9e318aba64e900e91f3174cb2dbe
- SHA256
  
  531313033fdb71c44c0791f56679e55c36f06fa6250f90f68ebaf42e7a2a044b
- SHA512
  
  778c0d3ac4a7091cd09a5a9de4b3e41ea7c94c334af6219c85cf2f275feb3345adb42221193f6aac14e84fd1110ff52afb14cf24a7e7333bcbdf60fedb41681c
- SSDEEP
  
  196608:NBHC8KwHrU6Ery5NXJZzkl3fP0puCSe3xb1WujMYJroJiPEgI2fPZdms:DC8K6rery5ZDzklPMpuCl50uXozCPZb
Score

8^/10

bootkit discovery persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BDMSkin.dll
- Size
  
  1.8MB
- MD5
  
  3f6dc271f034861cb4be850a816105e3
- SHA1
  
  d83f7a11d47d4668737ff64139870bad8a8722a0
- SHA256
  
  4f5d4dc959ccb0f201b2f2c761c74f6284ec90fe4d05e11813c63f584356205a
- SHA512
  
  2149b342a8bb8486faf3e7ffe43b6fe66bad4b93512ed668caccdf63399a48411b92b31c99a018c92e4590584d8c0111a483f8161ec179d5f92aba2e398fa76a
- SSDEEP
  
  24576:l6HdOqkMfbZu853MkOiJnzC5LLpjA1Mr7zcy9apk/:lidxZuI3EL5A1y7zcy9apk/
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/BaiduReport.dll
- Size
  
  355KB
- MD5
  
  33ac85604ff109e2a297c03fc1037bf1
- SHA1
  
  02be88a95fc04ec73c4ed33601f832e86d5f0bb3
- SHA256
  
  47c64647fe2ef3215e919295fd3627b25e85877a690d2ba940f4177cfef2678c
- SHA512
  
  80c3428e0bd0585f2c4076fc814b638aeab637b2a56b37febef08f75fad426b268fcc2409cc8d09738c23ffc7d56250683b157a5e452b4b43a2bf88d4f489826
- SSDEEP
  
  6144:KceTKy/7X/avkVeQtYto8qVTBT2RL2f1QoCOdGnZfCH:KciK0+vAeIYto8qKRL2f1MqH
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Base.dll
- Size
  
  777KB
- MD5
  
  6fdcd6d9faf849ecd71d4fa329969780
- SHA1
  
  3480193f5e7a37bf8a01f728566b48d56850749b
- SHA256
  
  a31fbc3014712fca12637400897816c41f65627434bdde1f4c8c0c025f08bad2
- SHA512
  
  5a3ddbd1abda841bc06c210f612cfde3a48016991ea6a8dc5ee00574aee1904c70695226490986465c950bf09564bf56715d2c25fcee9931f33b82dcefc2c111
- SSDEEP
  
  24576:FodWvihKLAwxzNvooB5aOelmGEpNlOgj8JKHTc4pE+uRxi:FodWvCS3xzOA5mEpNlOg4JuTc4t6i
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallHelper.dll
- Size
  
  242KB
- MD5
  
  f497a1c6f5f1faca1a05fbee72abc07a
- SHA1
  
  3af6939afd2cdfc3eb7e9f6ff4cf26d254f97923
- SHA256
  
  ec6a6f16902d84802d0a744a6537d7bebe40b4ad9c8bce4de012c3224c98030c
- SHA512
  
  3a523e91cf7e4bd3c83f4eb9a861f410fb2be7367514cb7cf9c47f9f6aa3bcf200640c53bd96acf11f2177938b27cad033f361d67eb6098cb40eb3538292d8ba
- SSDEEP
  
  6144:B8Xjcb+BQhwGScybmUSfTkOwHdA091MCOqHmHFM:7+slVLyAWVGHFM
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/Protocol.dll
- Size
  
  355KB
- MD5
  
  a0ec723d41810478bb659a85e4e92f3d
- SHA1
  
  24cc9fc77abcafe0dd1c5a4e547a8b4efd63c85f
- SHA256
  
  dd57149bfa1348e482afddbbe79187527cbd358cdb3036fdf4e8b9f446d020cf
- SHA512
  
  ed98dff026eff8501a526dc36c5f68b63adc5a1704881015d6a9f7af53e5a3a47da6aad8d054b7f7cf0821f479a016f45ad20a1b201c263a09cf8265cd772c4d
- SSDEEP
  
  6144:9ibLrat+Zbe/UnSKeWWhaAIMsmg/wQ2h/WS8emoDCnD3h7xKYJd098jOfA7Ku:9uzyXXJaAI+qh4SWDCt7xK00yOu
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/Report.dll
- Size
  
  108KB
- MD5
  
  4ed3f52e01ac04d6b1fa05ff8a41c2fe
- SHA1
  
  9c363a2658db7deffe5358634320671ef6fc7664
- SHA256
  
  542440c178b553d4a1b01d83f05df6a1ba842571f4a9f90b06fdceab06336fe1
- SHA512
  
  8fcc515adc959c5b07b4c94400f6e39d75d9ba8a9556d7f4df8891a642b967f13b9f8302ff56bebac505a8a73a3bd4980e29406ccc918fb1dd3d7acc69f776ff
- SSDEEP
  
  3072:qx+DzZ3n2kLIJ+yAnc/KCe6nqMaEnb5hZ12p3ou6OfGHSl9B4:qx+DF3n2kLIJ+yAnc/KCe6qM1NhZ4pYf
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  17KB
- MD5
  
  bdb492684b7a99ee0aa1d10c1f8bf702
- SHA1
  
  c7b8a53cf1481df2a4a7eb11aeb824ff8b3a4698
- SHA256
  
  4919ffc0acdada4f18469d7fc76abaec4584b99709bbd276c6e9a8043be76481
- SHA512
  
  479f996f7dfbad9fff8f4bf3493dcaaa680390919233fb875d08efc0e6b71a94db9eae510091496a4c99e09ed793aae87ef64bd80e55cbf94823848d2edc0d20
- SSDEEP
  
  192:mN2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx8nYe+PjP5rr0u+vsW:9JoiO8V2upW7vQjS/dnYPLtjeMUt
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/Utils.dll
- Size
  
  928KB
- MD5
  
  9ac5812dbee6e04f5d818dc5afb46480
- SHA1
  
  5232fb8d2ecb4cbbd52054741282cfb86fdd6e9d
- SHA256
  
  77ec589230c246ff136b9abe22691e978c30aff7c3e222be34195a671c8b3d8d
- SHA512
  
  970dd347a9d1a22dc02fba0ad1d8f7ac16c00dfca97045de5453ef8c7f64fac019d89aa2e1c69fb10ea3a29388a52c163da904d7b5abec95c18f0981a054c0e0
- SSDEEP
  
  12288:E1mKijkRUJo4KTYogByju3J/QkQeGtNNjeDsVtq5Dz0BTCK0YssuvPThzxfDX:E1NioRvu2EDz0B9FuvPTNxfDX
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/msvcp100.dll
- Size
  
  411KB
- MD5
  
  bc83108b18756547013ed443b8cdb31b
- SHA1
  
  79bcaad3714433e01c7f153b05b781f8d7cb318d
- SHA256
  
  b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
- SHA512
  
  6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
- SSDEEP
  
  12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral21 behavioral22
- Target
  
  $_15_/Baidu/Baidu/plugin/extends/game/1.0.0.3/JoystickService.dll
- Size
  
  172KB
- MD5
  
  e658ff0dcf3df710575c08148fe8b476
- SHA1
  
  e22a478cecb80d00e74b9f6224cfb7329aa89c1d
- SHA256
  
  1e8676f20da79fbb0fef694be17ede1047d0d68e9c7d07b1dac4e7bec3c7ffbc
- SHA512
  
  37f36be43d1393f0fc686e13fb56bf1412e2e7c637a74b7274a9adfc44a342bf5c5745750628dd4cecc20ed0a79342bda22ae2d6b58c245da1f1dc12bc6390c0
- SSDEEP
  
  3072:3xFZpErmhoqx+16K8FCH/cpuMF6/G4JKmqDiyOoCJWNOfiuUyqtziX:3xzpErmhoqkzU36/G4IYysANOfFUpiX
Score

1^/10
behavioral23 behavioral24
- Target
  
  $_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/jietuDll.dll
- Size
  
  78KB
- MD5
  
  cb2890bd544ecc0d442bc09429e2099a
- SHA1
  
  bd45300e1d7b8c79aa0e14c1dd59ae7c24d4d7bf
- SHA256
  
  a7c0f7988c03bb47b691bf7089738d67f0f31366cb1a8a4aefa18ed3914b7388
- SHA512
  
  e8e15555b62b56fdfc15eb109308075650d96dd0415cc508a865ec69151d2601d2ce06b943822b6b74057abf8033c93ccfa54bfe4f90308959925793a13a70b2
- SSDEEP
  
  1536:ZfoGCAKT/A2Nu4ESO2C5Cfv9Uc04HSzt4tJhIxtrE63TOfDOak0:RoG9KTIZ4EShC5Cfv9Uc7SuIrE63TOf+
Score

1^/10
behavioral25 behavioral26
- Target
  
  $_15_/Baidu/Baidu/plugin/extends/jietu/2.101.0.65/screensnapshot.exe
- Size
  
  846KB
- MD5
  
  0d6565a576325305206d93f153ad908a
- SHA1
  
  423c5f1bd4cd137dd78015bd8bfa038c04011878
- SHA256
  
  57ae5705db88a7bb6e8dd99c5d788b43d384b7759b6da206f292f71d81aece74
- SHA512
  
  947f5633e49f7f0a6cba97c8caf0de2d820613f1de20faf7ca295e0089b23ac663f74610d5395281d200b1a98623dbf72e552c2c7e7540dcc0b84c1cb6b36617
- SSDEEP
  
  12288:s8YZO9vzsHTfjnqJp0BJ1lJJgeUoMXay9a0DFsNXM77WSjKR1t0+zXZMOQqFTRjz:sDJ6eXMqy9aSsNOySjKRZeOQ02PE
Score

1^/10
behavioral27 behavioral28
- Target
  
  BDDocker.dll
- Size
  
  133KB
- MD5
  
  bac4430b877c7a7971f985a132cb7744
- SHA1
  
  8bdd4e5844d57638f9208e793dd33ff0825adff1
- SHA256
  
  c887bc567dd5c134389438ed65f9bc357458eef32195974d4c521ee051e21a3a
- SHA512
  
  012b60e1bd60b0ed846b05d8381a4f74b6b68fffbaab72c77a7d8ae29316148bbb59f5b6d3031ced1553c44530bcb09bb867fbe18f1a9965f75201e06fd56cdc
- SSDEEP
  
  1536:F+wpxI0iilTx2fv1JgGq22L3Ofe+Knum8FoqXmPZxRVHGBAHhY6hI32nK0E+MNn8:F+4xI/2TxK9vM3umwoFR6Gh0yK0Efnn8
Score

1^/10
behavioral29 behavioral30
- Target
  
  BDDocker.exe
- Size
  
  41KB
- MD5
  
  a6101f014755b9174d9d371ef00d5336
- SHA1
  
  9c12ec0682bc1d72f231322c579e507679703f40
- SHA256
  
  b32a9676d46340936d617744f147b6bd236b173143541f5185422e0d4d69eee1
- SHA512
  
  1ed8c9ecaacc196f8dd2c6f11aad5a1539546e3ca160cd93cb6e837cf78df9986ff3c7b5f19baf5f33c50dd60fc108d0a74ccb423bde48524f9161f83a874f74
- SSDEEP
  
  768:l6GD0S62D92lCOdcIkle6004ITnyx4COY2oqVhQmOg0UrH4AI4Cy:lL0I49Mz4IGwbVOtUT4ANR
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32