Overview

overview

7

Static

static

3

748f7baa7a...18.exe

windows7-x64

3

748f7baa7a...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

TheWorld.exe

windows7-x64

6

TheWorld.exe

windows10-2004-x64

6

UnInst.exe

windows7-x64

7

UnInst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    748f7baa7a435dc70986cfbff0a61d9e_JaffaCakes118

  • Size

    759KB

  • Sample

    240726-shs2gayeqb

  • MD5

    748f7baa7a435dc70986cfbff0a61d9e

  • SHA1

    d7a2196fdb08a89dd275f99e8d009fa3ccf15315

  • SHA256

    495dbdf0cb4a8f214bee7cd5c1c8b65a870ab2bc3707569e7cf310f1d5684dc2

  • SHA512

    4c0b0f6f3548376b2955f824d1f44dbf2863aa04096b4ea7199bdc9d4acb6c59ceceb0bf4c6fd33469b3a1c828739fd02cf74f0f393256c7ab57477b5bd560a7

  • SSDEEP

    12288:6inK0sSqKSUvJD/EL3TQBRmJhTLHP3yPodSAAu919QIwcy7+6/LMlQhfkvtvLhU4:Hj92JhTLviPAp1ZaT/XkvtvlO0qBet

Score
7/10
bootkitdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      748f7baa7a435dc70986cfbff0a61d9e_JaffaCakes118

    • Size

      759KB

    • MD5

      748f7baa7a435dc70986cfbff0a61d9e

    • SHA1

      d7a2196fdb08a89dd275f99e8d009fa3ccf15315

    • SHA256

      495dbdf0cb4a8f214bee7cd5c1c8b65a870ab2bc3707569e7cf310f1d5684dc2

    • SHA512

      4c0b0f6f3548376b2955f824d1f44dbf2863aa04096b4ea7199bdc9d4acb6c59ceceb0bf4c6fd33469b3a1c828739fd02cf74f0f393256c7ab57477b5bd560a7

    • SSDEEP

      12288:6inK0sSqKSUvJD/EL3TQBRmJhTLHP3yPodSAAu919QIwcy7+6/LMlQhfkvtvLhU4:Hj92JhTLviPAp1ZaT/XkvtvlO0qBet

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      eef9e469e8a30717974499f277d97e2a

    • SHA1

      2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    • SHA256

      1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    • SHA512

      d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    • SSDEEP

      192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      TheWorld.exe

    • Size

      1.4MB

    • MD5

      40f9c06c79d63c1fc2ef599d32604636

    • SHA1

      4b9ad1238d2cefd91d8b801b52dd1c0b7a23cf0a

    • SHA256

      4aa029942f58c324528573b61f786202928b7ffb7c8cf657a0a2025b04b92428

    • SHA512

      bae7fe44fefc0d65207f5ef3d5d84f5f222ca31bede7ed555291f8fd2864cb709538a8615288484ee111a9b7464e4e566ab3142de6738c1b868c92010b874380

    • SSDEEP

      24576:F4IUtnXfyZbURY4dSsqGKTOITcsqOIV+hfT7WcGn2/:SnwHTOITcMfT7WcGnA

    Score
    6/10
    bootkitdiscoveryevasionpersistencetrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      UnInst.exe

    • Size

      52KB

    • MD5

      25fd17e77906a64f745c970fabde13cf

    • SHA1

      f5a9d6015e54b058de5bc1660ecfbfaa9e7bfe92

    • SHA256

      d3245936f0a02f259123ad7ecfd12ac7da25417b4663b5d6054bb77433d60ebf

    • SHA512

      967cb0b77e9ed09b43c98c975355d73a6644a0c8f9c1f16a3de0f827748323fa52b73d22ba66a60fbeeddc1a59c21781ab8f2fd8b4ba2ab08d94776579ccca67

    • SSDEEP

      768:CmloVlpQE2MQGc6rDh84nSwN15G4DRF/O71mJBqc5UeP1mzOvmIS4/:3YpQtMDc6fnpumJUcrIzEDl/

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks