Overview

overview

7

Static

static

7

7491872e08...18.exe

windows7-x64

7

7491872e08...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

ExterminateIt.exe

windows7-x64

7

ExterminateIt.exe

windows10-2004-x64

7

Exterminat...st.exe

windows7-x64

7

Exterminat...st.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7491872e08046367050464ee9b5d3439_JaffaCakes118

  • Size

    3.5MB

  • Sample

    240726-sj53esyfme

  • MD5

    7491872e08046367050464ee9b5d3439

  • SHA1

    30c4466a93c9458d2dd1a3de9c85f559a0ac3956

  • SHA256

    e74c8594e673e3d3b3d954a38b25fe5e0b5601d5009d3937d096b993984b909c

  • SHA512

    9e361214613cbcffd0429d6e5c1cc6c34b605dd0e61cca7b8e4af9918250e2f24682741436fd0153cb8ec742eb8264844474b5e643a1c538c25e34b31afe9a74

  • SSDEEP

    98304:lLoZr3tqbf7nioY5lr5kpo22ep4HYcVi4p:lLa3tcfbioa5H27Xqvp

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      7491872e08046367050464ee9b5d3439_JaffaCakes118

    • Size

      3.5MB

    • MD5

      7491872e08046367050464ee9b5d3439

    • SHA1

      30c4466a93c9458d2dd1a3de9c85f559a0ac3956

    • SHA256

      e74c8594e673e3d3b3d954a38b25fe5e0b5601d5009d3937d096b993984b909c

    • SHA512

      9e361214613cbcffd0429d6e5c1cc6c34b605dd0e61cca7b8e4af9918250e2f24682741436fd0153cb8ec742eb8264844474b5e643a1c538c25e34b31afe9a74

    • SSDEEP

      98304:lLoZr3tqbf7nioY5lr5kpo22ep4HYcVi4p:lLa3tcfbioa5H27Xqvp

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      06bef96b91bfa75b7f7817341a6cd597

    • SHA1

      48a40368fc339ccea1dfda06d2e02bca7d7265c1

    • SHA256

      2ca5590c85cc31285b83bbe569755d909d91b559db2d6ce3bca2fcc075225364

    • SHA512

      5364d0944b4be215fb5d8bb8398e965ff6fa3190a962dd6c491984482321756017f89c2242d77ebcce6666c31fe54a956f2eb3a03a95d64121a1db462ad20a0d

    • SSDEEP

      192:Q6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTtK72dwF7dBdcQOz:Q6JaVh4I5rpPbTt+BdhO

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      ExterminateIt.exe

    • Size

      1.7MB

    • MD5

      6719af26c7484be8db8ea2b321cd794a

    • SHA1

      44f00c403289811a7d7b39441514a8061e9bfcd5

    • SHA256

      7beb887aa824df26127af3e5d25d4cb63fc96694fa1be6fb984227e25e2d7f84

    • SHA512

      144d21582b033a881965abfdf22874c5af1c9b787e07aa97628b87ea0e0c7597be17db0d3c25866c454afc0b28b689244dbb1604a82a889c197dd252e0a3c143

    • SSDEEP

      49152:QNI+Mj8oVFOVtp3m5RzOef3FPxrjZVTvO:keDo3m5Rnf1PN3G

    Score
    7/10
    bootkitdiscoverypersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      ExterminateIt_Uninst.exe

    • Size

      50KB

    • MD5

      568df88a35a767543c6c2a64e1b45ea8

    • SHA1

      7ff23b68d9dd64156b7ac1cf501890a9be6ba62d

    • SHA256

      68a1e3ae724ae0a652abb6be3cd00ad8b01786cd28b6296f8019302ebb5b3425

    • SHA512

      3cfc96fc60ef413ed9c30086d287490efa2100f6bec777588ce548093e811d58050f903eb3c173f607758fced62f6796056f419471c62d15582a393bcf011626

    • SSDEEP

      1536:QYTmwVUsW7dtJMHy0DxmJziRWmO4775Ye:TS17XJiDxmJEOA75Ye

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      06bef96b91bfa75b7f7817341a6cd597

    • SHA1

      48a40368fc339ccea1dfda06d2e02bca7d7265c1

    • SHA256

      2ca5590c85cc31285b83bbe569755d909d91b559db2d6ce3bca2fcc075225364

    • SHA512

      5364d0944b4be215fb5d8bb8398e965ff6fa3190a962dd6c491984482321756017f89c2242d77ebcce6666c31fe54a956f2eb3a03a95d64121a1db462ad20a0d

    • SSDEEP

      192:Q6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTtK72dwF7dBdcQOz:Q6JaVh4I5rpPbTt+BdhO

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks