0bb06663236c1266071b5c95bd75e2bc3aff88694049bfabb4f05322ff106f32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82d279db93edb2c6fd8aff7ddecdbee1_JaffaCakes118
Size

2.8MB
Sample

240802-dny3casfpp
MD5

82d279db93edb2c6fd8aff7ddecdbee1
SHA1

aff8d011b0d324c4142382131e4b6c3220d7a1d9
SHA256

0bb06663236c1266071b5c95bd75e2bc3aff88694049bfabb4f05322ff106f32
SHA512

7d983c70aff879c28804a4f380febaca2a6db35c0a5c3c3daedcdd03a2756d468e786a00a0b8bda7d52e68453fb5b619521856daba7fd24310de32bce2bcaae8
SSDEEP

49152:ebFDvmO44f50ke3fC2mEAtXIlm5NlpYiID4ck27s4oxIXXEoqVP1KtxEn1x5:ebFDvmJGe3fC2ZAtXd5NlHy4W7fXUoqf

Score

7^/10

bootkit discovery persistence upx

Malware Config

Targets

- Target
  
  82d279db93edb2c6fd8aff7ddecdbee1_JaffaCakes118
- Size
  
  2.8MB
- MD5
  
  82d279db93edb2c6fd8aff7ddecdbee1
- SHA1
  
  aff8d011b0d324c4142382131e4b6c3220d7a1d9
- SHA256
  
  0bb06663236c1266071b5c95bd75e2bc3aff88694049bfabb4f05322ff106f32
- SHA512
  
  7d983c70aff879c28804a4f380febaca2a6db35c0a5c3c3daedcdd03a2756d468e786a00a0b8bda7d52e68453fb5b619521856daba7fd24310de32bce2bcaae8
- SSDEEP
  
  49152:ebFDvmO44f50ke3fC2mEAtXIlm5NlpYiID4ck27s4oxIXXEoqVP1KtxEn1x5:ebFDvmJGe3fC2ZAtXd5NlHy4W7fXUoqf
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eef9e469e8a30717974499f277d97e2a
- SHA1
  
  2d33c25984ebd9116beeb55cdde4c5c86c023e5d
- SHA256
  
  1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
- SHA512
  
  d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
- SSDEEP
  
  192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  bin/Patch_engine.dll.exe
- Size
  
  47KB
- MD5
  
  1b80511940bdc6590ebe50d856c6b846
- SHA1
  
  54fa315fc7dc497c4e060faa137ef926590b4068
- SHA256
  
  857cefb55dc57a720e16a7f1119934253e2b77d132f53e8725549be3d6d7a8ee
- SHA512
  
  058eb38b8f16d2d0a2a88f85b1f0843a9642eb31e307dce12f7f3d78a5cf21b977e2f44a3c4edfd17c39e4b0474effbdbd02a347c00cd931cf30838f84f25360
- SSDEEP
  
  768:73bijQsRJCBO5iQqS1vNe4IUMNGwk10eUeMeUeceUeseUeze0CiBssQ9lBYw/1mt:72935c6k1U8GXfXPX/Xa0CiBsFCw/0lj
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  bin/Steam.dll
- Size
  
  414KB
- MD5
  
  270580201888767c8322451989bf2be8
- SHA1
  
  552e97202fab15632d5925ece3c9f5bc972dca68
- SHA256
  
  9cb46562c55a7f7028741c281cd95e7f7e52c50e9c95c8082ce4ef0a36a5894e
- SHA512
  
  1a55e4f4ed25e0a6e05a27ce2565e43defcf6226091e9b41cc7d871079eaae38e628778473e1c5a1b7d58e7cdc22290488488bbc8aeb9aaae948c9a7d1e769af
- SSDEEP
  
  12288:JTVgAkITiRU4UaWP+n7UMkc89d4tIdQj4My9bkNkP1BPOv+TNxJygjkvi:JjN4UaWP+7Lkc89dFdQj4rpkNUJFTLZ
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  bin/Steam_tf2.dll
- Size
  
  2.8MB
- MD5
  
  8efb07e4e360de5442111e0755d3f803
- SHA1
  
  02ebb3d77d87ab25efbca5af27054ebb5eb39840
- SHA256
  
  7178b762652b1378af51b71f54b20b0a62172b180c71cc308283b62cbe34817c
- SHA512
  
  c405bf5c3ab7381c921ec93c74500330cbada2a0a648a9fe117b853fafb228120dc1a7a3b3fcfaac050a79e392040d84390e306ff91657a9d1fc54eb3074ab0f
- SSDEEP
  
  49152:x6vreu2YIH1vHdrgJOpZ57pI4hWceGokThhDDgwD:wvyuUvqOpZ57pIfk3
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  bin/steamclient.dll
- Size
  
  503KB
- MD5
  
  5090acfd494cf0a5b5e7071e7552671d
- SHA1
  
  28c123203860e5bd34d30808ee95a8114c2adedd
- SHA256
  
  0f06d3e0051c18aa5eb7d3912681600af1fc9dfc5f03ca9fa073cce494abf13f
- SHA512
  
  8a9e3f973b7d435374ff8b951b69f43bbc4e44c95d1211fcc95501734aaa5072ca22b5cede86975eb811d79a79ec577547e00e485d5078d2cc1a95942d267603
- SSDEEP
  
  12288:1Rhlbwwe6lLoj/SnhMPgTrio/tsTCkb2mNQUu6VHoSmo7PeaTrJ3b4n83L25uuCv:qny54UaIJ0xgaItoL3JUxkX2AVKy
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  bin/steamclient_tf2.dll
- Size
  
  3.4MB
- MD5
  
  6a5737b294ea79e710c358123da4ee6a
- SHA1
  
  fc531658eefa32243f99acd484307b0c096fe6a4
- SHA256
  
  39f3cac39d1dd6bd9f83c8fe25f4021e221251280682c41b5340ce0b64c68c21
- SHA512
  
  cd3e6fbe4132699a19396d809d70580a2d1465341359b08cb3cc813bbce3dadd82bc8feb7e31cbb09d4aaff11547f3f982e8da3d313285504b6f72e8a9541d9d
- SSDEEP
  
  98304:hnZHblMbfxZYmxrqAwwYQ8GQDm9o4LaSsCTxI:hnZHUfx5xrbw7GQDm9o4LaSsCTy
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  tf/addons/Name_Enabler.dll
- Size
  
  76KB
- MD5
  
  d3af94915c4b2bb45e523af763882d5c
- SHA1
  
  0bab91d0e5af8e45ce32a181817e80eb9800e70a
- SHA256
  
  548686b76cc9a7f302b35772ab30869215f2ce5522a4ca0ae9f14f54c74c6e4d
- SHA512
  
  f7f0738f5cd48db6b43abedfc99f9e3319907ad4c80632f12d7e5dc24bf293b3161d12a90dfb13beae72aa8bd291294ff825bc2fbbe3cbc6f60be0a301631608
- SSDEEP
  
  1536:jWXLuqkAMrI4dOTJ/MdgTdYGb6AwemBNm5iJsVEpCd/gjG4GSr1J:yXkAMrTCh9dYGb6A1mzPeiMd/4GSr1J
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  tf/bin/Patch_client.dll.exe
- Size
  
  46KB
- MD5
  
  a56babeb455695b5b60d794911b01336
- SHA1
  
  376a4bdc04183010c437ff57497fe329461791f8
- SHA256
  
  71b1837768d855ea8b565cd11c086832b9113333659d8b9d0e602a3b6495a946
- SHA512
  
  1f44226409b84be31d3055bdad7ba7f07d372ff6363caa7ebbb1cbe9b898b4ca2f605eeb424c86c1078bd2ff463820345bf50fed8b8b48199d17b2b5809c102a
- SSDEEP
  
  768:X3bijQsRJCBO5iQqS1vNe4IUMNGwk10eUeMeUeceUeseUeze0CiBssQ9lBYt/1mL:X2935c6k1U8GXfXPX/Xa0CiBsFCt/0lh
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  tf2.exe
- Size
  
  278KB
- MD5
  
  5fb9b39cdc37129e031fae6e6c281eb2
- SHA1
  
  4bbf881f8e1f5fd24f64e87afa3989188d9e8e84
- SHA256
  
  73e565150ce7ae12b6d7bd4fa6146c1feafac6f0e4c8c025e00db984537c4bc8
- SHA512
  
  5f156ba868a41840f7183d069d05b41914930ad5de3a6bdb6657539935e04525b00345af69b426f4bb2e8ea9f0cefacd5477a94be5acb6fa59d3ea061c46bbb3
- SSDEEP
  
  3072:P7cWbQout+8rei+T87ZiLIh7yRO9LyOGOecs8WYRbSgF3L97S:PFsoS+8S+i27yRW0WtxR
Score

7^/10

discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

bootkitdiscoverypersistence

behavioral8

bootkitdiscoverypersistence

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20