0f565bf52579836b340a00c7ef37f00efff533ce171facf0babfa9fdff66afe5 | Triage

Sharing

General

Target

a4d62b14227d8781112645fb98f3228d_JaffaCakes118
Size

683KB
Sample

240818-bref1axena
MD5

a4d62b14227d8781112645fb98f3228d
SHA1

f808985fe2e44703b818777363cb409aa682e61a
SHA256

0f565bf52579836b340a00c7ef37f00efff533ce171facf0babfa9fdff66afe5
SHA512

55aa7ebd04c691a688057ed6e29bdf2678e99a8b2f24ef0d1fb35b9eca0a87b7aaa6a69302aa18d4586d123a61c6338d60a5cfb7a7eb87aec12f0608366625fe
SSDEEP

12288:wT2x/2LT4X4sSFykAyNup4zNBzDJFunsEApXsBe7tVKjMjUbCKRqR:wT+/2H4XYtfgsBzDJp7pXKat4jMjOCKe

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  DVD2one.v2.1.1.exe
- Size
  
  595KB
- MD5
  
  f690befce38150f7b4102d1332f03e13
- SHA1
  
  e42e9f7212dcf8524fc61ba63789206088733b41
- SHA256
  
  296ad073ef836d930bd6a407e764995f4cedeb0b6e11cc3420bcadfd48e2af6a
- SHA512
  
  b42aefe2185b1fddbfc598c8667aff5160e7419edd041dba4a64f133bb2e61641d5a01469e93cb3b1d457a3487ba4a528d7226a0cccb6b292d17a10519118d5d
- SSDEEP
  
  12288:M7j9QriJQT4Tzy/ngDoh0S0tSOCvraa9xFvhJDSEqoEX:M7jZQET2/gD00iOCvmajJhkX
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  dvd2one2.exe
- Size
  
  526KB
- MD5
  
  bbb49e8ad82a14df938ea84bce5c48db
- SHA1
  
  00ba51bbe3a0b24081073aaeb924166767417eaf
- SHA256
  
  711e9ea405a7f59eccee123cf32386768f50acf09d4d583076b436c37c688c72
- SHA512
  
  364e3f3fb3224a1328669502663a86a3589e9d4052989a6382f6e8255e942f98f9a23e001dbd79af2e29bb5362f390659e834725b46549a112e948cab26f82dd
- SSDEEP
  
  12288:LADtQxIF6Agxagg+jJf3TAzFuf0CW6b7MP+Dd226t5:+QxO6A9GjJ0G0S7MP+h2v5
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  uninst.exe
- Size
  
  47KB
- MD5
  
  6c1e26bde497cd43fe27b7bcda11b798
- SHA1
  
  f9eb03085cffc784dcf45ddd290c28e73d79821a
- SHA256
  
  e72ed3f9eb49a098b9cf265b599f2e40501d187e29f273746e0be5908cf15a75
- SHA512
  
  b14badb64275fe66cb2f289e3c1719fa20df5b9acf47e2e9400da4df40abf1c320a5e90c85fb8d907c838a6198741386e23be7ce0a806f40fe405d3a76666001
- SSDEEP
  
  768:COfG1pI8jtZnVoxB8BFj9vAkRBfG1Hisq5C1jeHtLE8J3+eJRn5Am6kRRJ2iZ3il:aXZrnVo8BFj9/TyH4C98JuqAELVigmFV
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  KeyGen.exe
- Size
  
  107KB
- MD5
  
  ad6e0c1aa3b5da1f7566f8318d12f615
- SHA1
  
  bba808547bdc609f2d8b07d9ae6a068f8b978bd2
- SHA256
  
  554f9c35fb9422e3d2acb5642d1e3d03230ca313281fcfdeedb7b4c9c236a6a5
- SHA512
  
  c10b43cda0625c1de18d337f32fae028e3aca2646dee18b53e445307d7b6ba2654ad1cb957ce518d8e655b5f8366426d5454a3eecb86c15edb154cca33bf18f1
- SSDEEP
  
  1536:FJ8q77VNICjl0hAVO0oWlf/GsgoIAWticHmqgkoLTY1EpiCR0gXjfw54Qb2KmbQk:FJ8pel8AEAIRiUN+TY3CRrzfzAm8fBa
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  安装说明.url
- Size
  
  261B
- MD5
  
  af534adca72cbb40fcaba6adcf4aa0b3
- SHA1
  
  486f64259c45baf815004b6ffc65301e82aecdee
- SHA256
  
  1bbc2bfe53979f537c179995a1d1b5030db3ad6f2e46b258421506a3fb0fc296
- SHA512
  
  21d4b21c0d228498275640b397e8adfcb92dca4996cb59b035eeea523c5fd0594b0c8bc66d557265343bf6e7cb35350790fcac323db841c0cd4fea6da38b70b1
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitdiscoverypersistence

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12