caff60a64e47bb705c360a3e6bc0323ea2eb597f8ae5ecdb82d7ad7878e1a063

Sharing

Copy URL

Twitter E-mail

General

Target

aabd99dea2d383edfbe99d475bee24b6_JaffaCakes118
Size

943KB
Sample

240819-m3x82azfqb
MD5

aabd99dea2d383edfbe99d475bee24b6
SHA1

0f705128319126678b9774a20617862cd17587c7
SHA256

caff60a64e47bb705c360a3e6bc0323ea2eb597f8ae5ecdb82d7ad7878e1a063
SHA512

6965b29db6ab65f2c3ea5938ef63aca76e02727e1c247cc1096a7dc68f31d956e3d66a65b34bb8130bfdd22c0cd0f9d4cf6a8c056cb85822697ca7f9cd20532c
SSDEEP

24576:Du1ITPL9moGE+5CtbzmZ/hsO+i62AZIa5mC:dsopzmZBL62AkC

Score

7^/10

Malware Config

Targets

- Target
  
  isocommander16040.exe
- Size
  
  972KB
- MD5
  
  d4fd1fd29b3f1dce68e4ff69dadcd008
- SHA1
  
  6f4b82bd28db06985ff115e3fa281d33a91abe2a
- SHA256
  
  851fa37f56d4df298bf95984249b4c1397723af2ac837a259c4bc3fdff62090c
- SHA512
  
  27f1c4686061d15189b62e646086d93c787d7d8555d0b2ac1ec54273c222bc0ee001df874a4bb3d72007ed48e6026edce2ec361b8d5b4bf66e10b4b20ef522f7
- SSDEEP
  
  24576:w7xZeFeIOTJhNrBKNRPHFMKT1486GhhYNw5fwTf:wFYFfOTfNrBKNRfFMKT1nDYNowD
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1e8f2fefe3ce893b117b26948b8978cb
- SHA1
  
  59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
- SHA256
  
  8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
- SHA512
  
  b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
- SSDEEP
  
  192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  5c6271fb9e292a5f970abc96e5b0182e
- SHA1
  
  95f9b6d87c142cb42882cb3ca38d1fd424ee5bc3
- SHA256
  
  0fd71473abf9bdb824772875c915ba4864af50666cb41782ea26db11f4ded7ae
- SHA512
  
  32ff24ede0d0ae99411e4780af0d9f774190cac5e965eca98a0003e772324f1d90ed9b27d2d4f700634aec29b906822f8c37640c840e8ed07adb35dafaf25a00
- SSDEEP
  
  96:HxLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsVQhEfP0:HxLjPk8OT30FFAaCP0
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/mutex.dll
- Size
  
  3KB
- MD5
  
  a5653410b21eb56404851de284aa8af0
- SHA1
  
  2e119d8eb73deabe04988310b1b01f31595c2c5c
- SHA256
  
  84d8802bfb9775161fd7ac63f2d863d8f85232c09035fbdbd65e1a3eec346e3d
- SHA512
  
  8b0d3978791a2e47653291d134b44093b382d8cbba40b51cbe02907543c0293766980027c9dcb1f317da2ad9577f1f6b792f3e9d59f291369f1db99d91ca1135
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  ISOComm.chm
- Size
  
  62KB
- MD5
  
  d83bfb8126631c5756c6d7a8364ffd73
- SHA1
  
  9b9b0bf757b9703b72c6ede42ec38553a6e5c4bb
- SHA256
  
  638317034da1642cdf8095c92de1c8fabb795bd469d129315909e6229d186586
- SHA512
  
  79953f288f82cfa3f6a87246e005666048ebb7b202660d14fa9e280b652bc0f13043877d7af9f37ac7ee285fe2e223dde05c93c0a04012ce2ab03db0d4ef7819
- SSDEEP
  
  1536:GBZc9AmNhA6z2VPGCtBJ0aOYW5HjmGYSw:qZVmNjg1BJgHSdSw
Score

1^/10
behavioral10 behavioral9
- Target
  
  ISOComm.exe
- Size
  
  722KB
- MD5
  
  58c17d401df9993a491da7c48c192a85
- SHA1
  
  4a538ef705f107e84971d7de27ccfe582d5ea1a3
- SHA256
  
  0f1e946734ca34dd44cc2f9b0d33e0d8b95d22ce6079a573618209a608e857af
- SHA512
  
  311a2e857c8847b685d13ed70580f5eae05ff8b0d83df885e2a33d81e3841901bd0643ac3a3de67ba2918bbf1443665a3f729733ec24c1ec3c368471e016a8a2
- SSDEEP
  
  12288:1JqlLioRHaIPNTkQPBiAuwHNBKHzwwO+iSc05MUwcpw2DC0XT4viUTU4R:1JqZikHd1gQpi8H/KTww5O05MUpLj4vB
Score

6^/10

bootkit discovery persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  RestoreSettings.bat
- Size
  
  168B
- MD5
  
  3982dda00a605f7e73d67e88bf6b0c71
- SHA1
  
  dd590a8d65ae93b946e4bac9bc34b6b50f9ad795
- SHA256
  
  349447b435c01548dce3de4f04fffb418423bb3f5a613d3bf80df54e89bbf9e8
- SHA512
  
  0adcbb11ad0378a89dd5c5c4c31654d8309f4a7d909c08fa52012689c8ec82e7a1cd9b0d5523a51bf9d9038369071f4dfbfc4fab1cc158e4ee33eb39d7ea357c
Score

1^/10
behavioral13 behavioral14
- Target
  
  SaveSettings.bat
- Size
  
  245B
- MD5
  
  d35598330c4cb2247fb654268dae86e2
- SHA1
  
  c6c94fce6312e262cecad5af6675f2aeb7e92488
- SHA256
  
  834a7f93f43b96f9fc37428fb0afae6c396ae7c96f8ee696dcc34446281d23c0
- SHA512
  
  9a56b014d0de4da0bda49ebb3dc882db4aeca8d2fd243524bd56fac23ccd514acbde79b84e1a60b7d4a5fb68355bb11c426acba8592effeb31795c3dfcadd80f
Score

1^/10
behavioral15 behavioral16
- Target
  
  uninst.exe
- Size
  
  63KB
- MD5
  
  04b05630cbeb360ef2352cff3eaf9321
- SHA1
  
  ce760c2084b454063e63364676f2294356a4ad9d
- SHA256
  
  792f483b88ce1e9b1b5362794801be528933a092314cdf5df199cfee1f8efc20
- SHA512
  
  a1144e1f499c63792df78c66c8bc28812b89b1ca464ee3cfa115d0c7552be16330b1d7bc11218029f66740a76e947ddc2e2b44cec85c60aa4b557871433b2897
- SSDEEP
  
  1536:cvnkCPZTSBL98kJLXBXQZXhAXu9dfZVvx6:cvkSZer8kJLRAZxpVk
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1e8f2fefe3ce893b117b26948b8978cb
- SHA1
  
  59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
- SHA256
  
  8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
- SHA512
  
  b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
- SSDEEP
  
  192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20