Overview

overview

8

Static

static

3

使用说明.url

windows7-x64

1

使用说明.url

windows10-2004-x64

1

极速软�...��.url

windows7-x64

1

极速软�...��.url

windows10-2004-x64

1

植物大�....1.exe

windows7-x64

8

植物大�....1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdfd108860a4d866822a5e58e2dc87a0_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240824-ga7dcawame

  • MD5

    bdfd108860a4d866822a5e58e2dc87a0

  • SHA1

    761c21a6fbd9d7ef0f6fe0bea01a78bb6a8f6548

  • SHA256

    160c41f415fcb8555aac797572f4ba5b3dc9008ccb6b12f8b6c8ad44c7916c5d

  • SHA512

    137ecade2acaf4fa85987c7fa26b2da9cf9e947d03041a922839f53063f218a5abfafa6fb012d825dd7ee633172847bba97e04e5d00e0b5b855dfaa2e06da551

  • SSDEEP

    49152:CpiKxxgWORIt3mlINEMzriPGQkpITxvKLc:jKxqvs3mlzM/2GQk6Tgw

Score
8/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      使用说明.url

    • Size

      126B

    • MD5

      59b9685cba5d2ac1b35f7eee4a17fa33

    • SHA1

      68530715b329fedf68518267634094c35d51a9e9

    • SHA256

      46df9d8dad577577f3da4a6eefeb531616614f62fee20e9de3adbb088d0bfed7

    • SHA512

      a7f8b6b5bf1978a95195f79bcf1acdb027a737edd70a338adef8a095703cf11c4370fd86c861e802db7d7bb751aee0aee1d58149d62044802ef987c4149719e0

    Score
    1/10
    behavioral1behavioral2

    • Target

      极速软件下载.url

    • Size

      331B

    • MD5

      48195bcd2fcc73d4ed844ff646587232

    • SHA1

      0fc74b362d3dcdb639cd86a01e7c4e3c2c0fecc6

    • SHA256

      49c1ace06a959cf0600de6526917ad47efa7a69860c6372226e295ae451c10f8

    • SHA512

      28a341d90b11526a8ca30ac1221eb08f57ae00a9c7fab17043f390009ce8f0e4fb4b05040269aeffd6276d8fdf114cbec697997875d33dbc9776220aea490d0b

    Score
    1/10
    behavioral3behavioral4

    • Target

      植物大战僵尸公用作弊器 V1.1.exe

    • Size

      2.4MB

    • MD5

      10c2aee3167709b53df2a2e9c2a1a952

    • SHA1

      c93c2876a75eeb4c35c3ed0632c4a76d1204010c

    • SHA256

      c8161947ea0ade01704e7bc722be2cc4b670e0e248ede3b8695e433c0ee6c88f

    • SHA512

      59144341909cfb3302ae19bbb8a4947b3aa6c0d5d41728e46b7414576413c1c518c3f3c1acd399739e7dae920f8db0a0da3939f99d3a26dc21686e87dfb82fdf

    • SSDEEP

      49152:b21+V5sms9sIsL444JdRBE36F7LYXijZbNrk0rkA:G+Hls+IsPURqKF1ZJI0IA

    Score
    8/10
    bootkitdiscoverypersistenceupx

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks