1b1fdfdd3eb5b6fb1597944eb0325ff9bc692ba3c2d7eaa8dfe34c4093ba78bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d024b1a864534608ac4a4b08775cac93_JaffaCakes118
Size

2.9MB
Sample

240906-wmzxcszgqm
MD5

d024b1a864534608ac4a4b08775cac93
SHA1

68ee27c2560d2250f322723269538a6eb0590f10
SHA256

1b1fdfdd3eb5b6fb1597944eb0325ff9bc692ba3c2d7eaa8dfe34c4093ba78bb
SHA512

ebc3a374d42d4ecfe34c1ad03c9bcd8dc322b4ae73da3859c044492aa63f0a3f5c2f4b1a3d6a3523496e0340e0bab45c5b820269ee5334157f89a38e5f8f42d5
SSDEEP

49152:TTl7ZHD8HaUQv3LLX4+xtKeOs25QIKTkki5oEP6QPKDQYb3ZkrU6QKwZBD:99nomMsCEGriQiXCrUkwZBD

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  冒险岛强强/MD5查询.exe
- Size
  
  28KB
- MD5
  
  68ad88cf233ee3e050357df03742600a
- SHA1
  
  c609a0a7b5950b7b6210176c72fbb58405c4721a
- SHA256
  
  fd9aa4ca79033a4c8481a8ff9e32c6493dcc66e023605c3c509e7d485c57005c
- SHA512
  
  9919d28f58ec577871164612c00334675b7a31c7b80bc3a044316e0aa6962c0513d1ab4b9b96fd116932331708d655d22830633a0367bf70dc5aac5e54decaba
- SSDEEP
  
  384:ZHSq3bc4ivsSLzwG27W6k2TzFtwX7ryFsoqN1XA8E3wH4MZd9R41PJxCi+e:VSq3bc4ivsMwUBLrZncBxCY
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  冒险岛强强/QQPro.dll
- Size
  
  624KB
- MD5
  
  3f22e559726aa0bec0c38401274f6c5c
- SHA1
  
  bb688e98d3afa0c1d62b93c0a622803961f05ab7
- SHA256
  
  4088c3c5fe9b718047ec75269e92e57b5d6e4faa0366b884910ecdf1473cfcf4
- SHA512
  
  e8ebf6b556fcf97f58a1aaf6f0d8e43044fda99833fa2dee8e1c136ed633805cc1a3a00ab105cd8534811832e93117b835a39d8440b145326ecd5443a43e9751
- SSDEEP
  
  12288:dEpD45YyyHt/OGUsvtoerFIr5MFBuLB8DY9aak/+xI2SlfvQ9jpgx4r:+aUt/OGvlpIr5MoSY98/DlfI9+mr
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  冒险岛强强/冒险岛地图_766冒险岛专区.url
- Size
  
  196B
- MD5
  
  646fd9ba5977ad674dcf51a655f0173b
- SHA1
  
  81d9dc71d8707298784bd9cdd203f46193f66456
- SHA256
  
  c92cb39c7d698305e185084711ae4e4f0180efeb99e1816dfe1c7d105f1a3ffd
- SHA512
  
  11484b48597683ca6c64bfb75af1eba731c11666f136aa62c49b48e870786fb31f233153d72182fba9d3e3f54e2efb2f8fe76b55955727fda02aa10a10952046
Score

1^/10
behavioral5 behavioral6
- Target
  
  冒险岛强强/冒险岛强强101228.exe
- Size
  
  1.5MB
- MD5
  
  4dd74c3e68afbd5938d11252e6bf4cb2
- SHA1
  
  7786944b71228c978044cdd4710d5fa3790de567
- SHA256
  
  c0a13cda69554b335cc7c88f248cabf985e00c061a3dff4dd16c8de182b78535
- SHA512
  
  390a8646f4c2a59c8be38d00d37f8ec867a12be36ba6ccc4c9e97d5f29310bcf464946471bc4d486a14523daf6ccebec808f942f6d40760010dc9aad54d5e542
- SSDEEP
  
  24576:Qo8fXyjlGTnbwFynSpIz8/JXgboU7DogtCltKOIo7c1WfFl4EzIq6YgVMrPIfmf2:QffkAASSpIzUX/U7DfClcOIo7c1Wfn4v
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

bootkitdiscoverypersistence

behavioral8

bootkitdiscoverypersistence