d5747c8e8c82c82f3dbcd8ef656c5b6485d54b6598849ccd503e94955ab90450

Sharing

Copy URL

Twitter E-mail

General

Target

d21bb981dc95cdb2b00c6a2840f00205_JaffaCakes118
Size

2.6MB
Sample

240907-rebscaxfnk
MD5

d21bb981dc95cdb2b00c6a2840f00205
SHA1

8374dde3b6f497ece8b97da7abdd0370cdec17a3
SHA256

d5747c8e8c82c82f3dbcd8ef656c5b6485d54b6598849ccd503e94955ab90450
SHA512

24d2f7ce23bd03e5f55269e56572ad3b8a1ec7d9b569c2c7575d03e4036b19395bc92d151d5f4fc4284e8c02e3dcff24185102f04fdd7dabf5b8c9364fa5ff5a
SSDEEP

49152:iUmBjvPogBwpIdL7hIT5ZZZRoey7ZqpiKANeMNr0CBO/A7a4OFy6IJHV2YmTug3:f0vP5BwpIN+FR0gGNeMR05/By6sVxmTj

Score

7^/10

Malware Config

Targets

- Target
  
  AspSWeb.exe
- Size
  
  688KB
- MD5
  
  3b12a13eedbe6e6816f3cb62baf8751a
- SHA1
  
  d02c4b830efa1cbce5ec39f71a2290a4d9ccb7e9
- SHA256
  
  e6a580c6ed95ffb1a29f4a862370db60ea2295d75e3100b987196361f403d187
- SHA512
  
  071220c5c2d6d05fb79ae96a48069a18a698d983adef7f588ce7672dc16a380f1e180ba167d1c66bef76f5dc770bab3f66244d87f41d944252f69be919350cec
- SSDEEP
  
  12288:7/JFZqYMOaQ0q9nV/zsnK23KHVI6nodVdyMLiqyVcxwtVxgpMiuzOT6:7BFZqhOBnVyK23C6OoYMLiVcKtVx4Mij
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  _content/_Sort/AspCms_SortFun.asp
- Size
  
  19KB
- MD5
  
  894476d90f5f21473b1ce0c3ea98b0c1
- SHA1
  
  4ce141373229931b414bc7aae2642c27b02247de
- SHA256
  
  6d821ece4fcefa282f263fc5c41b79189af01c0c2c9d000613afac87f584df15
- SHA512
  
  d1559e7d1b070d75dc24b692360233427a7c584041dc8a7e4af8b4eb79acf9cf63be9b74eb6d2c87a2ae5ba3ae3a22d2121c342410b3fe80c41a61f9e761cf57
- SSDEEP
  
  192:MUZQ9Hpx4tMQBQtHbnHtmRoFQSMmCkfgKTGaEjTQBo9ZjT/UOtMxTEohmjpY9yi4:EBTQBsnYSFz3K9TnTYxTKpulY
Score

1^/10
behavioral3 behavioral4
- Target
  
  _content/_Spec/AspCms_Spec.asp
- Size
  
  2KB
- MD5
  
  ad1e0510b9d533b5a93d9b0e32e22b11
- SHA1
  
  ffc75d167be8082813b9cb21064a7e374609fd68
- SHA256
  
  fd240992a8edba32bbfecdbc047be74d68430183e9a7870678787b7b37c80d5c
- SHA512
  
  2556c725688c473aacc6ab967e9ec0d61fe5c7b0ed9890ba539401a965fe4f89aa52eabb274da45b137b83bc742c65fb6ac879a4828fade7e580435dd21623d4
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  _content/_Spec/AspCms_SpecFun.asp
- Size
  
  3KB
- MD5
  
  bd22c22bd26ceebe3cd41972ff63a627
- SHA1
  
  f2dbb8948bec3ed2b288957c91f88e7f54608b4b
- SHA256
  
  e36d5a3f7d979ee698727598251dec44099848335b6ca4819644cef2f523882c
- SHA512
  
  15ffb71bd9fbe94457ffce30c6329fa8b91fdaa065b1b6bf8431e8a2c7e7e70128eb96ab513dc921b8a27392a5627dd914c9eb9a515e3e6a0c3fc8405cc733b1
Score

1^/10
behavioral7 behavioral8
- Target
  
  _expand/_statistics/AspCms_Statistics.asp
- Size
  
  2KB
- MD5
  
  b5b49ed78c7c1509043f3a20ba174e1b
- SHA1
  
  41254063fd779b98d3499187a07db10bbb8e55ee
- SHA256
  
  aacf13bdac65f608c8a63ff47e2f5306b0030ace42c48545b79ca17c17ef8de2
- SHA512
  
  b802a5eac8239d8aeec9f9ab630b2af7557e09cf4ab982f46cd3e2fb6c00e9c36ddeb552abea9da4a50bab9d37038b87050c3b6c82fe36c10c692e22ecfa5243
Score

1^/10
behavioral10 behavioral9
- Target
  
  about/index.asp
- Size
  
  572B
- MD5
  
  ec37f45349e8c07a5b77c9ca8ab7a8b5
- SHA1
  
  6a7a5b0e7d1eb8dbdb1cb8faf99e4e1ad2118563
- SHA256
  
  ae68d1a804ac2f4bd88f64fe17587730f6e95f7eb4d06036bf8ed6eedf6a5a84
- SHA512
  
  3188d1b3b5130ad18fffc45f8b6802783a87106bfda4891e86dff33b96a1a4a87c7d59716f4b0cbf1fe87cb9b5329f0824a3d971a25aebff2d7aa8abd1fe6fa9
Score

3^/10
behavioral11 behavioral12
- Target
  
  about/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral13 behavioral14
- Target
  
  admin/_adv/AspCms_AdvAdd.asp
- Size
  
  5KB
- MD5
  
  6475b14154092fa0ad4f96736b0a9ba5
- SHA1
  
  a56517d198f8f2f72e9542d13777e65b0eca4fbf
- SHA256
  
  e84cfd193c62a92b561bb7a714ae6f4d1422578bc4545f3dd9b015ca3dd86c57
- SHA512
  
  9f726e8d8bc8c01cb799eced6b0ad66f04f3129d17566a46ac1c069d49cbe31af281b73f0dfcff4128ca0d2dec79c98f9ceb756b000c6cdda8298ece5fc05d43
- SSDEEP
  
  96:F2VtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2m0WFICMMIuJVdMdcsXrTb:AVjGyBnyrly1yfynQy2y1yWyBysyrly9
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  admin/_adv/AspCms_AdvEdit.asp
- Size
  
  5KB
- MD5
  
  9f80370c065d5b1007d581573995fa46
- SHA1
  
  41e5f445f50c52ea6808b3320050fb2e028150b5
- SHA256
  
  2829d1c87fe7628b21511c518c533c03a1a41354b7202a6b0b2642e95f42e61a
- SHA512
  
  fed246e6e0ad17f0ef6579476d20686863f8f4e2583d53ed7c8fe1a65d6204072ddbc9318f051ca1759fb3722fe331a51bd675f83ead2860b8c92426b4f3c57a
- SSDEEP
  
  96:ZVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mgWFHDMbuLSBM3ygXMddcY:ZVjGyBnyrly1yfynQy2y1yWyBysyrlyZ
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  admin/_adv/AspCms_AdvEditDL.asp
- Size
  
  5KB
- MD5
  
  a87e86eabff617816fe14dc6704ed3db
- SHA1
  
  b8531381a03b3ed967d4ffde99161e3b5cb57900
- SHA256
  
  dc2100802004a392b4c25d3e389826b6411a39e436d855271d76a462ef3c0504
- SHA512
  
  498b176315890e3848895f8202f33ebbd276f6e26bf7542374b58f35f16c00ba85978751e29747627c9ebba31d3f56708c6fc70e659d37fe9a7bcdea3badddde
- SSDEEP
  
  96:CVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mKW1PQQMJfl1/gOzDsWL6p:CVjGyBnyrly1yfynQy2y1yWyBysyrlyk
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  admin/_adv/AspCms_AdvEditPF.asp
- Size
  
  4KB
- MD5
  
  7920fa0490efe8d64360a1a1337ecfcd
- SHA1
  
  a2e75e3f4f4cc635dfd97dd465d73538ce594b4b
- SHA256
  
  ffab8f1a925e64b7db80cbec9e9ba3a15f04350bbcfd7c51ea4d24afca1b4805
- SHA512
  
  bdbb09d645654023ed479d1203d04c10eb542bc004fb26b61bf02265990d2310ae08d773948537e270c6f743042206fda391ac1117be3016ef758ae19fe43985
- SSDEEP
  
  96:NVtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2mhW1B7MgIfl1/gOzDsuL6G:NVjGyBnyrly1yfynQy2y1yWyBysyrlyY
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  admin/_adv/AspCms_AdvEditTC.asp
- Size
  
  4KB
- MD5
  
  376fd27590db1190c9fce13455e3bdc1
- SHA1
  
  e216e9e075ef655b27f3733e22b31beb16f03393
- SHA256
  
  c476fa1bb7456875d3f980dbcacf6aa2ca884e902f15ee083c7146b2b188acda
- SHA512
  
  80febd4510415d05dc4101cfd58aab02d8e664fa17ed97182359a05ad18f95a3f2d8bcc5197f8879e645769be466776e5dd33dc97b0740096eca7c99c84f625b
- SSDEEP
  
  96:4VtN+97yBnyrly1yfynQy2y1yWyBysyrly1yMynQy2m+We9fl1/gOzDtq/mASAh+:4VjGyBnyrly1yfynQy2y1yWyBysyrlyp
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  admin/_adv/AspCms_AdvFun.asp
- Size
  
  9KB
- MD5
  
  13d8da3d84ff6d89c3c4303c14d286aa
- SHA1
  
  06c30f0f5a6be5e4650bea7912309d8b72ebd685
- SHA256
  
  997ad194f0de972d94181fc0b109e4748884a31f66a450e54d1428d5f0e94a35
- SHA512
  
  746507f50684c361a5b3d8d28a0fbff318addf1154cb195fce18c1d790a3f05ff94532dedb77496daf9a7344e7577549e7f9c8d36a4b2f9529d2b7d0df4588f6
- SSDEEP
  
  192:LJma08cvZ9t9XPcuqGkagmcLABtvft3sWy98rDWE+REpKpLO6B5Eft3pTqQfFFh8:LgaOt9XkNGDy6ft3Ry9xE+HxHbEft38Z
Score

1^/10
behavioral25 behavioral26
- Target
  
  admin/_adv/AspCms_AdvList.asp
- Size
  
  2KB
- MD5
  
  0de7e08a5f799336c37b4a9a67d8c3eb
- SHA1
  
  fb0a0e3dd4e520471d3351789d949a0bd2016a33
- SHA256
  
  daeb46ed7321631b6a7c2e5b9050ace291cbbb34fcfbbd5606ea868d70b14e53
- SHA512
  
  960449ca711d07fae47014b8479cf4dfa65783cd9785ae72418a24e8254f4cdc1475d4c97a1ff807b90070b57b903b195e29d5fe1c4f1806a042e80fc8ba102f
Score

3^/10
behavioral27 behavioral28
- Target
  
  admin/_content/_About/AspCms_About.asp
- Size
  
  1KB
- MD5
  
  71253852300445555bf064506c63e98c
- SHA1
  
  aaafab302843625371508cbfa0b6bcaa3c6c6b8e
- SHA256
  
  53c47f88468b258d46e631c44bccf5c5b0e60dc34103dce180b30188726b5443
- SHA512
  
  f9cd33e366adc4ae3debc0703af8770e1108565ea44656a076d402ee68a20da57e2576316ff2c09d248f2ebec7361a988cf0414aa8040baca1a05f4c30dc50e8
Score

3^/10
behavioral29 behavioral30
- Target
  
  admin/_content/_About/AspCms_AboutEdit.asp
- Size
  
  3KB
- MD5
  
  6f7c3e7906a6a2611f804dd3b46348ed
- SHA1
  
  4cff70b93a1d719e9045ea1f9971f254cdeeb7f0
- SHA256
  
  9fe09fb841c5da99b209579b2a25836c3b863f7124d0a4484ed6be3e6916a7a7
- SHA512
  
  5003e5b8cd09995ffc263f2c9fa5eb1afeacd347a879f238cc04d9874467b28176fc3da87410b689a642c3211611d06bf3388bab4166f8b95f51315574dac857
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32