c1a4448bea3bc8f763bb8a55ed0419e1564f117763db23a7cb1045a493883e49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4ddb19dc7ead1fed532f99122e8f46e_JaffaCakes118
Size

3.6MB
Sample

240908-vqrvgsxerk
MD5

d4ddb19dc7ead1fed532f99122e8f46e
SHA1

f4a94c8a21a8dea50ebe403d46f4cbaac79d3995
SHA256

c1a4448bea3bc8f763bb8a55ed0419e1564f117763db23a7cb1045a493883e49
SHA512

aa90bd045a563c957b94fe944028c93d2eaf57a9dc1818c68e049843b489ab5ab521e69a8c0aa69781530eb1e85d76bcbd1f9f8297568ef48565ea2d7f10764e
SSDEEP

98304:tWiMojyNcH4wYq5T19LlgQ5j5b7FPyFCC2/T9nZIt+ZW5mc0jPA:tWiMyyN2oq919ZgA53Yu/hnyt9mcyPA

Score

6^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  CJ_ZJJJS_BX2.1/DiskID32.dll
- Size
  
  36KB
- MD5
  
  b2412e104bf617f9910d2efaacfe0a88
- SHA1
  
  874002be1d073ea5db11e08bf29398d4ee5176e6
- SHA256
  
  e4d9fcc904c7c1a92e2cf78a77b71fd9a2f3495ebcb703becd0884dff5402034
- SHA512
  
  0d272f07ca83da4f38829abe0a9aa520fe645900b390f48789aa5a084961070f6936978578e2942eecc123df16e98a35943ade73201bdb80d3f38c38ad761b8c
- SSDEEP
  
  384:8qJzSVTj+mSJYZSFTA26vFUiTaZV5QXRmljQy9ccOiNu97+cXoUEKdHnvocH:OSmm6SFTLsxTan50sTNkloUE9
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  CJ_ZJJJS_BX2.1/ExamBible.exe
- Size
  
  1.4MB
- MD5
  
  f2514dca923340fc8d7684ec842d3fba
- SHA1
  
  0f6e27e37b7abb92947b4174332f8de635a3ab12
- SHA256
  
  238b1a66ed9966cf4a3d4af0f81d7daac7e98bc14836a4dad218e1a41d0ed276
- SHA512
  
  81d7e7d56f958e8c9898c8e64124009c07dc8747a05adfd467415cdf0387aaf20b0c8024f3dd90ab78b437d0b0f2e4fc59ed95dfbb874aae59c7ead9f45cb254
- SSDEEP
  
  24576:b1NVNQDGHmSupJURxLJsZ+Vh/sfZ05efWvG2uH3dIO+FoxY9h:pX6GzupJURxLJsS/mZ05gx2uHSO+FoK
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  CJ_ZJJJS_BX2.1/KSBAOSQL.dll
- Size
  
  368KB
- MD5
  
  58e6daed2b4cec977f39f47c1afa5b95
- SHA1
  
  6642249795f8e8a1c51f0a99092e14c3f316f41c
- SHA256
  
  762e5fd23a5add198da27dc9f9a70979a61b63a20f02fce2345140cc672bd97b
- SHA512
  
  ce09e8bbf805075ff716d56f8a2091faa98fe4a37483ef68562ead55dc094e19a18587fbd1d785252425cefe5004264fb6e5976fcafa8942c0606cb20de40bc9
- SSDEEP
  
  6144:ryCBtjPwPXfDtlJj4Klg/Un1K1xWee55DNUSBSIixAONoc7t1ZdwSxNdtU:ryEVmXfDjtvYgee5+IQAONhdwSxNdu
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  CJ_ZJJJS_BX2.1/MIDAS.DLL
- Size
  
  289KB
- MD5
  
  a82285dda6f4778e5504fdf463f263e8
- SHA1
  
  7d49097c362234e0bd991a8ab216733e98c70414
- SHA256
  
  0b0edf7067ecb7a9554ffe5743fb65ba6e25c6407c137cb3657f7b8dd046138e
- SHA512
  
  fcd6fa22906974ba0c87ae1dc8a04f29fa96cd8fd61d8d65029305c654dbbd67d553b0dca73bbaa816ca2bd36dec607d9a8f60f8c7aaae29fdac2a10f4fdd77f
- SSDEEP
  
  6144:BeIZ5FcoGNQM4+hmwRtheDV2dyYjD9hYkn95myuj:BeKcofM4kAEx2
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Menu.exe
- Size
  
  553KB
- MD5
  
  3f9c5d06f4f77ef012ee2e585ba0666e
- SHA1
  
  7b0b6f74013de2c1a39026aa3293ffe684cf9875
- SHA256
  
  cc87870236f45f30ba6054a58ebe4842771378213d6058d98feb30bc0609cae6
- SHA512
  
  52df75b9dee48c4d604e9070f4c1a55c1e8e19b2f25a8385137cb8bcceb8c82a37981b11d9d424c00c8755f75d811e93007db12e5c45de201a959bcf67a67521
- SSDEEP
  
  12288:WV+mzB+vAbdFWhYF6oLxGIMn1QDKNA2EkkKkapv6T:W8MdkaE4GIMn1QeNAykrapc
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Model/Main.html
- Size
  
  5KB
- MD5
  
  0455b04c7a961d89427b5781f55d22c4
- SHA1
  
  fc77d9e8ae3b60b59e143c9668675e1a56352df0
- SHA256
  
  535c0c16399b9a20c66505fd8d7c8031d89d9bc8334594d572cf6462a7ea0d27
- SHA512
  
  1b42384044869921891ec0b5f53f4eac1d611c6ea6b1ac5e9acd688b1cd6a576c00dd87a10d1d5f1deb894a76f34180b183e9dfd47395ebc7315da19fa49b9b3
- SSDEEP
  
  96:SI+sLYu1YxNA1txbPBwPBTx/hlFpkeilRAglA1BlZl6hrRbDRBrRSR1+S+d:SI+sLdmNA1txbPBwPpx/hlFpkeilRAgF
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Model/Test.html
- Size
  
  633B
- MD5
  
  7f58aa2f13c3f58af191750cb46eb973
- SHA1
  
  67865864a2179326ef012c32ae2564b007efbe9a
- SHA256
  
  bb5f22d7bf526ba23cf1a4b0fb432eb71880465b6d8e663ada2ba36cc1d2f556
- SHA512
  
  6296311e9c884ab3305d8b9eb8061d2b33b8b43f7fc40481adac515c76d13e8d4e238247c2aaf1e8c53c546b2d05fa235cdaa3d9fda7e42a6d6c7e545096be2b
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Model/TestInfo.html
- Size
  
  1KB
- MD5
  
  d413f04922bb597cec2fae641a7b7a4a
- SHA1
  
  0374d99698fd347e92a842ff4dae3845597a9ebd
- SHA256
  
  ab9d05c7b9e97e48c3c9dbcd4a278e192e9ea72f542af9ec8dc0a02108f696b8
- SHA512
  
  b5238d0ad42473bdf7b8a6488f994f61ebcd8477cc6a9d58bdfd67f77da143284232eec9b51299bb673a004050f22e2319d34142ac0189b6bb1b815f83086a9a
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Model/TestResult.html
- Size
  
  1015B
- MD5
  
  085686cefb624e3e69182cc7ed2069ac
- SHA1
  
  66873899aeedb5217a3f56bd3c8280ab1a2e7b2e
- SHA256
  
  9483b3872776422790e77c08bb323ac1004a03b051262abfeb70e5ae6369178c
- SHA512
  
  0b54e0b62066010b80a97579c3f533fb51096251cfc8f247a7393f49fa3d37555c181dd704ade36d9eadff60f69f6b3cb2d3a620125cc227e3e07898d0e66538
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  CJ_ZJJJS_BX2.1/Menu/TestImages.exe
- Size
  
  109KB
- MD5
  
  f214311f2617004d71a3362546aa7c7e
- SHA1
  
  64dc0047f684da6a0b612eed0a2be7dc6b20d974
- SHA256
  
  a977c5f6388e72655f04e083ea7ccd2d948f54c747da014a05566fa6bb228365
- SHA512
  
  42d8d5e14e85b0e17a1bacbd2a5d03eccf0144f2ee825c9c9165812b611b442fef32ef93fde0ebda9828793f3587dea31ef0506f3cb0338e2705e3fcf9000f33
- SSDEEP
  
  3072:5zNWMKKRZYchObK91C8sV6Xmoo4LEpYC8iJkZ8:5ZuuObR8sVImcyYC5Jy8
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  CJ_ZJJJS_BX2.1/Menu/Test_UserSetting.html
- Size
  
  9KB
- MD5
  
  d9127707f940df5c652f7fbdebb7eff4
- SHA1
  
  8bbc04f91037e3eeb4446097a98df794c693f99c
- SHA256
  
  da4d7786505169a97389cbb5ec88e4d1ecafd0e592d5eb29c57ae1a0069eeadc
- SHA512
  
  bcc68ffd78e924981bdd43ab4eac96a1d6107c239ed4957e37981edaf8256e41544667b80d2731b7bf01a8657a5e6c1159e2313506e9b3e8183ece9cd61b7176
- SSDEEP
  
  192:SIBYqJqrVrZcqHql6XzqjAqgqJVkooqdq2qJn5Sq/qhqFHggJqGq+1qBRKcqt:SIBYqJqJdcqHql6jqcqgqJVKqdq2qJnZ
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  CJ_ZJJJS_BX2.1/help.chm
- Size
  
  407KB
- MD5
  
  b0d75fb3ff0362294edfefa0534a4145
- SHA1
  
  037789e25ed9a4197e9d7676c1157254463c0cd0
- SHA256
  
  7b1f820ab36adc91f27b53bf86b3dde7151e2e0f4994b24fc19ebf48155e47b1
- SHA512
  
  c78d3c4ce5f40e463d6ce3a26f88fc3b125a300e7bf51667e6833f07d2c094450713737486484c9a027bc604c72c0b81e61d04d7f3f9575186fb9c5ffbcf1931
- SSDEEP
  
  12288:0okibQlPyDXjdZUvJVmXHqr7wc7E/xuJ0e/3mEShbs:0Qbe8jdGJV4m7w8x003JSy
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

behavioral3

bootkitdiscoverypersistence

behavioral4

bootkitdiscoverypersistence

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24