Overview

overview

7

Static

static

3

dd67d90133...18.exe

windows7-x64

3

dd67d90133...18.exe

windows10-2004-x64

3

$PROGRAM_F...rX.dll

windows7-x64

7

$PROGRAM_F...rX.dll

windows10-2004-x64

7

$PROGRAM_F...ce.exe

windows7-x64

3

$PROGRAM_F...ce.exe

windows10-2004-x64

3

$PROGRAM_F...er.exe

windows7-x64

3

$PROGRAM_F...er.exe

windows10-2004-x64

3

$PROGRAM_F...rc.dll

windows7-x64

3

$PROGRAM_F...rc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd67d90133abdba6309610d38d38884e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240913-btcp7awgkk

  • MD5

    dd67d90133abdba6309610d38d38884e

  • SHA1

    4513f28130a4aa40025bd55caadd4072dc1c298d

  • SHA256

    172f2e6f91fa2a7eea94ee7466c943c11e122e7f07f521c0d7d7ef81426b27ad

  • SHA512

    8105486b4b5583d724d2cf22e2e1bd201dd132e15f5bd45ee590878aecc68158fdae54d6e3ab30c511d7dfa661b779d897f49d3a04d9c449d9a2844eb76a1d78

  • SSDEEP

    24576:miOlrqFE7jtRy3xkvAHc87iyb/RfPqwchVAXhgq1kcG+iBdHFE:miiljUQpyjRfiWgq1rJipE

Score
7/10
adwarebootkitdiscoverypersistencestealer

Malware Config

Targets

    • Target

      dd67d90133abdba6309610d38d38884e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      dd67d90133abdba6309610d38d38884e

    • SHA1

      4513f28130a4aa40025bd55caadd4072dc1c298d

    • SHA256

      172f2e6f91fa2a7eea94ee7466c943c11e122e7f07f521c0d7d7ef81426b27ad

    • SHA512

      8105486b4b5583d724d2cf22e2e1bd201dd132e15f5bd45ee590878aecc68158fdae54d6e3ab30c511d7dfa661b779d897f49d3a04d9c449d9a2844eb76a1d78

    • SSDEEP

      24576:miOlrqFE7jtRy3xkvAHc87iyb/RfPqwchVAXhgq1kcG+iBdHFE:miiljUQpyjRfiWgq1rJipE

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll

    • Size

      2.6MB

    • MD5

      c773c26f0dfa4c974db1efd41b367128

    • SHA1

      72f1212126e2b6fcdfd4a43d0bae2fb1b9125f5a

    • SHA256

      4417b9c014b80d12fcd13458f60998d54a7e48fab023e422bad65a61ef845db2

    • SHA512

      b75aa5a1999b954299eb498b91c3783c28478d07ae8621272ad41592af1ec2290d492c4f62dea98a7957fbd57a4a5bd870cb895ffbbbb2859b57f3640663bd22

    • SSDEEP

      49152:rqTrHR6Z6pZh0NkfUp/zNhQJGTipMoDz8CmIy3a6+asKrzN:ruHIZ6j9fU5DQJZpMR2Q

    Score
    7/10
    adwarebootkitdiscoverypersistencestealer

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduService.exe

    • Size

      155KB

    • MD5

      678c2e1ae69a08550833b153c482c2ea

    • SHA1

      9ccc51709e63f9bca6b6270e907ed14a6e98e39b

    • SHA256

      1e9d3704e3e791c7d0ff1067f01fd005d5627c0c6de441521e6e97b1052671f1

    • SHA512

      24537083b4911c8e41e44288c09523a4d4e5fd66f354aae2b08b504a02c296ec1f0fa5ac60cddc4bfaa2bcc662bff9909661c3f9d84edc2cdafc842fcdcf5f64

    • SSDEEP

      3072:SHdh+7csdSNg+L5IR2snGgCabN2bsMHAzAaJz9XdEVX:S9h+fkHhIJ2oLEVX

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe

    • Size

      155KB

    • MD5

      7617c5d69b62502cc85e35a3770855f0

    • SHA1

      350745f73cc400ab0d3eae6451f8f6c936bb7674

    • SHA256

      075a57076a3aa703770416bce4156f013fdf8ac0e200cffdb445ae01005ab6ec

    • SHA512

      0b84e43e8c264645317bd0393aeba6b7cf0b59587505fb4ec8fbb1a648859efff62f797e75313161700a9987ccb8973141e51481659dd778df02e55113791ec6

    • SSDEEP

      3072:ev/7gT7QOI/wevUyPCsej9gB933vXetaP0Kwwwwwkkk8ko7GP27oD:msT7QOa/hRKKnF8GPRD

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll

    • Size

      279KB

    • MD5

      f4ec5f1b9256a956837df7aa00946c64

    • SHA1

      bf608b7f723c59ac88afb45c414ee49b17249963

    • SHA256

      482bb1c37efee9d72416e990810eb6941b6fc122d02d13d2153996da845321af

    • SHA512

      c47e20afad2a46adf468e7711cd6c9d5b8356303df56df8daa9da94ba45702ddb1392dc7e647813247fc0498c931e0e7c4d0a2eb01e35580ec30ed336a0c5296

    • SSDEEP

      3072:BRQ8Ubo1lOJPaiZbgQ9D6L2xIiWOWfJe7Tqu4Fg7vexpFRcZ+WHtYU:BRQpSlmPaC9D6yuNXg7vexpFzU

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks