2eb54f154dccd84c47ce239be465807d65c72a4d839d6d237d448a1ed96a6c45 | Triage

Sharing

General

Target

ea104fd50683994650e672697cd166de_JaffaCakes118
Size

1.1MB
Sample

240918-142vhawaqc
MD5

ea104fd50683994650e672697cd166de
SHA1

90d98bbf6883efaf02ef21870fa8f2dd30caf473
SHA256

2eb54f154dccd84c47ce239be465807d65c72a4d839d6d237d448a1ed96a6c45
SHA512

e92c364426be42e1b514ced3d93a6d6feb51e52034db1f72319c11a82bbe569f08dfd75aad8e49c5a652475ac39beeaad0fcf832caf765e58502186b5225f086
SSDEEP

24576:SWoAPt5kfJFSNpy0qq13nTJHgUQGTco1yFJM5ouhJqBHJwAZdh:SvAPt5kfJFa13TExFm5oyJqBHJwqj

Score

7^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  QQ牧场一键收获助手/QQ牧场一键收获助手.exe
- Size
  
  1.2MB
- MD5
  
  6cd65b3de6017d8921e2b35945226317
- SHA1
  
  a7aded8ad581b0d9211aa5f00ed0ae4da8627c18
- SHA256
  
  4b1b2b36367674edaf6f3e240d9ec554205ef92441fcdeeb65d4c2c709edd769
- SHA512
  
  1c84f54bbc1fd430ca0807b0a721cb7ca6411dd2bf93983b2b653395d9a8373b30d44fcbf0ce78a5e97160d4f095b7eaa23dad2dc0574b9a8d3bf05d755624d5
- SSDEEP
  
  24576:CyXQi3re6QuM1uGS1q6QSab9bGt/GM0CUQWjg7kWYKyTwfDG7fCgJmoIy7ha:1gw6sTGPnSq9ber0C3xYzTiDGPmoIWha
Score

7^/10

bootkit discovery persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  QQ牧场一键收获助手/牛牛社区 - www.nn47.com.url
- Size
  
  170B
- MD5
  
  61ac4d95ea564f2cd430c685ea566fa9
- SHA1
  
  68552cf9227fc0db8503edc9f72db6f0b46bdff2
- SHA256
  
  d1484786472999de2fd2de48d46f51a8db9677d73cd353305b34a51f29b581df
- SHA512
  
  d1d975b277eaeb7141d2ab735567eac22e2f248a8680d353212f48ed9dba1e0c5713b2596dbf8b47044975a3a2f67b3e5e6915baa42183d64444e5d65a1d4385
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

behavioral3

behavioral4