Overview

overview

7

Static

static

7

eac23a47c2...18.exe

windows7-x64

7

eac23a47c2...18.exe

windows10-2004-x64

7

$DESKTOP/�...��.lnk

windows7-x64

3

$DESKTOP/�...��.lnk

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...վ.lnk

windows7-x64

3

$SMPROGRAM...վ.lnk

windows10-2004-x64

3

155�...վ.lnk

windows7-x64

3

155�...վ.lnk

windows10-2004-x64

3

Bug3D.exe

windows7-x64

7

Bug3D.exe

windows10-2004-x64

7

Bugatron.exe

windows7-x64

7

Bugatron.exe

windows10-2004-x64

7

ReflexiveA...de.dll

windows7-x64

3

ReflexiveA...de.dll

windows10-2004-x64

3

devil.dll

windows7-x64

7

devil.dll

windows10-2004-x64

7

fmod.dll

windows7-x64

7

fmod.dll

windows10-2004-x64

7

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eac23a47c2443171481fb89842316f9b_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240919-g7y38svgkp

  • MD5

    eac23a47c2443171481fb89842316f9b

  • SHA1

    2c89716f57d8757ec6f9a9d0f495da50b3e430e3

  • SHA256

    124676fc010b9e810f78eca7ca312e134240d3c75e2b06faf778d89c4f1175b8

  • SHA512

    56f1f32209cfbb66a2e378d5210b5e89c50984a47c584b462c8c5acf699ba3a05a84496783d1277992d5c8ca5808d25cd4021eb1afa407ecc5d459bca08e05ee

  • SSDEEP

    98304:Pe73QGakC1L4IhYMJwF+ZmgGmaju5hDy3Qh/LWfD:PAFakC1L3wF+MgGb6G3QhCfD

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      eac23a47c2443171481fb89842316f9b_JaffaCakes118

    • Size

      4.3MB

    • MD5

      eac23a47c2443171481fb89842316f9b

    • SHA1

      2c89716f57d8757ec6f9a9d0f495da50b3e430e3

    • SHA256

      124676fc010b9e810f78eca7ca312e134240d3c75e2b06faf778d89c4f1175b8

    • SHA512

      56f1f32209cfbb66a2e378d5210b5e89c50984a47c584b462c8c5acf699ba3a05a84496783d1277992d5c8ca5808d25cd4021eb1afa407ecc5d459bca08e05ee

    • SSDEEP

      98304:Pe73QGakC1L4IhYMJwF+ZmgGmaju5hDy3Qh/LWfD:PAFakC1L3wF+MgGb6G3QhCfD

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $DESKTOP/ȫ.lnk

    • Size

      346B

    • MD5

      3e3799d9a26437746f9f9f5f9ac0c6e8

    • SHA1

      70bb530d53dfe59637dc6ad6da4bccaef869daf5

    • SHA256

      6d0c5589f63999a1cf80e4fd809b74096f49952aa43e648ae80cd0a5aa55f8af

    • SHA512

      3848f33a744182561b7b3b341e50caa3ddab1a5d54d9da8fcecb43490e389ada88629c8c53eea426128b513581b136afd1103c46b55718417dedeba8e4d6ae74

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/BrandingURL.dll

    • Size

      4KB

    • MD5

      71c46b663baa92ad941388d082af97e7

    • SHA1

      5a9fcce065366a526d75cc5ded9aade7cadd6421

    • SHA256

      bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

    • SHA512

      5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $SMPROGRAMS//155ɫվ.lnk

    • Size

      350B

    • MD5

      2eefc9c46f6597c7b8e425f8c2130e64

    • SHA1

      4dbcb7c15a8624c9054debd1261963a35ccf8d74

    • SHA256

      7756423e3de11499438968c53aeb575285995045b33832d601612512dc9e2424

    • SHA512

      2226a924ccebfa75d3e6927d64c58917e27b57ae2af3fc658126902f511c3ea3c4f362306a7eeb6073445d3de48b125453756121d1ed3e694b5e44a5fdc23efc

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      155ɫվ.lnk

    • Size

      350B

    • MD5

      2eefc9c46f6597c7b8e425f8c2130e64

    • SHA1

      4dbcb7c15a8624c9054debd1261963a35ccf8d74

    • SHA256

      7756423e3de11499438968c53aeb575285995045b33832d601612512dc9e2424

    • SHA512

      2226a924ccebfa75d3e6927d64c58917e27b57ae2af3fc658126902f511c3ea3c4f362306a7eeb6073445d3de48b125453756121d1ed3e694b5e44a5fdc23efc

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Bug3D.exe

    • Size

      300KB

    • MD5

      8fe43bfed9bdd5daf5466c0315fa3b0c

    • SHA1

      b5963654c71bdbf7a762e7c936162d23774dac7e

    • SHA256

      9434f682c9f0c985386ca2c3cfeed3fd525dfb82255026e7ce69d5cfcbcd5090

    • SHA512

      8c03691e179c371a300302b4ad032f39df0e8777f9e285f3a2db5e174c684e5953e3a0644fd503ff790a0374664b3b13a1322ff9f7421fbd64da2be006a62f0d

    • SSDEEP

      6144:wL+trxK/sngcmvDQQHFh1Kmyqhq39qMLFeXVBzqodabXDlNbvTUPfz:wL4Wsng/QQHPvq3sWFYqXr7vTq

    Score
    7/10
    bootkitdiscoverypersistenceupx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral13behavioral14

    • Target

      Bugatron.exe

    • Size

      24KB

    • MD5

      d64b7fe4f2baa9fa75237c165d7005a1

    • SHA1

      023c01b4b28bf4851854549dc2c2014e239c8db8

    • SHA256

      cf4ced81109492f03d0153ef77cf458ed635d0f835c69855478d3fda7f82e2cd

    • SHA512

      cf41322eda933d41e2d180d82d4564f9f2cb48dbde093b4485bb7ef737b3e570e749eb5d4b6e51925ccd8652eb9b125f11ef1031d53435f80002e724d2ff890a

    • SSDEEP

      384:RhxpUBEDWVzMa0HXgbml7eSHuvyyi2rhwo:UfJI8fyjIhwo

    Score
    7/10
    bootkitdiscoverypersistenceupx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral15behavioral16

    • Target

      ReflexiveArcade/ReflexiveArcade.dll

    • Size

      948KB

    • MD5

      5df9b87dff99847624727707a0e587c6

    • SHA1

      e5c557e21d94f7a74428d07c65608efc667e1ed0

    • SHA256

      839ec073f85eede6c7c54fb76cd219b059cf901762976bc8519cac1128fea669

    • SHA512

      976f37af9f464086fe90bb23a7cd5f61ab12f22b901e0cb21923a3f980a1f084d3861008bbfd8e8ff5ad1e513d0eaf560648bdce6456f6b57f3da78466350724

    • SSDEEP

      24576:abXC5u9nKIfaCMbWoWlk4HRR+i7sZ8CW5kpEJSbwgilJ+5t6riO8gnOpl4Cjs9t1:8VnKIfaCMbWoWlk4HRR+i7n5+5t+iOLh

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      devil.dll

    • Size

      263KB

    • MD5

      8df4d4324e5755f1a0567db3c5be4c58

    • SHA1

      313a23600a169adbe130b1ae1784d8de437ce7d9

    • SHA256

      9792df088f4301012bb024979aa9b10dc1c40a3e2e801bb47ff2741af5d6a066

    • SHA512

      934cfffccee0f51ba78c4374c79c64e2f3e9b379e722be85b30489ab3443e0cb0db25394f87a399a5d62b77a6355e5fab1d887b3fc20f4fe5c3ad63060aaa575

    • SSDEEP

      6144:G6Yr/mZNHrtJGD4BzmpAYYYuvmXQU6xCb:G6y/mHBJYwKpYYuvmXQhxCb

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      fmod.dll

    • Size

      134KB

    • MD5

      16f79e0a4e8d3835c463e547a7a9e69a

    • SHA1

      9e6b457b0ef3e8ac170bf7e99bead36f3c6da055

    • SHA256

      a952a243302a0fb1fbd6ecbb09703a2de76f343115b9408aa3d89c50b8d196d2

    • SHA512

      95e6c0daf3f6286a1494c927a0b0d52022af8a784cf80e129a93b07ef1697aea23c1846739e8017b5f60cdf21ee000b155b88349b0be936633479bdc933658d9

    • SSDEEP

      3072:G6i++wUNn6lbVrwnbPAwjKybmXk9qOCdt8aksGjNW:G6KwUN6lbVs1bmUmksGW

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      uninst.exe

    • Size

      69KB

    • MD5

      fdb65df0ca3d589b5adb3b1604d82399

    • SHA1

      512cc178a22f9e501eadfaf400bfce0143879241

    • SHA256

      4afcbbb1c076a0a7201bb24337a9ebe50c8cfb7aa3991584b6f3a34fc8da8c81

    • SHA512

      657f448202a7328610ff4018d3795dd3657858d82da65f9fe1c25ffd1dd8b477d52d1a0905d90fac01e5b9637fedf8a6bec77d47c1d955ca39713a765b273104

    • SSDEEP

      1536:AKNLH58uyYkDHKQXJoiNYRN6QcIwWdxAkMEE6y:A+8uyHOQXJoIqTnAkMPZ

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

bootkitdiscoverypersistenceupx
Score
7/10

behavioral14

bootkitdiscoverypersistenceupx
Score
7/10

behavioral15

bootkitdiscoverypersistenceupx
Score
7/10

behavioral16

bootkitdiscoverypersistenceupx
Score
7/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discoveryupx
Score
7/10

behavioral20

discoveryupx
Score
7/10

behavioral21

discoveryupx
Score
7/10

behavioral22

discoveryupx
Score
7/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10