strela | ad515ec278d0e97347b6a527d1c3baf3d1d96ace5a7a724dd93de2fc3b9e6ee7

Sharing

Copy URL

Twitter E-mail

General

Target

eae3424e1df0a620c27913077106d1f0_JaffaCakes118
Size

34.3MB
Sample

240919-jqlspaxhlh
MD5

eae3424e1df0a620c27913077106d1f0
SHA1

9de4b609d8295c632b672caedb88c9fc6ee0ec08
SHA256

ad515ec278d0e97347b6a527d1c3baf3d1d96ace5a7a724dd93de2fc3b9e6ee7
SHA512

18ddd9107516bac217cc7a429ced0b01fe370173a9a6adca895c25275aa8dcae6b60c616e785db2159affdd1a5e00a33aac6223cdd5080588ab7b1c8bcce3533
SSDEEP

786432:1KuznJ/p8sjDi6mWcQTmbq2SsOP5uAgCcMyszWMA4q10WIE10:1vzJlq2czu2nKLVtnq10WQ

Score

10^/10

Malware Config

Targets

- Target
  
  eae3424e1df0a620c27913077106d1f0_JaffaCakes118
- Size
  
  34.3MB
- MD5
  
  eae3424e1df0a620c27913077106d1f0
- SHA1
  
  9de4b609d8295c632b672caedb88c9fc6ee0ec08
- SHA256
  
  ad515ec278d0e97347b6a527d1c3baf3d1d96ace5a7a724dd93de2fc3b9e6ee7
- SHA512
  
  18ddd9107516bac217cc7a429ced0b01fe370173a9a6adca895c25275aa8dcae6b60c616e785db2159affdd1a5e00a33aac6223cdd5080588ab7b1c8bcce3533
- SSDEEP
  
  786432:1KuznJ/p8sjDi6mWcQTmbq2SsOP5uAgCcMyszWMA4q10WIE10:1vzJlq2czu2nKLVtnq10WQ
Score

7^/10

bootkit discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Src/Protocol.dll
- Size
  
  668KB
- MD5
  
  a438e303cf31126c5d6b882aeded21a8
- SHA1
  
  eebe92a2e07ec209e6c366899938d2f7677e9977
- SHA256
  
  7c301b9c44cae3a53a4f939a391ae36e79e29f9216fc903665b4551426cecd90
- SHA512
  
  ddc47c35d7b662e939d471e07f5f45e979abd4df14b334c5c12f229f7d185bb9925693d9dd71e36c97eef02c92f961775f5d7cd605b36af9e6a5c9d83af3964b
- SSDEEP
  
  12288:dmaGqDdZHrLgjYSrXJ2YSIAkL2dFHZluIqNqSayOUpJyOwC+ATO3se:Y9qDdV3YWKNoSrHpJTNhTcse
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Src/Report.dll
- Size
  
  316KB
- MD5
  
  98a2b4d094fa825e601b1f68752d4ac5
- SHA1
  
  0197c18e2443b53add35870df81a0123acbaa0cd
- SHA256
  
  3347ab083d69d9d4bf6c8e6816c56a1eb694b581721965ebd44d240fe956e164
- SHA512
  
  47ef8d5ee9273a41169ec522245869f6d9d90b840d56d88e68bd693b4d1b4243b005cede1a5f9420ff1a5240f7de8ba7a5b915b846af9e1c57a0d4eaa584d53d
- SSDEEP
  
  6144:1Hmqik5oLytEct4Cz7UWi9F5ZqDvdVfb/f:pmqik5dtEc6Ccz5EDvPfbX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  19KB
- MD5
  
  35d7b29c3ed690a8b0cd323917677b42
- SHA1
  
  ad74d2babe09f94838e408c8f9f77b6b56c644f5
- SHA256
  
  714bd22a836a7f164b848541b8bf8ac80a20ff38e10e412bf9ef518620a80b8c
- SHA512
  
  abc6f37b7306de737adf998607e81304ecc1589ac8e3164651b237def11b424a190e84608f4f6ce44a63ce225d93be7c617a736c82fb6b9077c5222c2e17b67d
- SSDEEP
  
  384:4JoiO8V2upW7vQjS//nYPLQa6jvjeMN+:4JzO8V2uovQjoym
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/chkm.dll
- Size
  
  74KB
- MD5
  
  3b8308f1dba641b49a642fa6d92f3451
- SHA1
  
  a11164e08bd9c594b6d608c51a2428a4c6b555a2
- SHA256
  
  2061a94b4d34a77f935f95a3741f917c91b27d0e1585c2ee2f8e00806b671db7
- SHA512
  
  dc089fc2bb43ccfcca8748013636e8d249cd91e1b08b30358d00df0decaec5782d2af85274e7b70784d4e58c934dfe5112fdcb4006de2a5dbe9c76dae9ed1f81
- SSDEEP
  
  768:9elCeN9djBHTUURm58yTOM30Hz6pW+QLqr69p4R1t8iKkEL:9elD9djBYqyTOS0T6UBLNWt8iC
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/insthelper.dll
- Size
  
  774KB
- MD5
  
  8bcd300c69b67e78b09cf07aecfa14fb
- SHA1
  
  d92bdb71d8b8477a3f0838360191aecc459a3c09
- SHA256
  
  d62d59db60544bd44db6d710f3b6d48608bee022d908dc46d16885e79dd1ca0d
- SHA512
  
  393667c3423ed6defeca5c7c51c3244106ebb737398b34822a38edf9fa68cead72016a77c29d4f47d0c5c784c6339e8080d3b35eb17d325658a951c464951cf4
- SSDEEP
  
  24576:Hur3XYYvDFTBs8N2x0y7J07fGYQ0gD8H9V2SM+5byEziR1BRWptMYabpeB:jp8JQPIFz41BR3bbpeB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/reportsetup.dll
- Size
  
  309KB
- MD5
  
  52c3b9ac0484ece3b524a9526272f88e
- SHA1
  
  c07268de6a13290acbf58ec5ef75e2468533d791
- SHA256
  
  210876c0ff70ffaa88a05f9ef794a96136549f4168e940e256fb4ac85b0fff71
- SHA512
  
  da7710404e5630509eeaf9e318e2a4a2d9c4f269aee6cdce5d2a8f128094e7c92940312fda9913f5c44dce5159b59159f40137ddb2e7975e450f30c6a7b24f47
- SSDEEP
  
  6144:9TTPaNT41SBzliGz6WXKzoOCEIMzjKTBR2Z4kgg6D/Uuc:NrmT4uxiGz6WazojEfnKT/2Z4nD/Uuc
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $R0/$R0/BaiduPinyinWin10Setup.exe
- Size
  
  226KB
- MD5
  
  9707b6ee14be876babbd9298d488e68a
- SHA1
  
  794e1ee2a2e75f86762d63952f169874584b87fe
- SHA256
  
  ab4ef02af724cce31e288a84c5847badd08c238eea6ad4fc79371c7c8be07cb9
- SHA512
  
  0602791993f606be04a642846b7f71c0d2f238f585215667f1cf3db3b66d2aa863aabc71d45c6f4dab6efa1bcf19ebd88c1612e7252bb742648fc144607775d9
- SSDEEP
  
  3072:44nI1jpEk5Qz/7VWJTUM6dqXd5/prGvvXKF9CSCv+FNZaqLqjYMV0uku48F8gr:4qI16k5+xWTZ//prGvvXq9xayukulr
Score

1^/10
behavioral15 behavioral16
- Target
  
  $_24_/PersonalCenter/$_25_/index.html
- Size
  
  9KB
- MD5
  
  3ae3cc4b0ae61cb1f76d7c5be021c9ca
- SHA1
  
  ed0c9bf634226dd7ea197c223f8a42767a0ba965
- SHA256
  
  47b3d9f77c16d3087806a31a07cd4503827adb71297269861dc5e67f74207659
- SHA512
  
  5fea3f8a26ecb97bed4c9db32969e6d78e86c6da7b7d98475861a26217df9a32d5c2fff335b2456893ffdf036d85b80daf6295cc277e046177dfb9737bc16058
- SSDEEP
  
  48:0WpzaQhMnrHKPiwM5xkQMOFThKBdIzQhbwvbaJtVvVi0wLF0YlALNM+5mhYUV17j:fUrHZD/FTKxbaOSbLFP4zNJ7CEm8T/C
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $_24_/PersonalCenter/$_25_/js/achievement.js
- Size
  
  5KB
- MD5
  
  59af35f3f7021712b8bf3591e0231874
- SHA1
  
  36a65249a0fbc9eea243db2168c1eff3599964ba
- SHA256
  
  fab571286fcfd1c076b54040b6823301638d5dcdf08fc379ea6632bc97406daf
- SHA512
  
  e3d1cd30b28d30218853d2bdfb433c6ed55adac2bb9fcf47c1a5deb31d3cdbc96d2d9f46055d9e6a61702e23a13cb5ed1f7df96e41b983ba1576943e015cf347
- SSDEEP
  
  48:CxFc8hEJN0We/s91IU2Ze2MNpfN2ABwSImxr5wUJumcxgexe1DL9Iy1PMdh3rozE:Cxg36ZQ9e96MG9FMdb
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  $_24_/PersonalCenter/$_25_/js/common.js
- Size
  
  34KB
- MD5
  
  643df7af49c094ad64d15a21d2562814
- SHA1
  
  89ada5d72ef8d72e4e3b6860e4b2d1279537316c
- SHA256
  
  fae546d7d9c85aa8ef803564e594a33609c54066a642313dff37f7b81ac16578
- SHA512
  
  4d31db7c4ff87b13c1b0cb95df75c41ce5f7fd97dcb13a9c3ad92845a95dcf003a106520919d39b7c16973cc476df9ae6078ebe9bb10d10b0c2ab8fefe63c45a
- SSDEEP
  
  768:JK6DoGKxaiDMpk1YVE/cPXh4i9ejGqSxwb:JKyoGKxa0MpkSVE+Xhdej08
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  $_24_/PersonalCenter/$_25_/js/config.js
- Size
  
  7KB
- MD5
  
  3e09da843341da463d13a24beac5c550
- SHA1
  
  b31cfedc9e7faa53c2a0b2659410313851869664
- SHA256
  
  df77e726865a485beb4b3bededeb6a0c64f8900b3dd0d2135e8dcd5d0f199d43
- SHA512
  
  480bda924f57ee37c7ba36e25a1f5eba347c629ccdc2e14ea1ff96d2225a1b736bc30b559c80b5dd503732e01b755a87cd08230423f07532b50e666faebcf4a3
- SSDEEP
  
  192:0QqkwiXD2dm/uhqBZj+UCUrLldEmtxU02sgIbLnu7t:07k/Ds4SQrLrTLKsi7t
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $_24_/PersonalCenter/$_25_/js/tangram.js
- Size
  
  1KB
- MD5
  
  c06c852e7640cd9d08141949853726ec
- SHA1
  
  6f48d7722df7a4268bab8b172d273441609f1b6f
- SHA256
  
  89916f61df38986873dc4c6e562011b35169d9fe0432ceae5a80d405d3310da2
- SHA512
  
  62277d14d1d8bf26e75c2a13426755e280f818fa8d9b185a353c96100b2f95796bd839b07a411dd45e76c0a8b43f469b89f89cb28e6d6dba9507024b6b723a14
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  BDBugReport.exe
- Size
  
  364KB
- MD5
  
  7eb76813480fb29e40720d2c0e7d5e25
- SHA1
  
  82b8b748382fe4be999a3fe2b4f12ccadfd35cba
- SHA256
  
  db05ad643a42d3c146f84e49796db419193e03d84291fde8cb4e5dd833071899
- SHA512
  
  de8bb7f0ccc4861e140c39e539908e45f4354b79976aeac2e1b937cc7a8cc112d8ec99c10a71586ef36083c94026a11478c4f77216e335b8c857b35fecfbc829
- SSDEEP
  
  6144:ElgPNLM7flY2bc7CrJsbxTs7Y6zjoyzHUcx3cjTBqEywSEGYBoIpQ:PlM79xc7097Y6zcQrx3cjTsERxBoIpQ
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  BDBugReportx64.exe
- Size
  
  244KB
- MD5
  
  575d7d14b7b1bec7b636b0dc3f04dc94
- SHA1
  
  a7587536112c990fbdf7c37bfadf9cf42995b195
- SHA256
  
  54be9c8057c6736b188398cdb51faa406223667f52b06e2b06f1430a6052ffef
- SHA512
  
  58518521ea75412e6bc6aed8282d7f87f4fbd7a331c7ef8326d7962f9c0a691cf69b6a3a6f0f65c2c4d7cb063e6eb4ad3d0b372fac753012c5d5d9d1b72d63f4
- SSDEEP
  
  6144:1dpgIn1Em9TQa7ThngtgEeNNGz5JbK4PK:XpgIn1lVQaC5Jbc
Score

1^/10
behavioral29 behavioral30
- Target
  
  BDDownloadExe.exe
- Size
  
  367KB
- MD5
  
  b5e16bd1f7edaa0d56c9e2ce65f35516
- SHA1
  
  ca4b7fc4c77680b8ce4b1bdbb2b231beb06c98e2
- SHA256
  
  91702ae34d17e643983accc23f937c0956d5d5e07b26871e025de4a6da85b696
- SHA512
  
  ec0fdc8d2a8b1f93a2282c0af139dddc637533758e65d6e2b052a8e20c8a031d3d4133e04c1c082981035a35afa552b219ac0503f43181c4d399f95581e91b29
- SSDEEP
  
  6144:HJwx+zTO02TvEUSzi1G6/InjNx9LtEmCR1/gxKrpU1QUTivq:HJwx+zTBtzi18xzBEmCRixBivq
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral31 behavioral32