General

  • Target

    eec077a30374eacee088bd9619e65987_JaffaCakes118

  • Size

    664KB

  • Sample

    240921-a3c7msxanf

  • MD5

    eec077a30374eacee088bd9619e65987

  • SHA1

    000e097462dbf811b7918573595157b3d30c87c9

  • SHA256

    5b17e265a5fb13fbc666d40aa0b2d0a53dc6844b11670f0bb8fd15100d8f18ea

  • SHA512

    0f18a394f4cc3b5cd23511b1590f2e381293601378b48fda13284d4c2217b48b2f257e1425969e5a4a004222b3207d9666aa149f1db44ea194db5bd0fecc9d8c

  • SSDEEP

    12288:XjC/65/meS9kOdG9c/Jf/zwJ/yF3cDmbwSi3pvd0fc7DkMeJs3IzKvSD8MmVX:XjC/oUD0cJ/z+yF3cDmbw5vuYDkMeJLg

Malware Config

Targets

    • Target

      52zsoftdown/52zsoftdown_111886.exe

    • Size

      1.3MB

    • MD5

      db5a51efff6cf0f76abf7a19cef21cf3

    • SHA1

      63eb5376d71418911536bf4436d1a6a98b2f4b6c

    • SHA256

      0ee8a93b9d73ccada4260cade1319344d8f38dd43b4750983c2bcc9f9e64bea2

    • SHA512

      c090cdf811f64c3ebe63a74677cbb662dc0efa2aa2d5ee5315af355e57c19a8c47228c8c93516f2c775c2c3e0b47cda97e4e39667191320cc0bbd6ad74fb5819

    • SSDEEP

      24576:jxo3F/W8h5oxMkyn/RqHSi+Z3tY5g/rfleduvY//b3M:cF/XmM3trteE4D3M

    • Modifies firewall policy service

    • Modifies Windows Firewall

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      52zsoftdown/绿软基地.url

    • Size

      259B

    • MD5

      e803134068a09741b356ddd314c3eeb1

    • SHA1

      79278934b2e43048b6130c67303731e68e5548f9

    • SHA256

      cb1fe758826880c5ffe1e8f825ec96bb670fe13d9e3eee4654a01fe7e14a0291

    • SHA512

      fb00e95969518d9e79bd535f78e1bc369823d27b50ccf89b53fa3280dd3c2a533b05eb19203d37f5156652eed62fd922c8b8da7d4a96371f3d28e15005f888cc

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.