General
-
Target
eec077a30374eacee088bd9619e65987_JaffaCakes118
-
Size
664KB
-
Sample
240921-a3c7msxanf
-
MD5
eec077a30374eacee088bd9619e65987
-
SHA1
000e097462dbf811b7918573595157b3d30c87c9
-
SHA256
5b17e265a5fb13fbc666d40aa0b2d0a53dc6844b11670f0bb8fd15100d8f18ea
-
SHA512
0f18a394f4cc3b5cd23511b1590f2e381293601378b48fda13284d4c2217b48b2f257e1425969e5a4a004222b3207d9666aa149f1db44ea194db5bd0fecc9d8c
-
SSDEEP
12288:XjC/65/meS9kOdG9c/Jf/zwJ/yF3cDmbwSi3pvd0fc7DkMeJs3IzKvSD8MmVX:XjC/oUD0cJ/z+yF3cDmbw5vuYDkMeJLg
Static task
static1
Behavioral task
behavioral1
Sample
52zsoftdown/52zsoftdown_111886.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
52zsoftdown/52zsoftdown_111886.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
52zsoftdown/绿软基地.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
52zsoftdown/绿软基地.url
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
52zsoftdown/52zsoftdown_111886.exe
-
Size
1.3MB
-
MD5
db5a51efff6cf0f76abf7a19cef21cf3
-
SHA1
63eb5376d71418911536bf4436d1a6a98b2f4b6c
-
SHA256
0ee8a93b9d73ccada4260cade1319344d8f38dd43b4750983c2bcc9f9e64bea2
-
SHA512
c090cdf811f64c3ebe63a74677cbb662dc0efa2aa2d5ee5315af355e57c19a8c47228c8c93516f2c775c2c3e0b47cda97e4e39667191320cc0bbd6ad74fb5819
-
SSDEEP
24576:jxo3F/W8h5oxMkyn/RqHSi+Z3tY5g/rfleduvY//b3M:cF/XmM3trteE4D3M
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
52zsoftdown/绿软基地.url
-
Size
259B
-
MD5
e803134068a09741b356ddd314c3eeb1
-
SHA1
79278934b2e43048b6130c67303731e68e5548f9
-
SHA256
cb1fe758826880c5ffe1e8f825ec96bb670fe13d9e3eee4654a01fe7e14a0291
-
SHA512
fb00e95969518d9e79bd535f78e1bc369823d27b50ccf89b53fa3280dd3c2a533b05eb19203d37f5156652eed62fd922c8b8da7d4a96371f3d28e15005f888cc
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
2Modify Registry
1Pre-OS Boot
1Bootkit
1