3eabc69c185cd59d526f982c64ddea5f36a71a0f9c918c3b455e2b8db737645e

Sharing

Copy URL

Twitter E-mail

General

Target

ef38165ffe16952ca8d1226ce890934f_JaffaCakes118
Size

3.1MB
Sample

240921-g2pydayekq
MD5

ef38165ffe16952ca8d1226ce890934f
SHA1

80024f99b602bf5c74db8dc94c3c3c43fb0a9ed5
SHA256

3eabc69c185cd59d526f982c64ddea5f36a71a0f9c918c3b455e2b8db737645e
SHA512

d5f7354f12f083aeb15d779b71e052c8860dd2ffa3ccd6e1ee118ee1365ced819939ddb4220a6813ea1962e5087f5f95976936753409484fec77aae9d63eb0a2
SSDEEP

98304:a6tvy2LkCY0GPh+P7bHGVRcvJoEmn5X7Cf1:a8KfeGlVX7g

Score

7^/10

Malware Config

Targets

- Target
  
  EAC拔苗成长指引 v3.58/EAC拔苗成长指引 3.58.CHM
- Size
  
  2.3MB
- MD5
  
  530acc2b3f53877adae5d6fe0be29565
- SHA1
  
  b909f66cccec10b88aafe6869dd22ffbec58e6f4
- SHA256
  
  9c44d9f363519809c7eb1ffa19aa9eb2d6f38352748b6defca9b220e8ba75a9e
- SHA512
  
  4add316bb4646954458ef2df56fedd96fa50c071e73bbece3fdb62baf97c05e244a34af7b41bcef4e1ad0abcbb07780c46098d6aa29e8da2b1ee7a1461f4208f
- SSDEEP
  
  49152:cfFr6fytpn+yvaFmCHoTyPXpFCJvohps/xLfaMB4xwaNTX+7lHZy7WnmlqQnKBn:cfF4ytpDaFmCIufp8Jwhpwx7aMB2fj+Z
Score

1^/10
behavioral1 behavioral2
- Target
  
  attachment-22
- Size
  
  1KB
- MD5
  
  1a44796985c3d7b77a679e3161f9a544
- SHA1
  
  d3dba8db181a78b82eeb4a67b8445f200490c4a8
- SHA256
  
  956e77e769a93e541b371ed248c4777e057b38ad72460497902651788dd85020
- SHA512
  
  0becd2facd32007bf35a64c08a78a2f5ea5ee58273ecbb0874f6ee2c60add0af30b3fd655e9fb3cc4edc8cdb3aabe7a96138e161dc1524753a0adc598484d866
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  attachment-23
- Size
  
  5KB
- MD5
  
  4c19737bc0a2e918d25d084bf4376cc1
- SHA1
  
  bd750b51f68b71d7c1dabe8c4ad21560c6890900
- SHA256
  
  e63f4c7e86f65b8d8e45345375d71ca73f490bc060e27c840712bced9675ae51
- SHA512
  
  c10478f6d4d31709e8c954f71aaa8b752a54e62d4c6e572792e1ac14909d1272f4dccf433a530a44be2394bc9af09349a8cec046c747f0404f4a8515c4ff83bc
- SSDEEP
  
  96:7iYYJ86taItfXJ8yd8pf4zi2fHQfEfXJ8FJfXJ8v+huOFaO2OfEnyTOlOdCfEVy5:7+H/WKEM+13QfCg6a3QK2j2ZKQXNREyj
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  EAC拔苗成长指引 v3.58/其它/FLAC encoder/flac.exe
- Size
  
  188KB
- MD5
  
  a188f4f5dbb147f7bb6893b8ab02f3fc
- SHA1
  
  cb06d715bb98b45540ff746158321d08775eb873
- SHA256
  
  691330663528797d3ba6b6cb9ed9979681c9a99f8b2c906f1dcee4f8b7cd997f
- SHA512
  
  e7db0c30f3e6c4ddea1bd8e342df10e941bab66e20468621107abbfc12b408808b630a4e7ccd069e72607aa1047ab1e891a601d7e49b22bd0b6b3b82adc4f4b5
- SSDEEP
  
  3072:dbjiqY1mfmvkoqdQFGlSrZXpz5f5jXqftTx/NixtKz6Xxixr4EvXFWZm2Co18Bzj:JomfmvkoqdQFGgrj5f5Gfpx/sxRBit3v
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  EAC拔苗成长指引 v3.58/其它/MP3 encoder/lame.exe
- Size
  
  184KB
- MD5
  
  79fb70f6750ecf3f45419e5f46542d98
- SHA1
  
  7b75d3abf188a33d5693486e9ced347868fc571a
- SHA256
  
  8bfce90eb3f244dabb5e8234511e9a9e4fdd39111e17f3731417da0b7f51cdbb
- SHA512
  
  216f01d12ba1171f018f4a3661550316add31e67eb2b906c68b777a4bba7e52f026afd2e7c330a6e4397ffbf8a493219b10a05a3d8b4f22ffad2a55d264e852f
- SSDEEP
  
  3072:uYHBAvs9QA4q11zz9vMe5g9W636xwngtX0V9yXdoyzvl/XaIEoKWVafT+h7LHhOv:3Ovs9Fv1132eq9HRw0CXdfp/vE3g6TVv
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  EAC拔苗成长指引 v3.58/其它/MPC encoder/mppenc.exe
- Size
  
  77KB
- MD5
  
  b4db30d74c5c0d1bacae1fe5f757eae3
- SHA1
  
  c11551fe9fdf47e651891069cab13a6d82d796d0
- SHA256
  
  9788cd1f9382fd96182da908f11f991462d39768664cac73c9b5cd7f7be3c218
- SHA512
  
  c76517da5081c69fed5b48970c79ee8090f2fb1b65d0ce19229f9afa5681a4c255f2d82982cb176269084bd317cf04594d0e67a4f458b6a8fbb6bcaeb464ba17
- SSDEEP
  
  1536:fI4RWyDfCikYSLNKyeUPv0Gdfy1VMJKcClWTt4fAbmRPqp+gigKbiia:A4RWCfC3Y0No00swlgnbyIviJWV
Score

7^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  EAC拔苗成长指引 v3.58/其它/MPC encoder/wapet.exe
- Size
  
  4KB
- MD5
  
  33e7dec5ceb34464f67d6cc3c3568612
- SHA1
  
  29a656096412bd9ca740a7147cc429e0eeed67ed
- SHA256
  
  7f0ec9b28e6c1228fe3804f61ecb7e3378b55077224c9b9f5d5dcaf1edceca5d
- SHA512
  
  c6d43f8cd10d95033c521d9cfe99ad6bda89c98bdf2703b8a45cce253fb8bf0557f78768814315fb033e4e5cf8fcb8b3c2a910bb9230f41c37b77999862e62b6
- SSDEEP
  
  48:axfYtzjrn86rEkmpNei0fkaCpirn7mUqIJWvL7qiQAioTjnc2SeJY8JTaUBBC:afYtn82ynO7HqXqHATHBBg
Score

7^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  EAC拔苗成长指引 v3.58/其它/Ogg encoder/P4 CPU/oggenc23P4.exe
- Size
  
  200KB
- MD5
  
  68a7389a3e61ce2a99eb4881686bd394
- SHA1
  
  834698a59def156c85c405495f9071a1886eaa2f
- SHA256
  
  d2e123804591c915da887e1050a1d209a8292e59907ff9c7fea021d6d53e4296
- SHA512
  
  56daa16e66280a56756f92f57e6fb077d4b2fd382bc00bb0adf11f78b165f369a6a5a15edba745f91af8a19d43f7b84692768c99132f5062a3d2566f56e561e2
- SSDEEP
  
  6144:nUXrpBGViLsf8ROIDMwe3tqebFUl7cBoH:n+BGV4Ipw4tqOKp
Score

7^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  EAC拔苗成长指引 v3.58/其它/Ogg encoder/oggenc2.exe
- Size
  
  273KB
- MD5
  
  41b1da9c18b02a416b3a240fc8b27b42
- SHA1
  
  0a199bb0bab613ac14eea250088246a5233a3d33
- SHA256
  
  3ffcfb303aff268f82ea45fec1df31eb9717910b28fb1657cb9f98c7f256b8fe
- SHA512
  
  59a9400699795cb4b3a27cd6d4167863f520fa21f4d40176ee744d1bd2dc541d7e2d870310cb7e3693794cd1fa31c0959a65f247f75a238d26acc9473aa25366
- SSDEEP
  
  6144:bn1X4zjU5MNz4JdRWp939LGlLaYWB9ZaacE3KAhA4Okih36RDiarW8lY:pIR4lwtLy9KZFcFiAhsRvrW9
Score

7^/10

upx discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  EAC拔苗成长指引 v3.58/其它/外部接口aspi驱动/WNASPI32.DLL
- Size
  
  156KB
- MD5
  
  a6d7ac2c5b1e807b0feec08c44856044
- SHA1
  
  7d49e6973ef5b42bb82d7923079b5e4e59d31dc6
- SHA256
  
  67cef80e4f8c0be01391d57a9042179093e335d77246d31b8ad9f2db9a7e2912
- SHA512
  
  2d073c4cd4b4e0d96bbc3f6cd71cf0dae84384b1fd5a1c3602293590272e7cde6de87930ddfaa3359ba52fed68a7f6957039bb04004a17086bdfa078e37973c2
- SSDEEP
  
  3072:o4vMB3X9rtx4jZVmdWrrW8X99L+TTvUAl1GmvBsjgrC/oRCT8/R:TS3XJ4jZVk8X99L4t1G4r4+
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

UPX packed file

UPX packed file

UPX packed file

UPX packed file

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20