d6607ea178eea5d8acc6724ddfcc8a6618bbc506baafe3a941d336ca1f0a7781 | Triage

Sharing

General

Target

ef6b5b941db0b75c05cc0e686686dd16_JaffaCakes118
Size

329KB
Sample

240921-kgfqratbje
MD5

ef6b5b941db0b75c05cc0e686686dd16
SHA1

6c417be4fc4e67841b82e769fa28c7111a9ebebc
SHA256

d6607ea178eea5d8acc6724ddfcc8a6618bbc506baafe3a941d336ca1f0a7781
SHA512

37698988482cd8c4c20c745b5928dd905057fe11e2014bbba1ebd28ab6e706034e425c6f674ae1a01e36337e8f69e851128bce4bd3383f46177c51a413a04b26
SSDEEP

6144:UXy9kmzqoPctTRFXrMMIYGB1n4n+HwHwOUw1fbm4IM5T4L7DTq+AOE0+fsHtzFO5:GWk9jTRmMEBQ+HwHwYfHM7qNEHtx7o

Score

7^/10

aspackv2 bootkit discovery persistence

Malware Config

Targets

- Target
  
  SEO蜘蛛侠/Cfg/cfg.cfg
- Size
  
  325KB
- MD5
  
  c7e858e4a51ba7d26af9235064988274
- SHA1
  
  f0bc0c5b452780cdadc06a1af9938035acf88c96
- SHA256
  
  1616612517d98e780666efd5b69b9ac5e94e34a661252198c88f0a2cf589792f
- SHA512
  
  b251e4c7330534be60fcc78c430de76a3bc55f988dc5127829f7baf486018aae8308a4f59bdef82a4c510c51c908693505bcb541c8cd0dedb144d1fc6fb0e6b8
- SSDEEP
  
  6144:6Z20Kf2RgmYbnDlkkz8CBGz95C6PuabwIUM8m/260pIy21uRyEIv7pq7jlSXwe:Q2Xf2mQW8UEo+rwIUbRyEq
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  SEO蜘蛛侠/MSWINSCK.OCX
- Size
  
  105KB
- MD5
  
  9484c04258830aa3c2f2a70eb041414c
- SHA1
  
  b242a4fb0e9dcf14cb51dc36027baff9a79cb823
- SHA256
  
  bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
- SHA512
  
  9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0
- SSDEEP
  
  3072:R7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrb:RNkVsuaRaU6mHGb
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  SEO蜘蛛侠/SEO蜘蛛侠.exe
- Size
  
  113KB
- MD5
  
  432720f0a887f66bc77ac0effa77256c
- SHA1
  
  07d6f409b48c391ed4d6ad3a4c778ad56e471f8c
- SHA256
  
  1c42eb76bf431490a244235b96d41a21226c256bdec6b567669bb847f9f33346
- SHA512
  
  5a5988afc7a879b104193b2be946e0683f3c99427d608f3158bbf5e05ab0d5ee081f1d5646ccadfb47389b4f92077fc4cbad15ca079f819095b9da0c1c878c3d
- SSDEEP
  
  3072:pA0iyWcc+kr3cryoIrO5hJv1Ltwi3qX6RUkU:O0/llhuoIS5boig6Rn
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  SEO蜘蛛侠/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitdiscoverypersistence

behavioral6

bootkitdiscoverypersistence

behavioral7

behavioral8