d14eb68ed8ab65578fb3610ab9d254ab2ba67529929481b462a7d175a807fd73

Sharing

Copy URL

Twitter E-mail

General

Target

fa48b5083338bcbeee45064bb50abd52_JaffaCakes118
Size

11.0MB
Sample

240927-m3zrvsyhjn
MD5

fa48b5083338bcbeee45064bb50abd52
SHA1

e4bc658fb08477465e342a3dc5fd2cda8e3a1373
SHA256

d14eb68ed8ab65578fb3610ab9d254ab2ba67529929481b462a7d175a807fd73
SHA512

fdb5acfd1b42c025676e6033170a3acb6c686724087846727b5ee12568f67082e709112cb5af32990fc88394135660d87d2027da6e42ddc841e969ea98eeece0
SSDEEP

196608:7DYeUhIxMOQ8PgkLZVyJ5PXVzxspR/AO49JYN94NRLMV9ZpPb72E5P7tf20bJd:Av6bIk7A5Pny4O4kN68Tr+Eh7tOwd

Score

7^/10

Malware Config

Targets

- Target
  
  fa48b5083338bcbeee45064bb50abd52_JaffaCakes118
- Size
  
  11.0MB
- MD5
  
  fa48b5083338bcbeee45064bb50abd52
- SHA1
  
  e4bc658fb08477465e342a3dc5fd2cda8e3a1373
- SHA256
  
  d14eb68ed8ab65578fb3610ab9d254ab2ba67529929481b462a7d175a807fd73
- SHA512
  
  fdb5acfd1b42c025676e6033170a3acb6c686724087846727b5ee12568f67082e709112cb5af32990fc88394135660d87d2027da6e42ddc841e969ea98eeece0
- SSDEEP
  
  196608:7DYeUhIxMOQ8PgkLZVyJ5PXVzxspR/AO49JYN94NRLMV9ZpPb72E5P7tf20bJd:Av6bIk7A5Pny4O4kN68Tr+Eh7tOwd
Score

7^/10

bootkit discovery persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/Converter.dll
- Size
  
  121KB
- MD5
  
  6f670e64ab88d81c76ee1e1ff0afa638
- SHA1
  
  c9012c2820b4a31a5d6aacc3f1b4e2f1bddd8633
- SHA256
  
  3d41c3f8b746698c4c4d4250144af822db1fbf99a770d821944046e3451e2a1f
- SHA512
  
  7a61d3f75f2a8bff4b06a9ebced17d2177c9eaca81dc30ee9a98a03b2a179edabab7b74fe55551048666903fe19affa3a81f8741b2986a6aea770163aa31d8e3
- SSDEEP
  
  1536:zjwr0d84x7AkRDQqe4nDtgIyHz7h391SzYbfOBtaz0Ay0vvFaECD:zbHRZ3JDaz7d7OBcoT4vQb
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/GdiPlus.dll
- Size
  
  1.7MB
- MD5
  
  0c38476c6e51c95144f648b78fb579d8
- SHA1
  
  1a85ebc7203e7f0dc5297e6c5a056d52d45c447c
- SHA256
  
  04495ada069d6d176f14115738782cc8660c575e90046919a02792c274260f02
- SHA512
  
  5800fd07a1ab41a14aa1d413d0d2e54583e61086937bbc6b9b8901726f6944fb75fabc45ef1ae44ca9a0b00240c5df50a8a826ce7f2a33581ec21f9fd47be8d1
- SSDEEP
  
  24576:uxnzzlD7ReVXjqvyigpv71+h3A6DZq0PCFUm1zfvDf73zJAMd5fUzDHyZ201pKK5:uBzpD700KVwh3TA0PCUuz73aknXKKjN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/IEBrowser.dll
- Size
  
  465KB
- MD5
  
  d6350e8f015ad1b3ad7fef02136a5e23
- SHA1
  
  fbd7a61eb78c1e5023b74fed09ab4ae34313d296
- SHA256
  
  993120efc74970f567365aeee22c5c846e5f9e08abce3b5cc36f61686eac596d
- SHA512
  
  e17ae471d5cd3f97b0fbe59e548404ba06a78e528ef66e0d45fe1879ac1efbca3e57911f756a7ee11560d7297be4bb9cffb5ac383fcbe58232a1033e54786400
- SSDEEP
  
  12288:oeXB1r/MgKVszPGyR5MF4aHQnWAJ3a2xu8Z16Rx5Lusl:TX3MgRGyR5MkJztiQsl
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/MngModule.dll
- Size
  
  970KB
- MD5
  
  0f11eec6f0277db75f8673907911223e
- SHA1
  
  d5fe27ed211f9484af386ac66b051a473aa2ccac
- SHA256
  
  a2f97b83d51f32958ba3c98a942bd2e945714df079b5982d07b7c33b615319bd
- SHA512
  
  6d9f09c2df288ebcdf57c64a6a1e22a5e3de79b58966467f162f480462b2c7a4048c4a335f98c371913ee5ce8b7fe0ebb50d1ec42fb8dd062b8d5c3d718419b6
- SSDEEP
  
  24576:Vgksy9wm6a8YgLSCyxaMyDqQoHHrgeGhmEP/5IB7Pm2af5:Vgjy2La8Yg7LMyDqrHHrdS+1m5f5
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/PPAP.exe
- Size
  
  429KB
- MD5
  
  dd81a3a96c4394441968724ff84b3ba5
- SHA1
  
  0d693baf3072b57b9583c1e4bce640d7b96db90d
- SHA256
  
  fde74bb7f920835d2abc40fe45b3c5f7ec2ece0160575ebbe5bf496f2d8ee2d1
- SHA512
  
  a81d91a023f3f1d0224b232efe40dc6865ccf5c2ba05204b8867fc1eeb4df4c6e35fe36a87a4ca7548f05badd0e8e3ce5e04b20f4bdde0df617744c1b6d53b1a
- SSDEEP
  
  12288:o3okVIQG/IJIIIIImIIIIIIIIcIIIIIIiIIIIIIv7IIIIInH6wNd+xG3cv1DSrxB:o3okVzG/IJIIIIImIIIIIIIIcIIIIII3
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/TipsClient.dll
- Size
  
  237KB
- MD5
  
  25853e8bd3e283e15024d1111535ede7
- SHA1
  
  5b56e1dea924520b6c61ec09113c33fa3db573a4
- SHA256
  
  ccbce22f01208cc8fc96de789ab9fedefc851f588cd4c1fbd6d9edc7ac2f4eb5
- SHA512
  
  5bfa0e6bed05f1ab79ee97d1bd9bf1d48ba3d263a44e538d005af820c41c659eb112a4f19152e0841301fbd8b9618e8f353fe672df88b66e45c4719784202144
- SSDEEP
  
  3072:G4CrgXFGPASJR81rXwRtTgvK8SvP4N6MPuFjpChe8WgoqILjWjpWyI9Se/tNWrLL:yg1TwsS8HUdjpChSpGje/tNyykwbC1
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/admodule.dll
- Size
  
  812KB
- MD5
  
  a256337aedd10bfe85aa8d0cc759c4b1
- SHA1
  
  292012487cd89842964712e1ad26e7dfb2c1fcb1
- SHA256
  
  e2c24c63ac4da0e34a253c3cf8d6ec31da39740376fe2e87e52ba0f32c450640
- SHA512
  
  250666689c156809dae72648e99d0a9abdb105375044c956d6c50e4107dce236d95a7925611566f8963b7bb0e956631aff9cce65695f1b7e493cfd4c849dab72
- SSDEEP
  
  12288:01uRtBrct5O/dyANBseR1+bQE5NyH8/uUIid7vV+4KCaEovvV:3gturIGjUIid7rKvvXV
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/crashreporter.exe
- Size
  
  193KB
- MD5
  
  05f960cb9448bb0c86698cde29912484
- SHA1
  
  b190a9aca1e84088ba884e56350d813af1b89eb6
- SHA256
  
  37bc466f71dfcd28152724b3ebf09aa70b6c5e15b34c6f3dee6214c125ba0b93
- SHA512
  
  9aff5ae6ff602738f17bf1e03cb0e4afeb6e6d01f375efc1ec7cbf03230dcb26bdcc573259d8a561ff31f037b1605e38fcd733ccf526d861847d37d1bb13dd0a
- SSDEEP
  
  3072:wePERBtJ1/3aog7CtOA2P+BHLutd4iCnYx:wVtJZ39g7CymFutdWYx
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/restore.dll
- Size
  
  131KB
- MD5
  
  a38f927758155d12f23a2a6a8a1ce9db
- SHA1
  
  6dd7276659dea0a8b683516241f9cfed0afd1ff8
- SHA256
  
  07271afceea12e449baf356274f06c620c93b9d69171ae48daff459668574b1a
- SHA512
  
  b7ebcbe0a1619cbaa9e7f63227b26df5d790a2ebc86c09e774c19510f64bde418731ac40aa8776786822d86e90317b0d67ba9671b56a32c24a20a90791c372e5
- SSDEEP
  
  3072:sSXrx07mIyOXyxYrVYa3DfDPBtS8Vxj+6qfu7:FxrOCmrVYa33S8Lmu7
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/sqlite3.dll
- Size
  
  504KB
- MD5
  
  b8a7b1f27c5d6b29ca363671307d8ec9
- SHA1
  
  5f190843d7bdbfbf86805d36003479df24b3a9cc
- SHA256
  
  4b55e4fae8b9d12c8ef971f037bc37c5e592fa3382bd5e4a08d2b3ddd112b559
- SHA512
  
  e7bd5c77078fe64478ca821fae29b550febdd5833d496a3d479ea4afc63822b55d81f2da2dc65b9f194edb019d4dfc951ad4af2ad970ff4b74a123ccddc3c8ea
- SSDEEP
  
  6144:La6o1fPp2yvgEN9oTXfBCM5PSdUGEuKwc/2odmSTenEDZZpQsUAq8XfLyCXZQ0j9:+6Ny4ZCM5PSjEuKCodmg+UfOwRCV/CoQ
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $COMMONFILES/PPLiveNetwork/$OUTDIR/uilib.dll
- Size
  
  710KB
- MD5
  
  e99b830adcc096ce62d780fdd90814fa
- SHA1
  
  b89d936e5f54fff99ed35174372360300fd08de8
- SHA256
  
  2591577448723f483ce559970d1ae513007be03e5a4c9c4729acc839a7861932
- SHA512
  
  8cd49094dcc6b6107fe2992e6757da60f284d659bc86e2e1c9ce7024b02b1c48eb5df111091ae7461d02be6b89b7d8ee25eaeac6bf68886820fa086905ad5b56
- SSDEEP
  
  12288:vzYgrzLo624i8nsATZVBOo4nNm5csz+qByqciok7m/YOzKxOe6/5KYVak+TXVKC1:JhH2Nm5bzZoqRdiK0l/MYVGTkC+6D
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $COMMONFILES/PPLiveNetwork/kernel/$OUTDIR/FWUpnp.dll
- Size
  
  140KB
- MD5
  
  be2d4b56d5d40afca9c804d0776a25c6
- SHA1
  
  7ea48cf0e980fe999f14338f44ad4c57c9b714de
- SHA256
  
  e54031818e6449897e3a81f0637b0af7618f6aa9e1530c3bf4989d2fabe4a2d4
- SHA512
  
  f32b8e1d27acb7c9021dcc6cd426599374f61a78fd38a0f9d0bf5bf63c424ca816e3859387d98b3060592ea86d1743c5ff149099bcab4da9e31ff7abc81fd627
- SSDEEP
  
  3072:HE0D5eN3rsEkHJGYM+y/DV7u4hNesdd56PeAWK5:HRQ3rshhMn/DVj3dc2LK5
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $COMMONFILES/PPLiveNetwork/kernel/$OUTDIR/Hookkernel.dll
- Size
  
  275KB
- MD5
  
  65c2129a5c0cabd657022cf49a1a96a3
- SHA1
  
  03c529e0226eb5b41cd91708512dbd58edecd600
- SHA256
  
  0aa0271fc27552af57fd171c3288b00b600c912a60d8752bf70f90b997f5d67c
- SHA512
  
  b9900c3f6c93cf30c55cf718d96743728535bcb820ffaf4efa3c1ab874c684903a8fb30c2e88babdd468c2badc49306186df95f32d86bfb1a84d8d182bc8143c
- SSDEEP
  
  3072:VOGElO2Vtd2LW5ukXA8l7xLsx1BuAYzPWMYCWyRQzaniwlXs5Yo4qD1icgE:FEzrd2LWDXA8lVsNczPWtCW/zO3XtooE
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $COMMONFILES/PPLiveNetwork/kernel/$OUTDIR/PPHookShell.dll
- Size
  
  252KB
- MD5
  
  a27a138723878a478c06e1f82adccfab
- SHA1
  
  79dffc70b9104cd9487d7e49a95f492faadd3133
- SHA256
  
  519277e0449b1eed8f75624ebbb9cb09a5d8dccd3815c6ef594fa4fec6318741
- SHA512
  
  24ec8474d7e3969772176045a0191f669c4bf6f05ca241dc0e2c0840027ed8daa9cfb7b50383f23497c192809732f2afc5f384cd4edaea4d47e3547fbdbea31f
- SSDEEP
  
  6144:daf31Wel39Id66npp6kZ0EYmf2yLtopxL:d61Idnnpp6RgmpxL
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $COMMONFILES/PPLiveNetwork/kernel/$OUTDIR/Send_Log_Kernel_Module.dll
- Size
  
  233KB
- MD5
  
  7d1dbe3c735d2a5d4951022c45547772
- SHA1
  
  e6fbebc3c185d6b150bc7b2a9d1685e107b03b3e
- SHA256
  
  8cc9bc4f9289ef37d344c88e4b53ce5ca58b11ec1e32d60fc9fd6456a80f1233
- SHA512
  
  648299ee0b0c2678d9da43ca039fcf8525e9921b46327577fa6c57f0de41f5ccecda70e219a0135fb8c05725a752e7e2cdf27bad845203eb5147d3056e588086
- SSDEEP
  
  6144:kQ4Xli0q/zL8eVC0RmtrC3mVe9IMv1cWzES179Tm:kQ4igrCWVe9zaWzD9Tm
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

UPX packed file

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32