dd88df0b6570564db8caa0f7cfd177b018dc6603f7a5fb0216013c5e65e3f242

Sharing

Copy URL Twitter E-mail

General

Target

fdb5f8ea398b10d3b4907da065955d99_JaffaCakes118
Size

22.2MB
Sample

240929-dz6assyapl
MD5

fdb5f8ea398b10d3b4907da065955d99
SHA1

0587078a2bea4bf876255e4d5ea5bdcbe5253fba
SHA256

dd88df0b6570564db8caa0f7cfd177b018dc6603f7a5fb0216013c5e65e3f242
SHA512

9ff7be5366d34abfe183c2a4bb35348c2ebdfe7611548ab480ee32aff2c1d95abe7a0f22caefbbe821487883ec335313a390fe94e2cab50507170210736b905d
SSDEEP

393216:LGxDK3jHvaCJrM2Sppk/DSvfsf1+M020lruCGrrrkNd5zsqHXq5083:LGVKraCSJvfM1WVTGrr+d5xK

Score

7^/10

Malware Config

Targets

- Target
  
  fdb5f8ea398b10d3b4907da065955d99_JaffaCakes118
- Size
  
  22.2MB
- MD5
  
  fdb5f8ea398b10d3b4907da065955d99
- SHA1
  
  0587078a2bea4bf876255e4d5ea5bdcbe5253fba
- SHA256
  
  dd88df0b6570564db8caa0f7cfd177b018dc6603f7a5fb0216013c5e65e3f242
- SHA512
  
  9ff7be5366d34abfe183c2a4bb35348c2ebdfe7611548ab480ee32aff2c1d95abe7a0f22caefbbe821487883ec335313a390fe94e2cab50507170210736b905d
- SSDEEP
  
  393216:LGxDK3jHvaCJrM2Sppk/DSvfsf1+M020lruCGrrrkNd5zsqHXq5083:LGVKraCSJvfM1WVTGrr+d5xK
Score

6^/10

bootkit discovery persistence evasion privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Windows Firewall
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BCK.dll
- Size
  
  598KB
- MD5
  
  fd076dac527057dffdee0b3777f1a63e
- SHA1
  
  0dfdae4bce7fc6d1758b253b09d9a1e97c2e5e18
- SHA256
  
  24f1974be1c1cf05be3108c3f8cfb6b556d47b1e378afc782bd821e8368b7056
- SHA512
  
  12a8885ec7b054622e3a678f6478d881c6612d3a93202d2fd590218a96e0727e404efebb976d6140293b734c34491c5ed2ddfa7904a66dc4d72ed29e918c224c
- SSDEEP
  
  12288:lS7v2zn/0gwLeUMB0gW89g/EeCdabEzJjCEbKpOHMo+6E7uuvxUhiAX34O04dVwt:mW/0mejzOso+6Kuuv1Uf/d+t
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallHelper.dll
- Size
  
  592KB
- MD5
  
  cdc003452526f6903fdbe5541927aa14
- SHA1
  
  829dde27148a5e8512919336a1a0919b7efb7d34
- SHA256
  
  a34ebdb8ad523289b6d6ac431feddec55b595f7b68f0aab5e9bd5ebfb2f6593f
- SHA512
  
  5eddce68d846dddaee549cacdb60a42114240bfeb010cf68aaf3ecab792dc4eff7a2d22b267874e1330e7e967d09f228f288bd7da0dd121f073662a5db97da58
- SSDEEP
  
  12288:Iiv0afakFtRnWMNorLjKBAPdhtvsv/rEM6ajlTeRoP:eYdijplcvjE2jlTeR0
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  89351a0a6a89519c86c5531e20dab9ea
- SHA1
  
  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00
- SHA256
  
  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277
- SHA512
  
  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08
- SSDEEP
  
  384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/QMNetwork.dll
- Size
  
  347KB
- MD5
  
  35951425829d6453edc812eeeecf00b5
- SHA1
  
  3233ccee46b88fbbc32272320c20ba582cfb3f0a
- SHA256
  
  5f6f3e3f3e4136805b92ddf5174f2c3509dfb4f7e7add37b7f71a494c08a95e6
- SHA512
  
  5e312d5cd8e999ca1f676c2060aa82ed7d47f14cef62d649c333482cabc3a5ac426d79cef50656ba0b148d7d6c0d5b214844c0dc41fb20db771de36f543d81b6
- SSDEEP
  
  6144:mWVSsKKxWQ2eI8s/VqxKG4l3UB9SSTVy7DY+nvhpfqydq5hjRXF20EOZAwSJNS5:9V7FxWteI8j7SSTVKDY+nvhpfqyghNFl
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/QQMusicCommon.dll
- Size
  
  932KB
- MD5
  
  156acea8485e341f5ddf77a6d80ab565
- SHA1
  
  5a5949017a507a1c2ba0b6f63d6cff041615f43e
- SHA256
  
  439a21a6192eb915a888f732495f93ac4285c60960c46a608ec08b3e73941261
- SHA512
  
  b350f0687d27919bee915111b312d16a103a715d6a04a36b7fdc6d42bd5b494f82e684407b0e660bfe95ffc40152e9cb2b60710aec8b59513c8fb477085d8226
- SSDEEP
  
  12288:wwSjsndzhZix1jeW9FobGkwaaIYQnvkjVMRUxLBo2oViMDdZvTD4JDyB9LorBA79:1SIatD9Foj3CxV7GdZvTsOLSBJc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/QQMusicResource.dll
- Size
  
  1.8MB
- MD5
  
  7588b6fe2eecb11add4b8941d68380ca
- SHA1
  
  3e193c6454dce4c4b1b3a0ceabb77563b014db39
- SHA256
  
  a453e96179b6254f38959e11d47e7966c663182c206de04e3c9c35f050df709c
- SHA512
  
  85561fa925ac2458b9ef3d6f45d7f3ddaf463877b084169bc76878bc59d6621218909e832d0fc8bcb15d20d656ab633cbe861fd61f9d9478c2f9297c69c3d8c0
- SSDEEP
  
  24576:U0CC5iYQO36oGflrlJeK/D45VeGfIurQpGBJRTQTT:7CCtJ36tflrGK/U5ckSGhuT
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/QQPCDetector.dll
- Size
  
  646KB
- MD5
  
  43877a6e04e6ab1db20e387f50957fa1
- SHA1
  
  e847c4c8974857da6086d28b14b71882cf90eb14
- SHA256
  
  e63c43811bacb46229be7d266afb8e1ba7629013bf5206ffeafac819d61c17f2
- SHA512
  
  05762b45d86a84fa9daf9eff86512db2407a7dc1c16d920e2b48133d39e9e3c3caf9da83dd7d54ab420a51cd87ed148f8caf4197d5451a911232496fd975479b
- SSDEEP
  
  12288:7bXdTdLL/0XeFrjRLy6RFjq7wqacZl0qvyt4nXAO:HXPP/0XarjBy6q7wEZl0qvyt4nXAO
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/zlib.dll
- Size
  
  80KB
- MD5
  
  3b8a2cc48ab2ecdf28ed79905c632400
- SHA1
  
  b5e887e57bd39ebe4d2636a150e7c71492f7523f
- SHA256
  
  aa9c2854b3d673f1a91c0decb6e6fc58ac37ec1936579092c0b4e5b24d73b9f8
- SHA512
  
  0d5bc429c16ea2c75b127f2e636a8db7181abd562ee32359be942878bfcef687ce7680c2a40d1956b87eec74dae4174560ccb1cae2fedd3f014778a4ccda4bf6
- SSDEEP
  
  1536:ZeeUG1F4w9ZZxYgEqRmU0dZnToIfoIOsIOp2ZMNAlJ:VTWiZZxEU2xTBfuip2ZMqlJ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  ApdMon.dll
- Size
  
  126KB
- MD5
  
  8d91d0f474050edb6959fbf1574403a7
- SHA1
  
  ffebcaf9ed7dfca48b9164950ff2770e542e50ac
- SHA256
  
  ff26740ff1298bdd7b3082c9b3e3b786d9c497945230ce6ceb1d65fe2e4eca4d
- SHA512
  
  d3c45f2cead681eb8cbdd421d1975ad739b947bd52574cd1da87f5cdd809262e0bef4be7db28551a3f4394193ca27abc60dacbfacbd35fe48370525600776dad
- SSDEEP
  
  3072:lwJsFvUEXTTUiuMNCbkXUVmKUznTwdqhfDvSgeOP81rNk2oYXM:AaTfTN8kXUVmHwIhTSOP+rc
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  AsyncTask.dll
- Size
  
  89KB
- MD5
  
  f22dfa9692500faaddedf9afb3e5ef54
- SHA1
  
  0298e06d2c12f4813bd6da321edc4c53ad0495b2
- SHA256
  
  c96cb6d8e8d8e116630c431326bfeb9a85d0c434183ce1d28b89742ba392b0c6
- SHA512
  
  a1dbe8bf39316676caeadef75b447ff433f1e7e4e006f8079ae2821ee92051bb25e4d38eb3454cb713c44d8abc13f63fcd62083468ff57434b72fc3503e766c4
- SSDEEP
  
  1536:WEWjm+xtH2q2hHWAVmaAN6urYUooxOfGdGyAIdBsKAMWGpbsBdH6a:WzPHTtlN6urYUooxOfGdGyAIdBsKAMd4
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  AutoPowerOff.exe
- Size
  
  23KB
- MD5
  
  8868c76ff4368602b9fa473f8cae1b48
- SHA1
  
  24850399bdebe97ad820a5f1fdc5dfde6aaff324
- SHA256
  
  443cc8ab125848dbe91078f13e3dd325360940dd4fcda953b0d71956ddd89478
- SHA512
  
  728fc4b9cc04b3ea280f88230274cf1cd4f869f626562161a3825ac9624b0f229d26dee50b4923be3aaebdf735ad23b40d1c5cfbe4a5d8c70029706f5f453a73
- SSDEEP
  
  384:coq44EtAE9i6ZHS6nYPLQRIA9eMpTNIAQY1wtPG5GEnH2+:coMEp1ZYuwtoW+
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Bck.dll
- Size
  
  600KB
- MD5
  
  98a967bbfd5750ab59213fde1fb1f6fa
- SHA1
  
  785f4fb2ac13b65060715dbe9c138d29625d071c
- SHA256
  
  ad091fb1b343792dadc29dd17818a9c354e8d3073d7e99e589f892b8047e64ba
- SHA512
  
  a6aad92127bff195b0353a47a1e87896b349fc63ce0074df09faae00b85a0c858dcd753cd21868cfcd4499f64e6277daa8cee10260a210dc7be0f08100833d76
- SSDEEP
  
  12288:VS7v2zn/0gwLeUMB0gW89g/EeCdabEzJjCEbKpOHMo+6E7uuvxUhiAX34O04dVwb:WW/0mejzOso+6Kuuv1Uf/d+b
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  CMInternet.dll
- Size
  
  69KB
- MD5
  
  2b064ab5442ababfc35c6c14d37eff57
- SHA1
  
  76de5082b8003ee4ab4bfc0b5cfdaffeca0636d3
- SHA256
  
  f4667ec187a913beca1da1e5b202acbffd630470245ffd9196987b013d6c77eb
- SHA512
  
  2f1a13efa36584226de5885b2a9a766139011d204237c44f7ca44bacecba1745f323725fdce8479ff18a686155960de47d0b7fdb5f077df846f403c0a7784a69
- SSDEEP
  
  1536:I966vufTBbfHIZkeOiZs2ghwiROOZcVrnUS6d:e66ITtPxwZChwiROOZgrnUJd
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Common.dll
- Size
  
  1.8MB
- MD5
  
  25cc00fcf339fb551d6204c10238d93a
- SHA1
  
  49abac3809bfeebfd4ddc81db5fe9d104a9d2854
- SHA256
  
  1420e3cd9d92a148ff57d706dfaf16a56e6f55f0e147683f964491a3f06e8974
- SHA512
  
  3d059292ec80bc7767ea2222427fa9336823e2d25283f3fa658ac88e96e03ba3497657d8b044658a2373eafab88eae7d597f49af3a31a02b55e04ca542e7ee99
- SSDEEP
  
  49152:RQAJo7/tE3Mg5eh4V79rfgiTzp2KFCPF4ej2xZZc+/:RNo7/0J5eI7pfPxB
Score

3^/10

discovery
behavioral31 behavioral32