678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118
Size

1.0MB
Sample

240930-2yrysatbkg
MD5

038dc81ea8a6c5ae222feac69b36f5c8
SHA1

424d7f307be90470834ce2e341847578413d9fb4
SHA256

678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf
SHA512

9d50735d467c0c9a3228a7a8395ccc2b704e5557296f4ef968248883cd582fb0d7996376f32b02b138f9303f7b9acc01cfb846043e11e55f669eabf033b8760a
SSDEEP

24576:lrvRVBC53QxA1ev3kLtJka+8+0NVIxhEa8p2pIsoPg6cB:lrv3AqA1ev0BJkal+0NV2GXPg6O

Score

7^/10

bootkit discovery persistence ransomware

Malware Config

Targets

- Target
  
  038dc81ea8a6c5ae222feac69b36f5c8_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  038dc81ea8a6c5ae222feac69b36f5c8
- SHA1
  
  424d7f307be90470834ce2e341847578413d9fb4
- SHA256
  
  678ce97ba2389d80a1a795f6b86b3de412bc9200cf7fe454c806bc5c0582b2cf
- SHA512
  
  9d50735d467c0c9a3228a7a8395ccc2b704e5557296f4ef968248883cd582fb0d7996376f32b02b138f9303f7b9acc01cfb846043e11e55f669eabf033b8760a
- SSDEEP
  
  24576:lrvRVBC53QxA1ev3kLtJka+8+0NVIxhEa8p2pIsoPg6cB:lrv3AqA1ev0BJkal+0NV2GXPg6O
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  d7b3f05ff44116b9080b5e69b2e86efd
- SHA1
  
  2535ecfa122041edb901ac667944e0f6814c4cd0
- SHA256
  
  40d66e085409445202dce1b5419449cc302d91be17614b521e3ccce473205db7
- SHA512
  
  414c6b410b35a8bb5a2c9fdd46dad63704484e1535155219b29a5bb886ded73f4b7ca3bafa726ce751e1c711a764938c9256106a90098263d6ff88bc017ec140
- SSDEEP
  
  192:X6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:X6JaVh4I5rpPbTy+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4fbb4a2cd711fc1fe84f3dc30c491dc9
- SHA1
  
  888e01ae6e64e7326f88df9a30587f699eab154a
- SHA256
  
  c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2
- SHA512
  
  92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847
- SSDEEP
  
  192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  7cb5d7847bed05bcd661f07d97727786
- SHA1
  
  ec62aba9ece5897ae037db3e4a98e5fe5edd3b6c
- SHA256
  
  3663f682b9e6fbc0650a729555d6fc432c146e352791ad00a19212d64cc7da27
- SHA512
  
  51b2b773a8fca7d3346b349c8dc4b0da6d6972350bd9754cf02ab6c093c61c95ee478d562db88c6d046fd341ef0a2d1b06148384c203037dba89abb3e9f5ccc8
- SSDEEP
  
  384:jKtc0vzG1ioSUspKthBTTN/o7Hleya9cM0Ac9khYLMkIX0+GCBgBTm:jucKiSUV3ZTNmFta9c
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Coopen.exe
- Size
  
  86KB
- MD5
  
  88906dc86bca9982ce87590ba01b941a
- SHA1
  
  6128cd02fefc50ddc3f66ef4de4d6793bda08788
- SHA256
  
  b4bfae7749e2bd92e2bcf3cbe940a0b9e9c5c033f2ac073f8cd62f162e05513c
- SHA512
  
  5ae061072b0f32e7e2b6b5904fd030e9bd5fdfd66e7d47a84158f80a0cd44b71c7be8bc64f8423d2252a5f702f1cc9831ea54c0d2126ecce3fc6d9dbc39ac7d2
- SSDEEP
  
  1536:nZlr4EtwzjCDnMdbbPiDcAdg6bWstaV4ZI6Q5h:Z94EtwzjCzMND2ndgCHaQI6I
Score

7^/10

bootkit discovery persistence ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral11 behavioral12
- Target
  
  Coopen.scr
- Size
  
  44KB
- MD5
  
  f99de8aa1720e17748dd58c3d95dfbfb
- SHA1
  
  dc428b35eff369407754680f9b99927721f302bc
- SHA256
  
  76ec9069633571a4a75b82221a7062a758c540022a54a9da603e1e9c676ef58f
- SHA512
  
  64db4177a9026a3e025d171e2f21546667c9ad8164971ac8636bdc3ff66dbd4e733eae7e3add6a1cb6752629d6ea2915eaac23af524d6b3ae6ff7b4368ca3d8f
- SSDEEP
  
  768:Q84Dt9PfW6BBk0QYNT2TsnesPtHKz3R62b:Q9ThBBk0QYNheKKXb
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  CoopenAD.cop
- Size
  
  164KB
- MD5
  
  c9c51ee0874c1a9f095b70071c5ced8c
- SHA1
  
  02dd49e42cf3b0904d88e0f805fdeb870e4104da
- SHA256
  
  03565e99c95031aa7d8c8be1477544a975e5a178254137a4d53db32f375e0bc1
- SHA512
  
  f6bdd3948673d6f886151bf1942e51c49e7b0cbf9152349bef0a4693b94e8473dafd4d31dc8b89f11648f021691f9ad92457fa986fed93dde69f7c55381e140e
- SSDEEP
  
  1536:UkHrppcPEseYWyG6cO7IyTnjHRbdxUFmUx8CUbDMf3b7Pa7/C7IVPyoNlw8JepVW:Uk9p/1KI4Sjx8bb4yAvClxJeRH16b
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  CoopenActiveControl97.dll
- Size
  
  56KB
- MD5
  
  d25c229b4ff3a30bf3f1aaeaf1c822dd
- SHA1
  
  91b950a8ea4ba0553e6ebe540893bea3bc40a827
- SHA256
  
  873c00fb0c4379aa7004bd1a50c8b55cd54c03f73cbf443cbd93faddc68ac693
- SHA512
  
  c4526de2b809f782fbeced1f0646e5075046eff67c088a99981bc3389d686543630c43631748b1c73a8d74b08381e6904044cbc18d646c601cb8093c48658c46
- SSDEEP
  
  768:S6uAjyQVrDoLXo0os2A+dXFAyzXwpKv0G6XbkLXBSC5BA9vDyN:buAbe4Hs2Ak1AyDwpKv0G6wLRSYeNDw
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  CoopenAir.exe
- Size
  
  230KB
- MD5
  
  64d62868e3ada3265e8208b9344dad90
- SHA1
  
  6f65d13ab753f12945abf0db341f5c5571791332
- SHA256
  
  e80bf6fca7f10528b2cb0ab4e99eddc508070d98f107dc59622f61d0ad6d7671
- SHA512
  
  5a9a83260355fe0bbd3ed083baac9b766aa044edecc2fccc94a705a180156f47015e408981ede71d3992ad5be43e16c1c1c57785617870374774acfb44fe3e25
- SSDEEP
  
  3072:PVJB2QtGK1YSX5NcLaoHy0wKzohGpPPfpsbmiF6xGXxclT8ZNak47168l:7RGK1YSXENSezoUrGXLZN26E
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  CoopenClient.cop
- Size
  
  92KB
- MD5
  
  4eafddac76c7e0857761659457e756ba
- SHA1
  
  5031a13ef1a1fc3a9f7b748b2f532b869677db7f
- SHA256
  
  9524a1235d0c866b9ce132aec77596efef994545d4d84ae81bf63cce64f12066
- SHA512
  
  b507a4d1ad80d88bf93cabf154e48f75dfd2cce5d2e5e572d0a4946552b6335733063feb94e59b52e5d85aea5be0db218ca2726a657488d293d8047e46cd9100
- SSDEEP
  
  1536:Z9JoZqOYZP5NASArAf1W6wqZlhoBHYecoEjs2RR+twJAwjQ:Zr8Yp5yXAfTlhoBYuEj/RjJT8
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  CoopenDeskIcon.cop
- Size
  
  72KB
- MD5
  
  8f7f7d9e2f2daae65932e487b1e8c11a
- SHA1
  
  0947764539c040ead6f711edaba4cd8bf626a06d
- SHA256
  
  87196e5294fff21cee017f6c5ac1fe68953b4b7c25fd9b130dda2e0a12cde94f
- SHA512
  
  7ba686dd7dfe857c13568d3d2c45b6b6dea12e2629b5e56a4891461c794deb56866611abddbad32ca5cee6d2b1e6990cf94e3ab5a77f94e550af36ac468f3e26
- SSDEEP
  
  768:Lf3b2VA+DHTHTu1MBiST6YHrOAS+X4R1BwPiB9r7wzBPgBhnlvPT6BQ:0HTHTzAYLU04R/wzJQlvLKQ
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  CoopenDownloader.cop
- Size
  
  136KB
- MD5
  
  d5dffe1fdf7fb3165365fb293cf23e9f
- SHA1
  
  4ef2c1dea5708ec7c7583f28f663fd2a3426a504
- SHA256
  
  4d5802fcc562d317d7479e91b1c5fcd911715dd7b64a315247e79b08b556dff3
- SHA512
  
  519d93adcb3503d8c8a66e80c404cd5945da50a7e8c312106d817355f9b5f6c0e14132073fffc1eb3bb176907296100f8af6dc09bf01bc4b134eb48146fafdc3
- SSDEEP
  
  3072:wNK2MT9PVqcMRGzk9rPyzzKDTpJl2wc71L:wNK2kpLWqvKs1
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  CoopenModeA.cop
- Size
  
  252KB
- MD5
  
  bb4e52143f1ff3a9d22c6144635d0d6d
- SHA1
  
  2e2cc9b8e16044c10648904d5023ac84aab5f54a
- SHA256
  
  b78a479b2f5a0cb3b8384ba7276897bb21af398a4fcfbc39a0475f44eceb85d3
- SHA512
  
  50b4f3c72a588b72ada02df5c11cee699ec221ec05be6094632373282877f72e0e8d2b1b1550e66f8e92b1f2a0dffabefd15045acdd44cb65caa021dffad394c
- SSDEEP
  
  6144:LPR3iy+AuiV9TFPlMU/XGZg1f48Crk5np:TR3i2uiVtFPlMcrF5np
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  CoopenModeB.cop
- Size
  
  176KB
- MD5
  
  2b3cd9686b6c1aac96eb564674364c76
- SHA1
  
  d88c16891219a1e9eea56f04ecf9ae9c1be218b3
- SHA256
  
  21b2da9612ce6c5ead1e3d3c07f2e71347bd4da28013f015c38887cc8e72ae08
- SHA512
  
  c2a07a3fb872c69b4dfb4244db2642e48bb7e0c666d87306b3466b56fe3428ef48277e73a1424dbae2dae83c6bbc8c44ef40057a90a656e73edda4cf49121183
- SSDEEP
  
  3072:TyTfnpiAAlnb1+JiJBzUeQ4hAYBQoleqWpk0V:TyTfURJ3ThhQnq
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  CoopenModeC.cop
- Size
  
  124KB
- MD5
  
  d3bd4b1bedd86a70ec4ec145e5c554d8
- SHA1
  
  e6567fe09b43d178024e2b6c0df4b0d28eb2ca0e
- SHA256
  
  aad6721599a4329fdf7787216b1aaad6e712010cb6f432c66885ef1a9fd9d67f
- SHA512
  
  61fac2a409b72b320556e2e9f147e9e1891209c550f1ff06524c8603823ad040e2d20092f43a6c19922968366b3481c145b31055467c91efb6ba9e7defed28bc
- SSDEEP
  
  1536:cyGzqLgRXaExItQ4ZUg1U1P8Jdq2Qw/McZLdzKHDUFIpae5ujJwC59MRA0GuyvQ:2FxItb9OPpLwEouD0Ipl5u9wCvMa0iQ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

bootkitdiscoverypersistenceransomware

behavioral12

bootkitdiscoverypersistenceransomware

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32