6ef94526277cbd63b6f7d51fe802750efe323dea5bfcf743766d946c282e03fd | Triage

Sharing

General

Target

ff8cca48a2cb73452ef05c1e3ef37bfa_JaffaCakes118
Size

5.0MB
Sample

240930-afwqga1fma
MD5

ff8cca48a2cb73452ef05c1e3ef37bfa
SHA1

b54379c3636c0e7132460c8d9dbbb1bbb311ea75
SHA256

6ef94526277cbd63b6f7d51fe802750efe323dea5bfcf743766d946c282e03fd
SHA512

2e58b5a9d18b4752a900d1cdd21a6aa2f7961abe7f3115a3fd46b5611fdcb8da563189f0052405c5bf4023338c7b7cc9c979794e591ed429d03b7d95ba158125
SSDEEP

98304:VJqtKTPCMcNRhgAaqzVOQOYNtfkXZ8tOzTcOPwaWcLJhlppwEHXp:ywqMc7uAaq5JLkpdYOPJJt3p

Score

8^/10

bootkit discovery persistence

Malware Config

Targets

- Target
  
  PaiPai/@绿化工具.exe
- Size
  
  412KB
- MD5
  
  6ef36077386184ed579855fa91f2bec4
- SHA1
  
  b000657e3bdc091d7d40471e6ad5d75c92dae168
- SHA256
  
  4295a61e1353ad3e22c024c423d64d441757ae332c265bd0d8d5430f95ee5ac6
- SHA512
  
  8f5e73db4e05b5437816489796fe931f894f14cda030f23709a9df14d6fc5dfc0906aee56e1de09423f5d8923b6c8fb02fd334cda52ad958fc73d4355420aa6d
- SSDEEP
  
  6144:x3Y5RFoIACENSPcaSwJHk7MWD/eHO1zUGt2ZET2D+cYaFNQv5Gna8M41QJ:xI5mSP9SwOb1xUzWT2D+c3NvM
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ButtonEvent.dll
- Size
  
  4KB
- MD5
  
  fad9d09fc0267e8513b8628e767b2604
- SHA1
  
  bea76a7621c07b30ed90bedef4d608a5b9e15300
- SHA256
  
  5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2
- SHA512
  
  b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  107737e3282fefd85684f2fa3df6d1c3
- SHA1
  
  3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f
- SHA256
  
  21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0
- SHA512
  
  439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4
- SSDEEP
  
  192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0ae9c427fe7bbbbf1368c1c6d3933ae7
- SHA1
  
  c8e5131613302531c88512dada29a18886259268
- SHA256
  
  49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
- SHA512
  
  59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
- SSDEEP
  
  96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/linker.dll
- Size
  
  6KB
- MD5
  
  8450b29ee8d592c208ba1aaf6ee50267
- SHA1
  
  75096da057bc85cef63bb0eec168652ea75cf618
- SHA256
  
  53aa57e582dc56421c1191a0a9efac9c36960b903b7d825f3b9682605ec2b612
- SHA512
  
  d23a3057053a1f36f5eb212ae0b09b9b0b41e50b8a6a20bbc46c12c51199ad0bca741bcce17534488158e8f2b9470dbdac2aa059688b7588a05778c40d461039
- SSDEEP
  
  48:q/XgJspkvsIWyuS3fyVLkmqbIWXGuDNcGo+FLtLFSfrPIk2vIhll:4gJsFIWjS3qVomqIixo+9tLFUr4vMl
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/divxdec.ax
- Size
  
  712KB
- MD5
  
  8d4ae6d727a26f5ce5bbe224bb017be5
- SHA1
  
  3307eb5f3deefd80a8012b219fd02a504d8ae6c9
- SHA256
  
  24a94ae9cac79f6bbe65020099a26b9cd06018306c6561a907b8e2e99989884e
- SHA512
  
  4c55d7388ba7e2063bcd85812ced3f3c77a65e73997de558284d19175328ca78ef45f86d2e232599e57fc4c586911fa07d7ff4fa457a7ae066a4dfa1a0f706ab
- SSDEEP
  
  12288:PZk+r/xSZiOnvpJo3c8K2hkl7BrDSzp7f0ooIeuCgu:hka/swOnvpms8K2hkl7xDSt7f3R7hu
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  PaiPai/DivX.dll
- Size
  
  680KB
- MD5
  
  3e57706d1ad3e2fafebaa72ebe12939b
- SHA1
  
  263262f35bd32c6eb8b5cbb39863ddf8adbf6f6a
- SHA256
  
  2e57b2f705e5aa0086e87c2f8bced622b61d1d69c942a81257a3d5017e56b01a
- SHA512
  
  b6c1764ed76ed83a58afc08eb22bad4b5564f424b116e26548241f12fce6af014b60a5194c1e87c6691c53629648e5a61def2ae3f3b5ccac9f79f648329fde0f
- SSDEEP
  
  12288:/O3nKjiQA+oFZNtvYjR37lVCnxg+hWbvywzpg6ln2KLvLmBKrb/30g:8nKO+oFZId7lErhgb1NT0
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  PaiPai/Feedback.dll
- Size
  
  64KB
- MD5
  
  f7878279263b1c846af3bc5d944a8f2b
- SHA1
  
  df2f3b4db94ad3a59a718afec5218c425012cc03
- SHA256
  
  d0ae8ec1e4db033de9a1058598f03f8e582c822a7daf2dbc6a042c59e5fb77ec
- SHA512
  
  0187bcd4fe874ff36815448f271fb630c21bf3478be71d149cd8c12b70a522cd541a1d35b6ae5fbb6d0b1ff92e75489890a38772c92acfa9884ea7b6509192f3
- SSDEEP
  
  768:4ro1pjgMZCdZwn40c/haXtLFInupb1mn2Mzq5YGxuRZZ6q4KK:6AlgMwgdcZad6n+1mX/g6x4
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  PaiPai/FreeImage.dll
- Size
  
  2.3MB
- MD5
  
  5167e215a75753eae72e7834943bae75
- SHA1
  
  e9a4769cb17cef314f414ef14238c8c6869a3c66
- SHA256
  
  af2a1ae66d9963092a7de6756335caf39a9c2250ecd77bd07e62ca4ac6046259
- SHA512
  
  edd747c7332949a4fcb3d601f809acc175aa6fbe80724ed0bbf48ba6f29ec1415fafb0a46a663bd52fb0e5a2e14ed7a453212cd08e74298fd6ff7e07c8937bc4
- SSDEEP
  
  24576:nplmUIUWq2i2B+PyB793HjOTM6qoAVEWLx+oylAjPo2vWazbiwpOpTRzTMy8N8GT:npltIUha6ybOgNtQVlAUWzuwqTXC7
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  PaiPai/PaiPai.exe
- Size
  
  1.6MB
- MD5
  
  34672bfad67a4ee5fcd8f6812fbf10ec
- SHA1
  
  95af609433e9da2f02cd9a5cfda168811d35d93a
- SHA256
  
  fd16419c2625b7f4983acad53ae11c73d4a7d204c9f9867f10973e72cf0d8609
- SHA512
  
  3df15be81f846b00de6c3dde2b533b0a3ac40981515e583d0fd51fbdbe103addd3fcfe03d9ed79c099b387a962b471194f2236dfebe4cfe486c13d1a38a90085
- SSDEEP
  
  24576:QahSQ2mX/GG5dDHm8DUpxCkSyTfo6slgs8s6slg4sRsnw+DWbDPa+DWrrDPiI3sG:Qcpq8mCkSsIBjerHEe/Ruke7Ucn
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral21 behavioral22
- Target
  
  PaiPai/PaiPai_LiveUpdate.exe
- Size
  
  524KB
- MD5
  
  c39281e2d2a98b235410ddb1440f965d
- SHA1
  
  0d5b19c4bbd21c77a5ef4b3886da7bb5d6541908
- SHA256
  
  d43f7c85121d6bd402731c689ae7f7c3ec1319488292c3467d466bdd515c3f37
- SHA512
  
  1163ae4b103ed29fe39a2fb6137506048453e820f89258ad56903a8fa82595010630895782f940606a2cca0c16ab1430bb192ba6df6d54f186542af501ac6346
- SSDEEP
  
  12288:4laf6gbfo7vCQ8PE1wdHpCJ5LjnDPEAh5mIUXw6Rh:4MG7vC3PE1LjnrEAh5mtw
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral23 behavioral24
- Target
  
  PaiPai/Web/Sucai/local_01.html
- Size
  
  1KB
- MD5
  
  3ac243fdba0ed0d6b4980ff3608ab344
- SHA1
  
  1cd73cccb498a9693d3af11a8c53a27660a747f8
- SHA256
  
  376a7620bd4b6bbcdc7c4717c09023ad74ae825fbe4cc195d66ab62911f12498
- SHA512
  
  05f75866f52b598b905e7d5ba901ced2f8434c70188297ef0f262d300003fb4e42a8d40fbc2647f6b81facdd9a90f70b7bae42b8e0a75bfe83ebefcde2698aa7
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  PaiPai/Web/Sucai/local_02.html
- Size
  
  961B
- MD5
  
  99dc1a62697877ee6d170ed015ef1b89
- SHA1
  
  23c453d04b74a273214150ca1e0995ddce3c01ad
- SHA256
  
  77597e6a61511ad64f740fb3d46dd39efee0f3c31c7daab5eb017f8bbc55bb9b
- SHA512
  
  4102514d8c39e60f918ffc91b1ddaf8452d7e9f9515e57ff5563ba980dfdff13c19a15ac404100d36f79949a3a940b23d50ad582cc7bea29176cea24da0ca781
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  PaiPai/Web/Welcome/index.html
- Size
  
  5KB
- MD5
  
  77c55bcd3f9e301608958a1259ad2753
- SHA1
  
  5a5937949e701ca1cd320f233347614bd81e50de
- SHA256
  
  3931fd5964f18d7131b7a33656a2e6bc3dfc77febe4434e18104fd792323af13
- SHA512
  
  47e81a29c50f39027f7c13e5d00fbffc24bbe56c6f15582f80f27d3a93b4db944e92646cf11eca1e13d65995ce090483f81aac136c21137feb1f79216dce7fa5
- SSDEEP
  
  96:S41evfhpFaeFaHwhGkx4xrVaoHMTFmKPCQm44:S41evfowQplHMTkKPCQu
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  PaiPai/divxdec.ax
- Size
  
  712KB
- MD5
  
  8d4ae6d727a26f5ce5bbe224bb017be5
- SHA1
  
  3307eb5f3deefd80a8012b219fd02a504d8ae6c9
- SHA256
  
  24a94ae9cac79f6bbe65020099a26b9cd06018306c6561a907b8e2e99989884e
- SHA512
  
  4c55d7388ba7e2063bcd85812ced3f3c77a65e73997de558284d19175328ca78ef45f86d2e232599e57fc4c586911fa07d7ff4fa457a7ae066a4dfa1a0f706ab
- SSDEEP
  
  12288:PZk+r/xSZiOnvpJo3c8K2hkl7BrDSzp7f0ooIeuCgu:hka/swOnvpms8K2hkl7xDSt7f3R7hu
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

bootkitdiscoverypersistence

behavioral22

bootkitdiscoverypersistence

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32