Overview

overview

7

Static

static

5

U89.exe

windows7-x64

7

U89.exe

windows10-2004-x64

7

دعاء.doc

windows7-x64

4

دعاء.doc

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    04a3d32d124f9a5b83ceb0f06045d572_JaffaCakes118

  • Size

    205KB

  • Sample

    241001-gwwhzavalq

  • MD5

    04a3d32d124f9a5b83ceb0f06045d572

  • SHA1

    1a88215a4871f0fd8be9dd892d57221b1b9cd562

  • SHA256

    7a068a3fb23cb34bd23f67a19d23de9f4a0c94f68aca121f13fb1d8268f5236d

  • SHA512

    b6497e105a172356332b2f73cbf27cb384437046c645b26dc02bbd1718c6972d8cd2a2ae09583b1b8b69b5d5ff109e8f80abd1c38c868e9689842d4b29cc558d

  • SSDEEP

    3072:HdjPhqGpdS3HhgdlNt2t4PNEwB7viDDKQ2iKZBGVY5orkeqOlTdUpoxzXUd:h3XS3hclNAWewtoDKQ2iKZhWrk5cSmS

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Targets

    • Target

      U89.exe

    • Size

      212KB

    • MD5

      f556271e1338dfc224cbebf6fe8f8eae

    • SHA1

      054f755a4037ba3bc4c17a5f4c681a1204f35e0d

    • SHA256

      a70560275b6f6e9586a30f473b01f2584717df66a338204c696b55aa9994ca59

    • SHA512

      5f6c89c1544110d4039b4d814618f18ffd341c1c057ea9837006ab858187164e9d8f2910cdd133696a20bdbe2a2fb351b7c0e8c4d02693cd436ab7a88e7915d0

    • SSDEEP

      3072:obhW6ZNK8kxbvM6qVYqQyYOmaq63Ckl+GPDJNn6lsJ9t57OGskwuZ53lWQMEdFFH:o8c18vM64LYOmaq6TIS6lyX7Tp/1Zv

    Score
    7/10
    bootkitdiscoverypersistenceupx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      دعاء.doc

    • Size

      31KB

    • MD5

      e808905b00c534195aa3adcd2d57e9e9

    • SHA1

      2b71fd43efd5b6b5aa01b3e835f270a98fb99ea9

    • SHA256

      33e20c8cddddb56ce998820950042db5c64493b80bc219926ef236a04e03a4f1

    • SHA512

      882b176ed06ef8e52633f5cc0f570f965c6d8e9ec1822b9a606b086a9a2f722d082e84ae1eb82e22359fafc85d0b967d607464cd69527f3e02bde10dfce4e4e7

    • SSDEEP

      192:3hnGH8ob6P/RiD6JOjBLgmivwuNPjgLyCrqZldxn6FEh89Ix5zSCGquR5MnT:3hnGls/sBgmivwuNPTPTdxnowpusn

    Score
    4/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks