a19993b2050530bfdfb86bbbe14a9d5b69b14be10e66b934dafb3999dec26f0c

Sharing

Copy URL Twitter E-mail

General

Target

0ec885300e86aea81f4462e1653ea185_JaffaCakes118
Size

2.5MB
Sample

241003-kdt4zaxeph
MD5

0ec885300e86aea81f4462e1653ea185
SHA1

94873fca1e914a0f9e80d8fe212ef8c8909eb7ab
SHA256

a19993b2050530bfdfb86bbbe14a9d5b69b14be10e66b934dafb3999dec26f0c
SHA512

570769b4c7fd837879c73249a1ae5c58393dafece10dedc59ee1813f90d642bdddab13f39a9d65a7b310da655ba93027d08cf8de32d26926bb7c6b86575b19c8
SSDEEP

49152:gfZR3TvK+zMPu/12nYS1UNH6dVzucl1AsEqjzn7rY1XkG4tdjFAkfvx9uIU2:CZBvGq1qT1UNH6dRuO1JXvY0XdqXIU2

Score

8^/10

Malware Config

Targets

- Target
  
  0ec885300e86aea81f4462e1653ea185_JaffaCakes118
- Size
  
  2.5MB
- MD5
  
  0ec885300e86aea81f4462e1653ea185
- SHA1
  
  94873fca1e914a0f9e80d8fe212ef8c8909eb7ab
- SHA256
  
  a19993b2050530bfdfb86bbbe14a9d5b69b14be10e66b934dafb3999dec26f0c
- SHA512
  
  570769b4c7fd837879c73249a1ae5c58393dafece10dedc59ee1813f90d642bdddab13f39a9d65a7b310da655ba93027d08cf8de32d26926bb7c6b86575b19c8
- SSDEEP
  
  49152:gfZR3TvK+zMPu/12nYS1UNH6dVzucl1AsEqjzn7rY1XkG4tdjFAkfvx9uIU2:CZBvGq1qT1UNH6dRuO1JXvY0XdqXIU2
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  UUAP.exe
- Size
  
  1.7MB
- MD5
  
  fa19074dff1e0f33b5e2e387ef10b36e
- SHA1
  
  9a40de14a6132d0e2e7abb687fc907b4ecbeda21
- SHA256
  
  feb74ef7eb5d46b81aacc38a99ab6b6b2e18722586c5754fedd4cb7907b9783e
- SHA512
  
  8ab846d50f6a0f4a2137125211bf06e320b3a9fc271dea093374b289879274c4458481f9fa46b4632166aebe30131d0365437216e313e3892fa286017cdaf73b
- SSDEEP
  
  49152:XcZYNIxOWpuA0tYwlF1jN/xB7EkIiebKJKznh+YFNBnIJGT/xvH+MiS2q:XcGUuLtlFpN/x5EkIiebKJKznhTNBnI5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  UUBo_ActiveX.ocx
- Size
  
  1.6MB
- MD5
  
  a159cc890b2b3ce674c1793222c783cf
- SHA1
  
  22252f86cf1c45471de7808ec3d1e79acfbf4e8b
- SHA256
  
  1dfea3d17657fdc7d4c629e92d7f554600524db7018cc2178a67481ce618fe06
- SHA512
  
  e5ce5ad29df0f0803d54e2a572c6b6abb5577bb6ccb9ae65ec5df290295410a1b1389c05301e0ae03d03bd0e85d6838c371404082daaa9c6df951a4b74b6af6c
- SSDEEP
  
  49152:cZ+X7y5mf8qmfTl85uEJUgi9H0mDt8kC8UfkPCYL11Y0O2oXz:1y5IwTm5uEWgi9H0mDmh8UuLnY0O2o
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  UUTV.exe
- Size
  
  1.9MB
- MD5
  
  43b8c10235903da53f453520ec179af6
- SHA1
  
  bbf14c0c049358ff40d376f36488f4b2686a1523
- SHA256
  
  ae5caa4bb3d51cafa1f5e650ca66e4ef52aa266a50bb06caec802a62aba79e78
- SHA512
  
  9be487e54f45b375ab3a6c991029991856ede14984e138f36dbaa25155fdeee7d4d9cac4a668050c895c07cff9aa1ec71cb54398559df7dae22e6c3d9d2c0be3
- SSDEEP
  
  49152:idajEeZFp7MS0qfaOkmqvZ3ldBr6sgR1zANmngOdu6z4pFNsUuC9Qb/:ZjFpl0qfaOkRvZ3ldBr6HzAIgj6z4pFE
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  partner/FINSTALLERS_66_22926.exe
- Size
  
  58KB
- MD5
  
  054d5f81414379a158843756fd3a26cb
- SHA1
  
  0a45628334c8e143831d1611c97b40a0a0191a00
- SHA256
  
  14b115fde4c54871f035ad955fd6c8fd9b17bc858a8c4ba0fb8358259c557e95
- SHA512
  
  5bae8abac61a0cf0a39cf4b34a5e44b95bcc353bdc7fb8f92b5b004bae16f525d1f69b21afc1c37f056674cc536a2fb716eee576c6428d0abb0c3ec8136060ad
- SSDEEP
  
  768:AkpgjurpP2VYW+dk7plkfkW+14po6bIILfS:A6TwVC+plkfDzo6X7S
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  partner/FunLoader_C128248.exe
- Size
  
  183KB
- MD5
  
  347d906c0b91f74e68ca1201d7c2556e
- SHA1
  
  825bb7d021c1ac6b1e0dffafa4356a3b953db2fb
- SHA256
  
  a8bb9805c40e58f01f7fa490e5acc8118e13c0714051f70ab20a14629f36d686
- SHA512
  
  1f6690bf406a2afdd3ca979f2341735aeee5d590081c5c4794818fb9047e75289e8bd14df3241992ab74a0a6e4db38f42d4bd93befa18a6bba1028fbb10519bf
- SSDEEP
  
  3072:Q/TufwtrR+1EDAk/0Y9yZ83WCnts29wC1K5L6B7KT7u:Ve1Qk/0YEZ8GCnttiR9YL
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  partner/HaoZipDown.206076.exe
- Size
  
  129KB
- MD5
  
  7d0843cfac0acb3756601850d5044522
- SHA1
  
  f9333ac0fefd16f9c21f9eaefc53975f9423a5a5
- SHA256
  
  6a7272b6d0fabf9d1fba5251c8e0ca1fd7d0af4ab86f31fe2408061afc20c5b0
- SHA512
  
  7d7a14ee3b26d3d06b0e69c76899df0188ba6a2f9b1a3bfe6a7e94044af5a0d3d172ba37a227bfe171aff5fb42644153a3ca7ef04077b6f93fe81424904c73a5
- SSDEEP
  
  1536:qLMH/srXrcXRfIp3LlzMWPouFTbY1zlFpWk4q4wCRrhnTPfs1Iar+JHvsCTaF2+E:MXm9Y9JbQLp32nLs1Dr+JP7aFJbQ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  partner/IFoxInstall_3.2.0.0-s-c203085.exe
- Size
  
  488KB
- MD5
  
  9c1492c38d8904afb3dd908328c89488
- SHA1
  
  9642564f1de4b9b4c76573aa7f0a09f396eedf0c
- SHA256
  
  5106601b987153e6e748ac54a13056da89cdfcccea1c35fcf400a0e666997a26
- SHA512
  
  d5cfd0f3ffecdf267964237db1c88d9d4020cf20f0908dd4863058acdb3b5a91758f8630717ad0084180e0a19383ff1fc6c0006d8178343f82ae3f70a32d3253
- SSDEEP
  
  12288:YYIxY8jQuwjkq17/I5ZjDZCFpUyV/sxBuK8n3z:fIVjQHF17/IL1CPUWmBujj
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  partner/QIYILittle_02_14.exe
- Size
  
  151KB
- MD5
  
  ad5f0d39a0bdf09204f9517fb2e04587
- SHA1
  
  3763c2ba6d6a10b859bc9cd591c5bec43ff29219
- SHA256
  
  dbab05c220d2cac9740ef5e9a06568b201a2d378aef56be72b5fe713078afa35
- SHA512
  
  3b00dd48d6a4e2ccac09333d23234b073a8dc59d05d108b56143ace9e0dd33a7b1a7b379f6a6017a8de2f5ed7fecab39cf93ae6a071a9e6dfb8c04fcd4e77970
- SSDEEP
  
  3072:pcJzzS6MtWMmqGvsKABNbcdGFVzuca/1l63RQ6Y:6yLWM8XA4kLG1l6bY
Score

8^/10

discovery evasion persistence privilege_escalation bootkit
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  partner/filedown_239131.exe
- Size
  
  130KB
- MD5
  
  34c7a909209b3806d3a837d22e9bae33
- SHA1
  
  d7a22eff341560e783050f998741db8cadef9080
- SHA256
  
  daf47e91f6688d6ec4c0a9f2226e9c77ec46eca9fbe0fa3c98155289602158e3
- SHA512
  
  b560425220746f416ab47d1854fdcd57944ac996a97ecec8dfde08d590cf10b676932e6184f24c6f029ebcc6dccbcdedcf4e4ce07df52e0bb29b9d36912650c2
- SSDEEP
  
  1536:z631xX/1ELJpDPJEf9ODWkU39+LAQbO3mqHWkHRS4qdnhrXnTABur+/lvsCTaF2p:eEjDPA6UQbhqvGdn58sr+/97aFJRo
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  partner/she1094809.exe
- Size
  
  147KB
- MD5
  
  64ebd3f4b0368c21c0a8a4266e846cec
- SHA1
  
  5e691e9512eab9e20bd0f9451fd7dd237d15c43c
- SHA256
  
  95d436b014387a17f617e70ea99f1cfef20e85faa467b88a25a272550aaad7fa
- SHA512
  
  c622583d15d468334864b20bca2ab4c6899c4da6dd3828e92b07bdc9240df724a4abd2927c8dbc854da178bf41fe28855e7f8b950aa0e5686f22e4feeff57b74
- SSDEEP
  
  3072:amA9ee28vfXq6cz9Z5YrPdZ/E49EZyrJJlG9Fwx5zzzzzI9f:LofHCVYZZ/EpZyw9Fq5zzzzza
Score

6^/10

bootkit discovery persistence
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral21 behavioral22
- Target
  
  partner/silentoi_39015028_54.exe
- Size
  
  233KB
- MD5
  
  39271eef22c027200a0e8e944e5dcb82
- SHA1
  
  daf1de8bbc44b7380385645663f8da6eb6a880b7
- SHA256
  
  b9a43ef6f8cbb7172dedd52d1f5dae553d6c83cdea74ee4cfc965cc2f1fbd2bf
- SHA512
  
  9ab28bd5360fd0f3a70b1b808ecb67dae50f07b224b3478ed2dc4cee306c6fa43fdd267aefbbc9b07c706436ad3a04a7ecaa1490e2a786aaddfe67b0863167dc
- SSDEEP
  
  3072:XRD96DXhI0rcka12nsdx31BpobDsSNF6W2VUF5i1sJyCystX5pqk2bgwazY8dCvF:0juW8wDy0fqhbgw78k/2CExCvfdqW
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  player/NetAgent.dll
- Size
  
  133KB
- MD5
  
  c6f1cd7d6dbc62a3192e4089b1c136c6
- SHA1
  
  772071a546b8deba46152830b5296cf685b9ffd9
- SHA256
  
  5cc7880c515b41836dcdf969654ed86ce00bd900014058da8b7d1d9b71ba0acc
- SHA512
  
  098563d7ecd69c1eecede6165350f9ab6e560fa591483cad05c45cb4ea4e42b3f8343b8a5afacfed32fac3d4d689c9d8d37fe6de8264229b0932ebfc9026005b
- SSDEEP
  
  3072:wpg2iTqTI7JvyKE59vWV5AcXa4s9A5hmkl:w+us7G59vyicXa4mUb
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  player/QvodNet.dll
- Size
  
  181KB
- MD5
  
  6c55cefd4493823ef3c7abd1b1f5586e
- SHA1
  
  72ac44a9e3819a8fd0e750a6b539689e5b328985
- SHA256
  
  34a0d9331e9972c1886c876fb6b170f66be696c7942330c3741cc4ec0147d17b
- SHA512
  
  833894410c5b8028f2e261c66a3914dd49a8be203efd44abea26088157b5c95d1d55f4cce158fd66150633208e7a5cfe11a4ed255cb6df67433a4365f88d80aa
- SSDEEP
  
  3072:P7Q6MfkVJIxXvplEpyrEQarnPPmE1pC5adXOM43ESMG5l2NA0N:P0bfO6pfzarZy5aa3ESL4N
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  player/QvodPlayMedia.dll
- Size
  
  693KB
- MD5
  
  5c159d4be90fa94012ce72f5873bbcb8
- SHA1
  
  87967f4827c4d12f4598e218583b4648466b4907
- SHA256
  
  8226e6917dff17083cc5a0a28775f8f3e77406ca11eb77f5bcad8f191166dab9
- SHA512
  
  69add5650071968022c1a590f811c9e047595c76676afed14aa50237626f01beb0d33897489ef2ac6eee96a4170d5c8e5d02767ee7f14ce193a7677c4f32b114
- SSDEEP
  
  6144:8T7N0BJ67A5vZveyTQOlB8fcDh8jyIOXlAWxcECfCozuFdc:8N6XcmhVpVcECfdydc
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  player/QvodTerminal.exe
- Size
  
  318KB
- MD5
  
  bd1f832a719e158d106bfd56c812d941
- SHA1
  
  a28c92fc925eb832362367e41428d8fdd52d7373
- SHA256
  
  44f0b8f8f0a3f9c30d2aceb43bf9c810bd3a9bf65377b1ab13b90e1e838af250
- SHA512
  
  fa59c407ec28f826667473c1aa0da07c7d03df0a51972ea8d6c62add9cc4ef15f54163bc3ab821b2f76d256eb62cef0ad7146e584c857545bff446baf6ba8b13
- SSDEEP
  
  6144:p4nHtk8Pu0zELjxaBNApnLWUWF5NN/UPBvSUkDvZr7HI+sc7muDMSTNr+kAHK8:p4Htkh0QjxajCWhxNCcJHdsc7muDrTNu
Score

1^/10
behavioral31 behavioral32