Overview

overview

7

Static

static

3

Hfolder/Hf...ey.exe

windows7-x64

3

Hfolder/Hf...ey.exe

windows10-2004-x64

3

Hfolder/Hfolder.exe

windows7-x64

7

Hfolder/Hfolder.exe

windows10-2004-x64

7

安装软件.bat

windows7-x64

1

安装软件.bat

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    16cb46a6156f7a2a87248b3b6a589639_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241005-jmsrtsxgme

  • MD5

    16cb46a6156f7a2a87248b3b6a589639

  • SHA1

    fb177217628b4de52547e6a0ef625b83dc2b100b

  • SHA256

    c5beb701e793be49311d476975c0c8b3e453ea5f20d427c64c0d31c3b01a09c1

  • SHA512

    48ca93f06c598e7356b9fa4d7c69d72ca2ffd54979c580b47628928935b138c17f243cfa8416222928269ec04163c7cb2b19cfdb29cbf08d1a7377b721bebb7f

  • SSDEEP

    24576:y3/90pCK5ewaMOHRyGbBRAAhpbm59LEQbb0n5rkTaqwHIrb11D:AYtewaMOHH3e5hEQ3qlk+1Irx1D

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      Hfolder/Hfolder-key.exe

    • Size

      18KB

    • MD5

      a0192c370370f7adccdd16d81e68dfb2

    • SHA1

      f199e775b28ae613ec3a81127a85e48b2d567688

    • SHA256

      ead9c6ee85cd4feb5a8c8019a857ffb56188b688f04bf80f3361679c877b0b0d

    • SHA512

      f534fc05bbbeaf94f92689f5e6f417b457d8808d16a5a37f9475c450720a2595da4471a9884c6fbef75c054e696aba2d9531aabeb79ac101c4a956a1d4c0ac06

    • SSDEEP

      384:bQ00crMPJYnnFMCKe9L628JaPyYXn8b39z966:000cAP6nKkL63kE9z96

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Hfolder/Hfolder.exe

    • Size

      1.2MB

    • MD5

      4aa093d03ac449134ee5fbc4d02ec805

    • SHA1

      8edececa12d46ed6729f122b218ade6d5c677b5a

    • SHA256

      9738641285a96d7b72ed98e1ff0d93217d49a74c1e54d2d08252e00afec7d059

    • SHA512

      70588cdd13471b95371773df2244d98f4c644a6eb8f65a8e2baf830f5336b76402843973727b07694b9c8ab29083360585ca4fa02f8d02a94293a5b3bb6dfb25

    • SSDEEP

      24576:v3g62vnKTHHmn/1Rz+M0BioHkscvi2lLgMcB01fuUhsUl21Vk:I6inKjmPN6itscK2lx7hsWUVk

    Score
    7/10
    bootkitdiscoverypersistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      安装软件.bat

    • Size

      40B

    • MD5

      b110f330c4dabdda5cea128c021a0568

    • SHA1

      d64a17ea10262e2b1500f48135b8ff7a7efcbc0a

    • SHA256

      37214f2232ba81e88caaf1e838b8fdba0411bcc167d4b5f699701cfc94f13cb7

    • SHA512

      657b5be7305ed95838a3e8c7de2eacd6e20634912411dc77793472d7e044327637a1f9792f4b993017e9b563c1d91974774ddd672882ac654e40847f204428b3

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks