aa9c460196d565a3104ed1c385e22f03b2928353b3ec547185a18ead23ae662c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36f15b198103c4aaad6a26d91ef8f1ff_JaffaCakes118
Size

1.3MB
Sample

241011-1kxrfazfjm
MD5

36f15b198103c4aaad6a26d91ef8f1ff
SHA1

c371253c329df1706db1be5ff3d602be3df7dc62
SHA256

aa9c460196d565a3104ed1c385e22f03b2928353b3ec547185a18ead23ae662c
SHA512

354eee4304416ed2b1e3f64b0870283493551a2d9fd97cf82ae0c3b53734c905fd4a0d8d005991db206105ebd329d76e29712e4c918c87b32a8d3772c80f338d
SSDEEP

24576:1cWruRUk4OY5vA5ZXzb2OAkV0jHcF4LOoc8QtrNgeVN1q0KdGETidjxeY6IUi:1L1O+yXPuNjy47c8QtrNrq0oGcidjsZA

Score

7^/10

bootkit discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  36f15b198103c4aaad6a26d91ef8f1ff_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  36f15b198103c4aaad6a26d91ef8f1ff
- SHA1
  
  c371253c329df1706db1be5ff3d602be3df7dc62
- SHA256
  
  aa9c460196d565a3104ed1c385e22f03b2928353b3ec547185a18ead23ae662c
- SHA512
  
  354eee4304416ed2b1e3f64b0870283493551a2d9fd97cf82ae0c3b53734c905fd4a0d8d005991db206105ebd329d76e29712e4c918c87b32a8d3772c80f338d
- SSDEEP
  
  24576:1cWruRUk4OY5vA5ZXzb2OAkV0jHcF4LOoc8QtrNgeVN1q0KdGETidjxeY6IUi:1L1O+yXPuNjy47c8QtrNrq0oGcidjsZA
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  6982595ed8bad3e983d6200201b9a1ab
- SHA1
  
  ddf3790820f6800e975e2293d46c95e1429b1d3d
- SHA256
  
  efb07b38b205f4dcde166887df43c089cfecff627099922cc0c88fce27075063
- SHA512
  
  3bf611bf9792b275632dc6980bb8f8ff522109db7365c936b2a340d2997ace6658af6dce3c8082de4e3a5b64cd2324ac21f67de061908933666fb1aa529a6eed
- SSDEEP
  
  384:mLbZ+21yxu6kGxPcSkfWpATCzip8OvNV:Mbj1yomESkQNRi
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  4KB
- MD5
  
  6e8035da51e2512fb88440d8d94ac38a
- SHA1
  
  c7e96e638450a40cb163b66ff60300e143940921
- SHA256
  
  e80cfa37169aecfee7d91508d1025706294d47b2950debf2c31e6ba52f3b8cf9
- SHA512
  
  1b8c849676d64b7e380aa884f3688ed1e6544aa4cd54a998522195d877e7a4c3071ff4fcc1478cd3afd1f77e89bee12faefe85db056d496d42a047801d69bcfd
- SSDEEP
  
  96:34Nr2mIDHfLfzMUyJ1Cb/zdYumvhTHVYE:I12mIHYUy4/RBiK
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  9KB
- MD5
  
  ae182dc797cd9ad2c025066692fc041b
- SHA1
  
  7ee5f057be9febfa77f698a1b12213a5bbdd4742
- SHA256
  
  b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471
- SHA512
  
  2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7
- SSDEEP
  
  192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Extensions/ExtAddons/ExtAddons.dll
- Size
  
  189KB
- MD5
  
  2e794748e45e72410770f4619a13632f
- SHA1
  
  9f862a2f65bc50a38d5e92dc85d7abe0e840fddd
- SHA256
  
  5cd9db594cda8307bbb6127f6e9f095b6644ab6f7a46bcdfe01b6232d5bec7ec
- SHA512
  
  485aff3c550be8881acf05ecbcef6874419c425743a8641b20be93e80c05461e712432a1cc2dee7f426d7715b186d33d3ff44d31b94ebe91275e0387ffb1225d
- SSDEEP
  
  3072:wiV2eL06NX3X2fU58PZOeO8+Ei21mGND1UeOZAFJIpQRXsEuJZTWtAkfd:wY2eL0oX3mfU8Zep2137uJhCV
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Extensions/ExtAdfilter/ExtAdfilter.dll
- Size
  
  93KB
- MD5
  
  5a2fb8f5390912c2d3a75e8d71390c11
- SHA1
  
  6a9ec26115177f707ef0e15a278b16f23e381c68
- SHA256
  
  375662925f48338d2ffe340601b0398f6e5f935824b679b0953a2e9b855c1f1b
- SHA512
  
  64b069cf208121bf3a305c1ca145870a3a10790534724a03e93267fae2da4639016d6c7287dcd2bc710f6696e454f9310e98f5ad4e164d5a6c07ce3123204e0f
- SSDEEP
  
  1536:bmD48dfIorLv7PqzQFQnIO1nToIfd3YchItgiB5qky:KD9fZfv7PUJdTBfdIchItgiKky
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Extensions/ExtDownload/ExtDownload.dll
- Size
  
  313KB
- MD5
  
  3cc57babec23c0b5ee2574debf338806
- SHA1
  
  ad2d6905cf7b7ebedaad84c663be60b8454c9f06
- SHA256
  
  3cbfd63d00aa11c25f662392ad9161dd589edf5e40185b90d6fa87e1c5187387
- SHA512
  
  d80d954c04bcba7b33f9111bbb5a2dafbe688e566aa094d24670d574397584193ccdcbb2c30ec26dd423bd01f1e9f87061ff04e664ea38f9c76373b8e44af8dd
- SSDEEP
  
  6144:DcKuN4o+au9ekjUueC9ttC3p2giZ5e+u4Oxv8692EgXmnfEb1H+RphUQS73AMnQ:YSo+a8eVueCXtC3pJy5fOxv8692EgWf9
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Extensions/ExtMinibar/ExtMinibar.dll
- Size
  
  89KB
- MD5
  
  21bcafb5c5de854c7ed3ee52902f7676
- SHA1
  
  1d076aef368c71f87bb549e0ec027a2356494868
- SHA256
  
  a2cf1eda553855f028b017b6f42bf352b77cb970b65bc77708bd84bfd828b25a
- SHA512
  
  ac44ac8cfa68b1be3cd89f2aa03b844d722e162a5ad89b9f23db144b1c146a0ee326da0dedecc0e4327eebf64fc647d3420dfe28a43690c04df2213bbe2e6634
- SSDEEP
  
  1536:YRIhuHaeL1CTXrPWi9LoGP9XvjlDID/Ukn:YyhuHfBm5PBvjlED/Ukn
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Extensions/ExtPages/ExtPages.dll
- Size
  
  473KB
- MD5
  
  f19b5912ba649a9a8ae51c264ab5434e
- SHA1
  
  35c603ea4eb7402b59f9e4e81f7510affb974f2a
- SHA256
  
  8e45b03797ffde4a25c02f7b912aa56dddc7eb1ceb1da73d2cb4cabace8b6a0d
- SHA512
  
  ec2acbf290587175fc787d0467bc0baadd00904655790f019d62836185d5d920735f9768ca660bfbca215f51fc1e4a0eb041456e81651e8b1d67e5c0ff75371a
- SSDEEP
  
  6144:OCj8BjRPMs3PYaNAurMhhujQ86V9FSO/iq1clE:O7BjRshTK6
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Extensions/ExtSuggest/ExtSuggest.dll
- Size
  
  69KB
- MD5
  
  63c62adebbb135353296b73f9ec981e6
- SHA1
  
  db30b6c4978b40da693a746ade35d3ac25892001
- SHA256
  
  6952e21007c289fbfb612816549e3c60dc1c726fd9a408c5d33bfce15ef29fa8
- SHA512
  
  fadf76ffd980344fcf6f525ff1f5e3ad35ad64cc1da7730902e0cdd01450c52cd83667252d09da5e7165633cec27ef1902b1b80b20b3fe0b0539b8c90f6abe13
- SSDEEP
  
  1536:52+oNUCeLcpwc64vBMunZV5hur4W1txvdrKcRASF93ksB:52+ATpwZ4vBvzurDrKcRASF93kS
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Import.exe
- Size
  
  77KB
- MD5
  
  30175691966571c94f6c4eb72bfdd38a
- SHA1
  
  846509f4f6ebfefee86472fe8fb3dc041b3d6b44
- SHA256
  
  fe1bf84d22ff3f8bb3fc301fe0f8a696466875e1e37e1f35d14cae4e3847413f
- SHA512
  
  135850bb55faa0d3646b7ebe5f89ff333982d7f2a7b3a7b978f0fd7179e4b65eae696a2db4f9314f7701b14b4351ec84a3cdc54eb867445d75030e6a91354ef6
- SSDEEP
  
  1536:zjuK9Tb7yZ15O6eHhBfIh0h45LSCPDPkl:zjuEiEdBfJGNPzkl
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  TheWorld.exe
- Size
  
  1.9MB
- MD5
  
  9fedb36381d2e4f66c4f47d8eae3ef53
- SHA1
  
  6c61b9d2c2243698a5d87a6f1788c1e32a044154
- SHA256
  
  54f0cb568844740486641a4b3985bfc839ce466e3573ccce5fa267e89c5ef508
- SHA512
  
  5ce04bfda47dccfcaa142c5f29eb8cee3fe69029e1e2399622625054b5e4754fad012287deb2a57a19f3e8074e6e25acae403fcdf2e354af72211b4ac5beb390
- SSDEEP
  
  24576:+Lis+RdERSiRnloTojXP7d1TOITbdLVAhIDBTwhYEg4L1zggM+QN:8QERgojfTOITFVfBTwhYZ4xzVq
Score

7^/10

bootkit discovery evasion persistence trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral23 behavioral24
- Target
  
  WebApp.exe
- Size
  
  217KB
- MD5
  
  515e65b1141fa52d69543cf970d9a152
- SHA1
  
  f17e9ccc660eef82939b02ae4357bcf754c27c97
- SHA256
  
  c513c335a938ebb40ca3399a50ffb28456549fe1c63f57434f0be2e51806f0ae
- SHA512
  
  e15295b422245041090008d528b8e83aa42d36d310fa2a54985a176813818b02fcf6754e739406a47ad7a141266c97ad3d3e983c16f3b445f85fff93a97955bb
- SSDEEP
  
  6144:jdrheWtP2yRByjD1XqAuVtqU4VzKuqIcrv:jhGyzy9XqAtO7
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

bootkitdiscoveryevasionpersistencetrojan

behavioral24

bootkitdiscoveryevasionpersistencetrojan

behavioral25

discoveryevasiontrojan

behavioral26

discoveryevasiontrojan