General

  • Target

    4fe0fb4e3c634a4933c0f5aa37862ca9_JaffaCakes118

  • Size

    3.6MB

  • Sample

    241017-avafsasbkf

  • MD5

    4fe0fb4e3c634a4933c0f5aa37862ca9

  • SHA1

    251f0b3447b22bcb3838c351ac36d023493bfd7d

  • SHA256

    3d58752d9201e3bc58d32c2ab930287f6776e70ff316e59edea4ce2179a0cc0e

  • SHA512

    61c41343bf14c7b4e58b3203ac890c68c8bd22411741217d9efe834dc072de342a367a132472bdadf1fd2179184404748e6f62ac7a0ac8d04ebb34c955254c13

  • SSDEEP

    98304:Gs6PG+xOYTmsN6ia9ZujWr4A4cA6gM5x6r:oM8RML99oM36r

Malware Config

Targets

    • Target

      LPv.dll

    • Size

      1.0MB

    • MD5

      82f4f15b5f2710f0ae0308180ecc42c7

    • SHA1

      420e14c7868dc79d01ce795d8414f0109c31be86

    • SHA256

      a90ad1ae1e25bbca8115d07dace09ff66cec4e3779b300f7c453b38b519080e8

    • SHA512

      c98ab45f7eb70dd077d8f6049079cfb15c786a70765ffd27b9dada75260e9066068143e4980bbecc4598892ccb94538dfa826428daeee71b7b01ed869c2e2407

    • SSDEEP

      24576:JMumJWvkxJNvyIni+5rbcg+NJ9ZVL5KQd:JTavy4JrbcnbVL

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      MSCOMCTL.OCX

    • Size

      1.0MB

    • MD5

      ecc7d7f0d3446de36045d1d9e964fafe

    • SHA1

      da6b0ec081d628c33b150327f3bd16d3b7fa4729

    • SHA256

      bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4

    • SHA512

      443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632

    • SSDEEP

      24576:s0LiK1d6dxOehwsj5dC33M/jYVRDSfaF0gg1CVGO7oVtNKG:n6dAehwaY19G1u7+Ln

    Score
    3/10
    • Target

      MSINET.OCX

    • Size

      129KB

    • MD5

      90a39346e9b67f132ef133725c487ff6

    • SHA1

      9cd22933f628465c863bed7895d99395acaa5d2a

    • SHA256

      e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    • SHA512

      0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    • SSDEEP

      3072:R5JTZQu4epojdkYv55RCezn/T81B+ySRdL:RLTbP85RCezbwm

    Score
    3/10
    • Target

      MSWINSCK.OCX

    • Size

      105KB

    • MD5

      9484c04258830aa3c2f2a70eb041414c

    • SHA1

      b242a4fb0e9dcf14cb51dc36027baff9a79cb823

    • SHA256

      bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

    • SHA512

      9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

    • SSDEEP

      3072:R7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrb:RNkVsuaRaU6mHGb

    Score
    3/10
    • Target

      MonsterBattle.dll

    • Size

      831KB

    • MD5

      5133d98fe9b7bccedce99a8bbe8cfed8

    • SHA1

      ad7e8efe4b22f5b833269e35be846bf1a2c30917

    • SHA256

      8905e18d5ceb13bef8972660a360431e5dc424961377e7cff14dbf80af386853

    • SHA512

      289f6f49ebc674fbde08a21d444d28a36de1105600629f344457c67767784fa9c397978e349ff95ca0298406afb5821a4e8fcd771ed784e4ac579b18becc2295

    • SSDEEP

      24576:8sRrjrNEZJn26sL6UAiTwbxtfnjTWtjjrATdH/KjmWtFecL9h:8K9EPnqLNFTwTbTW+dfsmmFzLz

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      NPSCAN.DLL

    • Size

      261KB

    • MD5

      ac1d82ada728a79886b5b5ad5122554f

    • SHA1

      2fedc1e798ef18daad3f472617c8200434680c73

    • SHA256

      4bd79bbfea7c4b97ca4fceac814fe39003d22ed6a2bacf81f72a1107ae79cdc8

    • SHA512

      0912f97ce7042c848719b74bd1db9c38c29a8f0bb6cb3dc88fce02d11fceab6b0fb88e98e7341717e2d5fff1fab1ef90b5d9e9aaacf7b0f21b796de157808ac6

    • SSDEEP

      6144:IHXRRnrSFwWRvHYYh1suFLO/+exURTNVQIENySVHR/Yn3F:IHXRRneFnpHJ17BWyVQgSVHR/Y3F

    Score
    3/10
    • Target

      monsterpk.dll

    • Size

      251KB

    • MD5

      59206d3baf1d2bd175867f7bbf47fea7

    • SHA1

      e823064b0586e44f550e066926e19a20c69b388a

    • SHA256

      6ffdab7f2d49d1e24e7f3b12c82869c8ec17ba412bf94534029ea0adc0c9cf16

    • SHA512

      1ffc5f75df7b939ecbab489f7f252a955d753d8f7bec7096a8597a10f23e2eca0834ce6e45b33835ff858533b4dafe62b6396ecd502b11490237d4c287fc3d6a

    • SSDEEP

      6144:YHJIlEajXCYu83c8qLCVKJEv8xvJFF1Vp+0CBwc:milEav3czMFWp+04w

    Score
    3/10
    • Target

      npgmup.dll

    • Size

      63KB

    • MD5

      0e5ca0586b4798ac8e8a10b3f3f25569

    • SHA1

      110e120b403de69c8294d10e234de8786e3008f7

    • SHA256

      777312f8e78517693bbfd9915c1e787212dd2ccbfc0daf41f20015c89852fdea

    • SHA512

      5ee56134616d16c0aeaa25dd94e7fdfed68b3b606f30f54693a26062f570aacdb35658c5846f952b0b4defe39a41eacd7b9019f818bde75b009a3b5c0d6b0293

    • SSDEEP

      1536:B7qgsrpT5F5gvOQ5HnAgeyFATpGMQL0lWaQ2hjBqk2PXNq:B7qgsJH+HAgeBcMQLZatjBqZ9q

    Score
    3/10
    • Target

      npkcrypt.dll

    • Size

      236KB

    • MD5

      e3fa2cd23814b44ea8f1aa76ba95b557

    • SHA1

      bff20ce7f972746fcf16c8f7d2a733eaf1e4da82

    • SHA256

      fd5a97ae28ee2f111551023a1dbbd6ed5824f4dec4faf531d47b756ea0e2e0d5

    • SHA512

      8aa66c6877c1d3413346ba07f0de83462d3a4a84829a4a38525c156e4a34c74978252ab4ce981f319df88c76ef8cf37be3e295cf01326f1e954e2f78c0cafe3c

    • SSDEEP

      3072:aXOrVEJFGWkUo5r2pryB0f3ejXwJPtte9iLmhj0wASFgn6bgLo2npUbWO9Elf:aerf0o52YBWeDwYkaAR6b0Ucf

    Score
    3/10
    • Target

      npkcrypt.sys

    • Size

      24KB

    • MD5

      8bcb281a2540e7aff0cd00f9878fe21f

    • SHA1

      5b4b615221fbd6220700237c9fa4fe7a56482526

    • SHA256

      0b93205a6dee189d9c38514bc48174a2682fe024805ea2cffa408bd1a55b17e8

    • SHA512

      22b6c8bbaa2cae9fe9a6f4266001baeff1b2bfcc37f47332596f8687bbf27166cb26792df4166472c9d8b174c378dfef08c5d58891c56edcc86145bd6050e918

    • SSDEEP

      384:i4pU7EkGCl0MHalpAg4GlvpiK1K/d7ipAxBv98G9/iBmnZW39aM0PbaA96W61f2i:e7EkR0M6l2P1R9YAj96W66ffVK

    Score
    1/10
    • Target

      npkcusb.sys

    • Size

      36KB

    • MD5

      9d26933101f655f0d21118e561708239

    • SHA1

      b1aaa33b950fcb744bdba18a2a6048b3a1fd1b48

    • SHA256

      c6b176700ba6983286278bb9f30148dca97f053dedd00e6f16a1e0f9bf29c40f

    • SHA512

      cb0e74db07765f6af13a066300623e0bd47ab76808c263611138bccaf052051ababbe2109b72743b65cbf2959ca6d5ffc4a19cab12d47fda23558e41e72c4c55

    • SSDEEP

      768:BFwUHvAHkIXjb+htU2584gxh8Auet1UXukbYBW+uYl:BlHvAHkIktU2589R6mBW+Rl

    Score
    1/10
    • Target

      npkpdb.dll

    • Size

      52KB

    • MD5

      1fc78ae657b3f3a5cee688071ac2878d

    • SHA1

      8756b1429e45095b8510b43f4a3644ce9d1092a1

    • SHA256

      47744c95349d59f82ea6fbf2d90d352bd0bdc2fc5c83b00e45a08ae8862cf849

    • SHA512

      b60f3bc9a461191303b98d4007364fa7364e0f147ae162b0076b9df3e8354fe56c23fb135c3207c915c4a057448657629d1bf3f0c9deb11fd2eb5570a87eee04

    • SSDEEP

      768:mXB5K8gIMTLh67Ki68wVLgtR6UZT6noj8z:mR5cVTLQO9O6ewojq

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

themidaaspackv2
Score
7/10

behavioral1

bootkitdiscoveryevasionpersistencetrojan
Score
7/10

behavioral2

bootkitdiscoveryevasionpersistence
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discoveryevasionthemida
Score
7/10

behavioral10

discoveryevasionthemida
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10