General

  • Target

    5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241017-csnlqs1bjj

  • MD5

    5052cf2d1f8b28b72768fae254e34a64

  • SHA1

    c28918f7ddabe26ba0d0ece6e3ea953ae5e7df72

  • SHA256

    206f0e7fd34c289a30061a61e700296dca6df48535922f94384f6c1715534691

  • SHA512

    bd222d6b63b1c199da18b652d226f9a67c0f34931ceb60849ec0272a7042ba3bfe46b659baf7e8a09a073a9145bc618a47ff4bc99a25d7bac6dcc78b0118f620

  • SSDEEP

    49152:prpRAcE4BJ16/bI6KH9/W/mxnwfYkW7mr1ir:pREYnFH9/PJYYkWe0

Malware Config

Targets

    • Target

      5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118

    • Size

      1.6MB

    • MD5

      5052cf2d1f8b28b72768fae254e34a64

    • SHA1

      c28918f7ddabe26ba0d0ece6e3ea953ae5e7df72

    • SHA256

      206f0e7fd34c289a30061a61e700296dca6df48535922f94384f6c1715534691

    • SHA512

      bd222d6b63b1c199da18b652d226f9a67c0f34931ceb60849ec0272a7042ba3bfe46b659baf7e8a09a073a9145bc618a47ff4bc99a25d7bac6dcc78b0118f620

    • SSDEEP

      49152:prpRAcE4BJ16/bI6KH9/W/mxnwfYkW7mr1ir:pREYnFH9/PJYYkWe0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_2_/DownloadProxyPS.dll

    • Size

      65KB

    • MD5

      4ceb4641a90de4feee34ba5f949d41ba

    • SHA1

      cb060db236d9938f97b5e4e2d1b1c663071a2bd7

    • SHA256

      2a075c11148c3f04163b9ffdaa05d4b46bc55c96b2fe50d0a39cc377139c2b26

    • SHA512

      932960a503817683c3d7c66695732ec6dc59887b0eaa8d53c4e26e1de6fd6c4e9291a4afe25d898c9b02dfe4cd976414f66b715b861e7974e765bff587fa2d27

    • SSDEEP

      768:AiDiESGpQV9RVDsRzncSKw1/Yagi0+pdVt02hrLWHbCb:hGGKVoRYSKwx1l0+9t02Za7Cb

    Score
    3/10
    • Target

      $_2_/Extract.dll

    • Size

      358KB

    • MD5

      9da51d4506bd094fbfc7d337338fc872

    • SHA1

      1b5799ef6b66ac9471842f17570813e7c42cdb27

    • SHA256

      f2181e41d5950fcb762edf6b9cbb665e94004a7f1102b606c331690e6069a501

    • SHA512

      07dfae7c04ea2815ed78af9e29313050338bfec5a8e08a8846c0f846d6d27b79b7bfe2c3b4dbf3758aa22f88342aadf5513dcbcd6a718b9dd939996d6ce9e044

    • SSDEEP

      6144:xR1C/1D8BnHgvH/5udZip+IUOrJTbSfvyux0egTK3:xDC/1D8BH0HBvUIUOrux0ege3

    Score
    3/10
    • Target

      $_2_/MiniQQDL.exe

    • Size

      829KB

    • MD5

      b45f4840234e8aa94d0d75c47cc052ff

    • SHA1

      9fd12d040d7033c0b5b81d4c3ce97145bf504cc4

    • SHA256

      e510b8ef6baba2229fe2c7a88865b8f9cb4609a8d504ca74ca93420fe4eef700

    • SHA512

      08322f3fdf76d52544e8c0ccf88e127f23237fb9d0de3002c6231cea2d5e97342068617d2b4695ccf858ab148436255a965a5daa28e2d3a99f51767a5f306ff8

    • SSDEEP

      12288:glICZQTSccqulHGOgo4i1qOns54kkA1+0uJUQJAMGai+tZQ8L:yLbm2dE8JdAMrNtZLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_2_/TNProxy.dll

    • Size

      377KB

    • MD5

      858fc685a5bff591985394f9cdf9e289

    • SHA1

      5970a28aab399d005885b9c6b79eafd606640fab

    • SHA256

      3404212366a3aed4155e5d73d901e769a7005cadde5169a8d9677ab5a0585dcf

    • SHA512

      620491b27ff281ad42f947fb9dbef3256624fe8d298740d6b9942627525a2d44525cbb9065d2ffa2efb0ab3478b8a33148fc9b0b4c531106cc8e421e2c59f0d0

    • SSDEEP

      6144:H9u5ec95CL2ADz5izTNe/rCkMyELlc5VZ7ciL3QSGV0G/34r:NczXTNe/rCdVLlMNcW3Q3E

    Score
    3/10
    • Target

      $_2_/Tencentdl.exe

    • Size

      821KB

    • MD5

      b8f64b0b53e039cbeba7d60c81710bd8

    • SHA1

      a9be269daa7f404a23fcaf002be7ee13697ef8e0

    • SHA256

      54e0b845eff52823a951ff4b38c6728a381613a0603ce82d4d5c34aa6402f7cc

    • SHA512

      9b5c5818fc0a11c8dc80b3befd3459a031f411fc5ddba43f7c0737f20ce6b265599790b64897aed448ccff766c98c5f8d0837495a8eecca36777be390f49ec05

    • SSDEEP

      12288:F5TZy7R3lQATwbZ7nayGBFW0eKcGhliIJR6hZxRNYTEiss8ljf:FmV1TdQGhYIe9XiEiss8ljf

    Score
    3/10
    • Target

      $_2_/dlcore.dll

    • Size

      1.7MB

    • MD5

      82ce23aad749aee959820533c0676cb2

    • SHA1

      3aa526a4ed51491b01a5419713d1582a426b7efc

    • SHA256

      a2fd92c7fc26bf2851aaefcc5f0bafd75511794ad0c781e1a715df812f7bd2ab

    • SHA512

      c91f5165059677071a1e2949244dd1ce4e2c5ce58fe38298f1707ff4b6de6981d7c45f8fd5a189a91d154b0c4af25dbaae4e7a51f107dee77f2f51f0150d2707

    • SSDEEP

      24576:pwGG5eolPeydcqelZc2e8A1oifvR2jqWBtwCzSdqyAss3EMMYyL0jT:RGAF28A1oa52O8+rA5EMTyLgT

    Score
    3/10
    • Target

      $_2_/predown.dll

    • Size

      601KB

    • MD5

      e6f2f48d472676dadd9a7d50566ebedb

    • SHA1

      414f0aeaf7fc815d550385cea1ee4d7077f8cf71

    • SHA256

      804b1bb1ee609957eacfae505a98744b40e6967fe5b215f628b94fae6abaae02

    • SHA512

      ac99e0056abf53b16090cd9cef1b5ea6d3ef393513daaeb05e79b5c1d3d564b6cd74013459813f6b1bbc6844866af8a8f504f995a511e0a61264aed72f8bc0f6

    • SSDEEP

      12288:Vh1YB5T6HY2os2bk8HuToha/IwsXFRR9iYvOoq22:vYWH9Fohaq1RR9iYv822

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks