General

  • Target

    5059024812c3d0e408fef74d0b5f6627_JaffaCakes118

  • Size

    8.8MB

  • Sample

    241017-cx3apaxfqc

  • MD5

    5059024812c3d0e408fef74d0b5f6627

  • SHA1

    359889f96c5044ba28fdae76583b9049d6401184

  • SHA256

    a471c1aa3ffa444044075af5eb8f64ef7db73d7d0011388602d6b42b16b585d2

  • SHA512

    f32062ef9ad0b20e9770600d2052392197389801bf67783c5859077ca8494c9fe5b0c34d11aaf2439eba1888fb641139fcd4c5f8df422b1b5429ed8f5ba2078e

  • SSDEEP

    196608:2EPBTPeryMdaHQoSBqSiQ4fbzGh4g1KbGxyt4B2ifgrEhQPnudS:7P9PspeAJiQGyh4rKxytoEgWPf

Malware Config

Targets

    • Target

      5059024812c3d0e408fef74d0b5f6627_JaffaCakes118

    • Size

      8.8MB

    • MD5

      5059024812c3d0e408fef74d0b5f6627

    • SHA1

      359889f96c5044ba28fdae76583b9049d6401184

    • SHA256

      a471c1aa3ffa444044075af5eb8f64ef7db73d7d0011388602d6b42b16b585d2

    • SHA512

      f32062ef9ad0b20e9770600d2052392197389801bf67783c5859077ca8494c9fe5b0c34d11aaf2439eba1888fb641139fcd4c5f8df422b1b5429ed8f5ba2078e

    • SSDEEP

      196608:2EPBTPeryMdaHQoSBqSiQ4fbzGh4g1KbGxyt4B2ifgrEhQPnudS:7P9PspeAJiQGyh4rKxytoEgWPf

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/HWSignature.dll

    • Size

      70KB

    • MD5

      35413d9cfc133632a3db8916943acdde

    • SHA1

      040297404b11a99f27b5bdccbf25a8651738efd0

    • SHA256

      2ec96080110807daf9aaa438326a8b074aa67f0f7819a71411e567ef65ec5bde

    • SHA512

      7ef43f8550f9929413fffd405980fe593c25f4a436b4cfd7c4a41c3a3198d431b1aee850fbca27d3708caff80a13c4c3570e074bd07761b6ea348ebc73500e71

    • SSDEEP

      1536:0oLOWpU7Q/tjbMyS4SbNg375i7JyH2CRx:0oLOmpwNg375i03x

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      6e663f1a0de94bc05d64d020da5d6f36

    • SHA1

      c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

    • SHA256

      458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

    • SHA512

      2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

    • SSDEEP

      192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/SetupLib.dll

    • Size

      244KB

    • MD5

      300b14178e714bb3c1447722055d9674

    • SHA1

      615ede6eb84c1f4cbf02a60a13f5665119b8e8ad

    • SHA256

      697bda5f0f8940aed9b7dc13fd1fc14428aeee0172ba2e8560b11b5a52a631e9

    • SHA512

      663bdc43e5798393bed4863bb0ed60ab6f0c4e89178cc626c98026a9903530ca2aaa449a7e774e43c2fba24dd2cafb43ba25f961ac617ec5710c1952d2dbc100

    • SSDEEP

      6144:h4bND5dsRhj6VBCf94jqqM3A+yZHQZPALNrDo:hgDfsRU/Cf9iq/A+yZwyo

    Score
    3/10
    • Target

      $PLUGINSDIR/SogouPY.ime

    • Size

      2.4MB

    • MD5

      915c2a62b4b0e24d671e98cd3c57e2bd

    • SHA1

      9375d3776ffdaef5eef7f71d3663216fc6312c2a

    • SHA256

      0cef4e95cf7f15922fab14912a3a669f8de80b6e25cf461ac97ccfb3a445de04

    • SHA512

      b832fd2b0e6d032fac4156fcccbf2890f2843fa7d1c809110965697176f7d6f36a6e9386b1289fcee1f18180344928f348d99e9ad2de0341e1702fae58ac6826

    • SSDEEP

      49152:6n61T0AlrCOKwdi8ETJ2RLoCK6A4qTD4WEiQ0I5MRC:U61TNObogQLzK6A4liNW

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      5ce52c5c52c7ece604cb5b07faf234df

    • SHA1

      ab244b4a8caa29ecb24477d1cc1dd8484371176b

    • SHA256

      96ac4ef189260d5d6137c27c9470afbbde382f771fef040e9a6fa3f0ca2e4ecc

    • SHA512

      c42ec0d29350aa59cd783fdad542cd6dfcd983266726c1d45e7bdfcfa9a4302b2119b5081f987d967ec7a99b3b195717da3e839c9c9b8a34aeb38ca0e0d62262

    • SSDEEP

      96:cXEsZNrFQiAYLvx8RxjjL82Orp2YDDBKIakCT9KNotMQl3gJk:cXEsYYLvxcSDBxan9my3O

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b9f430f71c7144d8ff4ab94be2785aa6

    • SHA1

      c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    • SHA256

      b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    • SHA512

      c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

    • SSDEEP

      192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO

    Score
    3/10
    • Target

      $SYSDIR/$R1

    • Size

      2.4MB

    • MD5

      915c2a62b4b0e24d671e98cd3c57e2bd

    • SHA1

      9375d3776ffdaef5eef7f71d3663216fc6312c2a

    • SHA256

      0cef4e95cf7f15922fab14912a3a669f8de80b6e25cf461ac97ccfb3a445de04

    • SHA512

      b832fd2b0e6d032fac4156fcccbf2890f2843fa7d1c809110965697176f7d6f36a6e9386b1289fcee1f18180344928f348d99e9ad2de0341e1702fae58ac6826

    • SSDEEP

      49152:6n61T0AlrCOKwdi8ETJ2RLoCK6A4qTD4WEiQ0I5MRC:U61TNObogQLzK6A4liNW

    Score
    3/10
    • Target

      $SYSDIR/SogouPY.ime

    • Size

      2.4MB

    • MD5

      915c2a62b4b0e24d671e98cd3c57e2bd

    • SHA1

      9375d3776ffdaef5eef7f71d3663216fc6312c2a

    • SHA256

      0cef4e95cf7f15922fab14912a3a669f8de80b6e25cf461ac97ccfb3a445de04

    • SHA512

      b832fd2b0e6d032fac4156fcccbf2890f2843fa7d1c809110965697176f7d6f36a6e9386b1289fcee1f18180344928f348d99e9ad2de0341e1702fae58ac6826

    • SSDEEP

      49152:6n61T0AlrCOKwdi8ETJ2RLoCK6A4qTD4WEiQ0I5MRC:U61TNObogQLzK6A4liNW

    Score
    3/10
    • Target

      $SYSDIR/SogouPY.ime~

    • Size

      2.4MB

    • MD5

      915c2a62b4b0e24d671e98cd3c57e2bd

    • SHA1

      9375d3776ffdaef5eef7f71d3663216fc6312c2a

    • SHA256

      0cef4e95cf7f15922fab14912a3a669f8de80b6e25cf461ac97ccfb3a445de04

    • SHA512

      b832fd2b0e6d032fac4156fcccbf2890f2843fa7d1c809110965697176f7d6f36a6e9386b1289fcee1f18180344928f348d99e9ad2de0341e1702fae58ac6826

    • SSDEEP

      49152:6n61T0AlrCOKwdi8ETJ2RLoCK6A4qTD4WEiQ0I5MRC:U61TNObogQLzK6A4liNW

    Score
    3/10
    • Target

      $SYSDIR/SogouPy.ime

    • Size

      2.4MB

    • MD5

      915c2a62b4b0e24d671e98cd3c57e2bd

    • SHA1

      9375d3776ffdaef5eef7f71d3663216fc6312c2a

    • SHA256

      0cef4e95cf7f15922fab14912a3a669f8de80b6e25cf461ac97ccfb3a445de04

    • SHA512

      b832fd2b0e6d032fac4156fcccbf2890f2843fa7d1c809110965697176f7d6f36a6e9386b1289fcee1f18180344928f348d99e9ad2de0341e1702fae58ac6826

    • SSDEEP

      49152:6n61T0AlrCOKwdi8ETJ2RLoCK6A4qTD4WEiQ0I5MRC:U61TNObogQLzK6A4liNW

    Score
    3/10
    • Target

      $_2_/ExtensionManager.exe

    • Size

      942KB

    • MD5

      ed7ab5070de04c9dad64558cfb7c9818

    • SHA1

      87ae45606a7a5ac7884ee2dea5b72b3f8dae1046

    • SHA256

      13b60bcfe49220b3e5dda1ed8f395e4c2bdff8db2fb914b224b6aa4765ae1db7

    • SHA512

      1cc264725b51384d950b83b3cd255f9054a05b7b4d58c156f156d2bc91699ee6eafec037f380f9cf50c5899bd43fac6d1af0d3a41dbf7a89dbdfdfc7b2c6e312

    • SSDEEP

      24576:BRyOtmeqleCVmYJAZzSdsLjTacjfQ8eTLA:K3xJAZzosHTTHSA

    Score
    3/10
    • Target

      $_2_/HWSignature.dll

    • Size

      70KB

    • MD5

      35413d9cfc133632a3db8916943acdde

    • SHA1

      040297404b11a99f27b5bdccbf25a8651738efd0

    • SHA256

      2ec96080110807daf9aaa438326a8b074aa67f0f7819a71411e567ef65ec5bde

    • SHA512

      7ef43f8550f9929413fffd405980fe593c25f4a436b4cfd7c4a41c3a3198d431b1aee850fbca27d3708caff80a13c4c3570e074bd07761b6ea348ebc73500e71

    • SSDEEP

      1536:0oLOWpU7Q/tjbMyS4SbNg375i7JyH2CRx:0oLOmpwNg375i03x

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_2_/ZipLib.dll

    • Size

      252KB

    • MD5

      ed662b8a2d3f7104840c0de0794be127

    • SHA1

      2b342c34d9ff8b7831da59280c2b6b9572ae0368

    • SHA256

      c6d17722204e51d2fa1a8df15c6b761fed85d356d98df459359f347638cc53c3

    • SHA512

      975d186d92d3b4edf371557a53675c57a29a42a197266331bfd95486f45c594404c7dbc4924c9f68d212950b9cd265676b3022be1a3f667032be1fcacbd89738

    • SSDEEP

      6144:V6LcB9KdeojJEhEkZQmZ4scCMXsvWWm0htt:QLcBQeoChEktKs7uzQtt

    Score
    3/10
    • Target

      5.2.0.5374/HWSignature.dll

    • Size

      70KB

    • MD5

      35413d9cfc133632a3db8916943acdde

    • SHA1

      040297404b11a99f27b5bdccbf25a8651738efd0

    • SHA256

      2ec96080110807daf9aaa438326a8b074aa67f0f7819a71411e567ef65ec5bde

    • SHA512

      7ef43f8550f9929413fffd405980fe593c25f4a436b4cfd7c4a41c3a3198d431b1aee850fbca27d3708caff80a13c4c3570e074bd07761b6ea348ebc73500e71

    • SSDEEP

      1536:0oLOWpU7Q/tjbMyS4SbNg375i7JyH2CRx:0oLOmpwNg375i03x

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      5.2.0.5374/ImeUtil.exe

    • Size

      1.3MB

    • MD5

      9b0306883da6862089af86377129c327

    • SHA1

      efef97788b2dcd295d5d9d332b832c5657728f93

    • SHA256

      2fdb3e91189e665837fde028ca6cee1c8b9b2b904f8444bcacd3a37222db0b71

    • SHA512

      58709536d7894c3935b2e2d2a9e76b1f290ed30f3d1d499cd7b597079f2f307404e1cbf5ec5734d374f0d783e59ffa24f3ba47853aff6e397b4ff12eda80db1c

    • SSDEEP

      24576:L0BGN6lVQIV2OQMywaSUI02CAFWwBnMljvK5LzJ91TrvcjOiWL8:LRIwFwgN6MljvK5nBTbiWL8

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryupx
Score
5/10

behavioral2

discoveryupx
Score
5/10

behavioral3

bootkitdiscoverypersistence
Score
6/10

behavioral4

bootkitdiscoverypersistence
Score
6/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

bootkitdiscoverypersistence
Score
6/10

behavioral26

bootkitdiscoverypersistence
Score
6/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

bootkitdiscoverypersistence
Score
6/10

behavioral30

bootkitdiscoverypersistence
Score
6/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10