Overview
overview
7Static
static
35197601d32...18.exe
windows7-x64
75197601d32...18.exe
windows10-2004-x64
7$APPDATA/D...er.exe
windows7-x64
6$APPDATA/D...er.exe
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$TEMP/7za.exe
windows7-x64
3$TEMP/7za.exe
windows10-2004-x64
3General
-
Target
5197601d3263fce60649415662ad878e_JaffaCakes118
-
Size
521KB
-
Sample
241017-lpqflawalp
-
MD5
5197601d3263fce60649415662ad878e
-
SHA1
d0ed76a028aac5c25ef35e794a5f46722ed7d9d5
-
SHA256
1ecac9baae9daf7c7766ff7683570166d3be1031542475546c4db44e850dcafa
-
SHA512
b3edb5135de6e1321e780cf878801e362134852b2d22ad3ef087e14a20dccd1bf55c1c9ee2cdb6266f70d4ee430d9c14764e778c03209a501b4cbea6fdbb6a68
-
SSDEEP
12288:ibemqOid95Fl3kg7RVq8Nik6Kf6eeUgJi3HnzdeKnPkxgLOOk:ibRUdD3zXH6JeRgJi3nx5bLbk
Static task
static1
Behavioral task
behavioral1
Sample
5197601d3263fce60649415662ad878e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5197601d3263fce60649415662ad878e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$APPDATA/DivX_Installer.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$APPDATA/DivX_Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$TEMP/7za.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$TEMP/7za.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5197601d3263fce60649415662ad878e_JaffaCakes118
-
Size
521KB
-
MD5
5197601d3263fce60649415662ad878e
-
SHA1
d0ed76a028aac5c25ef35e794a5f46722ed7d9d5
-
SHA256
1ecac9baae9daf7c7766ff7683570166d3be1031542475546c4db44e850dcafa
-
SHA512
b3edb5135de6e1321e780cf878801e362134852b2d22ad3ef087e14a20dccd1bf55c1c9ee2cdb6266f70d4ee430d9c14764e778c03209a501b4cbea6fdbb6a68
-
SSDEEP
12288:ibemqOid95Fl3kg7RVq8Nik6Kf6eeUgJi3HnzdeKnPkxgLOOk:ibRUdD3zXH6JeRgJi3nx5bLbk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$APPDATA/DivX_Installer.exe
-
Size
123KB
-
MD5
c5fac72a6adb2183930a3e4ae9918a5f
-
SHA1
a3a60097d6312bed4fcda4fa6c4ecd86c140da19
-
SHA256
c27fd98bcf7260783b3b08776a3bbf93576c2e57bf386fa33e02220463496eaf
-
SHA512
70eb0795169781d0e38d023c46e03c9bf2b121c489720a818a0a49a24582310c799b129bcfe412f6c57dac41f0ba43a3feca51cf81f731651cefa0c6391fa47a
-
SSDEEP
3072:nUHrWJNaBMYNaZ+TZ8GIeXytUcvj7WNa0x1/oFIQtE:wrWi1TZ3IeMI80ToFIO
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
a7cd6206240484c8436c66afb12bdfbf
-
SHA1
0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919
-
SHA256
69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926
-
SHA512
b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904
-
SSDEEP
48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe
Score3/10 -
-
-
Target
$TEMP/7za.exe
-
Size
523KB
-
MD5
e92604e043f51c604b6d1ac3bcd3a202
-
SHA1
4154dda4a1e2a5ed14303dc3d36f448953ff6d33
-
SHA256
fa252e501332b7486a972e7e471cf6915daa681af35c6aa102213921093eb2a3
-
SHA512
ef396d94d83fd7a588c6e645ea5fcfe24390440a03b3bf0ecd05ca6749fd3f9561dfafe725ee0edea51a34d52af26cd311e768aa72f75686cc796abee4757d43
-
SSDEEP
6144:JuVUUjwolg4owroOvHlq1t423ykka8dX+wWAZF5ULT0pny+6BTXQ02kAfpkKu/Ti:JuVUpob/8OvHs3tbP0pvxkep5ZN
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
1Pre-OS Boot
1Bootkit
1