General

  • Target

    7e8d5f27dc9214ef44f816f520b24808_JaffaCakes118

  • Size

    2.2MB

  • Sample

    241030-ktfxaaymfs

  • MD5

    7e8d5f27dc9214ef44f816f520b24808

  • SHA1

    4b05dce2dd6a33bf960ea04c7b0d09896c890e17

  • SHA256

    61e5394fd73025f83f23483a4f16eae08555dc4571c6ed4a3e720ff0f4f3b459

  • SHA512

    6ce5bbf6fc448bb18272c125820662e6522ac99e0276a871e1ddc923d7f3181e7ed744946742426c5e9fcc8cfead87d4f31c420a3d168504dbb4a15be484bac4

  • SSDEEP

    49152:9CYES6nS6zjsNJLLICD8VXvEARpN+PyahfEfNmP5ggvvItHuvlWm0+:QYES6zjsjICD8ZvEALN+XGfOgGKH4YmH

Malware Config

Targets

    • Target

      hongjing2012/2012/红警全能王v2010.exe

    • Size

      1.0MB

    • MD5

      7ff0bf0155a77e93f86216aefceab475

    • SHA1

      ab65d99772cb00ca6d686120ce5e5d206ddc3975

    • SHA256

      2c6bd4d46cc9505b7d502da962ee34aa62fcad728e800fd50e8d8ad8505dcca5

    • SHA512

      92849fe1a18634f74c541b114533266fe7c328bbb33a3e31360b91d2b343dd9b3b49640eb787fa3c80deee992c726d166bd6caec8414bd8a8d563ec3e428a0e4

    • SSDEEP

      24576:soahC2h99zfs3wl76HyFf6Mhng8dNAomDAHnrf6XRbJDRM4:svsm99zfs3wl7ca6Mh3mkEbJy

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      hongjing2012/QQPCDownload62006.exe

    • Size

      1.7MB

    • MD5

      794c3eb4fef63952c7aa5533d37e1733

    • SHA1

      cc19a693ebd0374bf3e003b90c8e61167fa455fc

    • SHA256

      21052c71170b56361d13bca875eacb563a485c33a0d4c1a2e48ef0cfc45b6a50

    • SHA512

      c2be3723d9a2951e6a325ca155eb3eb5ce0df2b231b18a6948e54eae15950ba2c7b029458a9c87fff673e969eed5aa88ac8d7c873954edfeaf511c024a55a26c

    • SSDEEP

      49152:UCP9GmXFeYTNFAbl8Qy1W22asOLA7yHIHCkGG:4eeLlgs2fnLA7yHKCkl

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      hongjing2012/运行程序.bat

    • Size

      205B

    • MD5

      dc8cb926f3682dfc6774bfb8b71dc621

    • SHA1

      cfa08810cc2433c973a905f59ea6d4849efbc8f0

    • SHA256

      cd1d2394d060c12332e011ac6f250e859fc36936c17168f828a7538925eab240

    • SHA512

      d60031d722e1ad820d040352c4bf376aff060bf13623c91f1a2ec195b74ed1d3a1a867ddf75b4ba28763240e380215cc5245e992821bd2add01400c6b09b4142

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks