daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801 | Triage

Sharing

General

Target

916c6a32602001110ea3aaa636c6a682_JaffaCakes118
Size

1.6MB
Sample

241124-aaf3tszlbm
MD5

916c6a32602001110ea3aaa636c6a682
SHA1

450fa1e20fc55b48bb6d268d133a9298353e3c0b
SHA256

daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801
SHA512

74c5f24589cd2541df5ac0297746d35346ba342992315697fad6838a9fd67f5adb921304d570a57e01278aae7da5d6767df5533b140e15f9c0e44cb7dc02e642
SSDEEP

49152:+OL1JKKG61fEFTd6tpWIk0tOTjAXOgfQ1ZAejAHU:RAO2FuwIkBI+rU6

Score

7^/10

bootkit discovery persistence phishing

Malware Config

Targets

- Target
  
  916c6a32602001110ea3aaa636c6a682_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  916c6a32602001110ea3aaa636c6a682
- SHA1
  
  450fa1e20fc55b48bb6d268d133a9298353e3c0b
- SHA256
  
  daaaf8f57839df3645b9a65a3223483c5ff9b01840e179242158d1b8a948a801
- SHA512
  
  74c5f24589cd2541df5ac0297746d35346ba342992315697fad6838a9fd67f5adb921304d570a57e01278aae7da5d6767df5533b140e15f9c0e44cb7dc02e642
- SSDEEP
  
  49152:+OL1JKKG61fEFTd6tpWIk0tOTjAXOgfQ1ZAejAHU:RAO2FuwIkBI+rU6
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  79be350c8381293abb045bbd2a7b5f0a
- SHA1
  
  0b4e6d482cae461e36c2b47661ef586545162e23
- SHA256
  
  3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51
- SHA512
  
  1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28
- SSDEEP
  
  192:/6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTSK72dwF7dBdcQOz:/6JaVh4I5rpPbTS+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  cfbae93f361e2b430743e423709a483f
- SHA1
  
  9d31546592a9e6817025cc5026fee769e9a6c015
- SHA256
  
  0f4aac375087f0a5df393d7463bd462193008922136a2aba8619736223ba7add
- SHA512
  
  485bc9c83087a1a6f48a5508ee390384c2db93b9d50c295280337dad78b47f65aaa0caea8d6d23ef25f86b73cd2e724cb88a738f6b53037e47225c6522f912b3
- SSDEEP
  
  192:MO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a1gMO:9KAFERdlxhGRYUzqZa1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Spy Monitor Help.chm
- Size
  
  823KB
- MD5
  
  c1a92ea144b2321d57979bf1be07b7d5
- SHA1
  
  2949c9d0725469eabbf167eb182d6e7a06c79f3e
- SHA256
  
  d81c7f1cf52046585784fc104edc8827f4c9b1ccdc625bb127cd568fe8cb54ba
- SHA512
  
  402bf88004d4a492efb952a1c161357b2abd41385c6cfe6b11dcf6016ea8904f6655764858c68e98941692866c7f2b583350001905a1f8d691bfb0445a64a99a
- SSDEEP
  
  24576:UTWxO7EfOD/jvRQJc2TDIjosMTdpRXzLz:UxHDbRMcwDIjJMTdLz
Score

1^/10
behavioral7 behavioral8
- Target
  
  ijl15.dll
- Size
  
  284KB
- MD5
  
  3eb6bb346d469549b4541ab4e316242e
- SHA1
  
  8b0cec62d2052dc75015126eb34b334694a4f60e
- SHA256
  
  54fe416f6d6923e92af66f56cef46dad1bd05a2e187a02e41761d7b082addfd2
- SHA512
  
  51b80f3c83016e3160fca6265b4b52d38a6437b77505a07a652e0ab0946cd11068b5088625eb94c57ceba9dea42604e75ea0a1aae9c7cda0b7558438493e4acc
- SSDEEP
  
  6144:57jZjXuWkZsGuEyW8FGR9+Dd6k7iddwFic+uow:57jZUZyXFGREjWdvc+uow
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  setalc.exe
- Size
  
  32KB
- MD5
  
  9867c274cb100eedb096ac73a24f3009
- SHA1
  
  7ba1090440509366b9aa3d1c5d1f873ed6a69a0f
- SHA256
  
  86a9eb0965b482d10d48390dd3b85bb136f0aca12643ee2261f44f59d5bee3bf
- SHA512
  
  37fea4af3bb61dc1bcde8f8532b4ae98bb310800a0180665c9e2ba000a98bdeb702c7d1088e5586178b1a1b469b986a7fd7904edb4ddce5716e08b944216b2bd
- SSDEEP
  
  768:E9appBajcz0Pom3yMRw2GzHgRtvthk4eF8CkbF5871mJQzeSE:npijcwPomiOQHSv4TmJwxE
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  uninst.exe
- Size
  
  40KB
- MD5
  
  fed31d5a20a7be2d8771cc6623b5ea11
- SHA1
  
  ed1d23d5811f2a7a5865290f5d9f123c59a81305
- SHA256
  
  6c819aca63908aadd546b7497cd2f3c76b857b1bd0577df939c3eb57d468a0f3
- SHA512
  
  c146ef99dd295c7daf760544f2e8a5af9bbe5ff27abe0c806629f80c8a19e2766e0d4694ba8112c5fed658c801bd8f34b8ef4789b27d71ad632fa969c519f648
- SSDEEP
  
  768:o9appBajcz0Pom3yMRw2GzHgRtvthk4eF8CkbF5871mJQmQciFtWUIF6:jpijcwPomiOQHSv4TmJpQcq7
Score

7^/10

discovery phishing
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  wmispe.exe
- Size
  
  684KB
- MD5
  
  69058bba0b0ce086c23d0b50fb712fd6
- SHA1
  
  73c45dcf072ebeac0f7e8ddce7a80ad5e9df9049
- SHA256
  
  c60d6122c82f694d05e4e54446ddbf980bed657c6131ba51e4c359dc56dec701
- SHA512
  
  2bd8a8520c185e94dfa98abfe2433e79599a150b0a97edc8b8f0f74d45ca6a524a14f3aa633a22c8989dfd008248f4739614b3caf623cbedf983f323ce80ccb1
- SSDEEP
  
  12288:Ly0mm/XdI/uQ/hUEBk/XXpy5MlE2Xxioxc46bgk76+esTCmpi:LVu/PDsXpy5pqio2bH2mpi
Score

7^/10

bootkit discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

discoveryphishing

behavioral15

bootkitdiscoverypersistence

behavioral16