General

  • Target

    JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e

  • Size

    4.2MB

  • Sample

    250127-slchwsvnfk

  • MD5

    40ddc32d54a4be0ccee77eb7a9ec8e1e

  • SHA1

    786cd5076fef8d8aca1e848dd73fcfcb5d624f97

  • SHA256

    23d78901fd7e20c82839a32f829462e76a499674e562746f829debd2ef42bd85

  • SHA512

    9b363fe3a757a09f30b3ca3dae3b3ad822ccaabf014eadaa48c70250f9ffb1df6cb34aa7020a1d9163bb30355af3776b554f7929fa3224c9e6b8ad562542648c

  • SSDEEP

    98304:j0u3zA0O5Dubt8bZjNg9SvptxumXaYyhAfZluujhLqP:j0mMvRubtgNg8vpbfaYeUluujhL2

Malware Config

Targets

    • Target

      JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e

    • Size

      4.2MB

    • MD5

      40ddc32d54a4be0ccee77eb7a9ec8e1e

    • SHA1

      786cd5076fef8d8aca1e848dd73fcfcb5d624f97

    • SHA256

      23d78901fd7e20c82839a32f829462e76a499674e562746f829debd2ef42bd85

    • SHA512

      9b363fe3a757a09f30b3ca3dae3b3ad822ccaabf014eadaa48c70250f9ffb1df6cb34aa7020a1d9163bb30355af3776b554f7929fa3224c9e6b8ad562542648c

    • SSDEEP

      98304:j0u3zA0O5Dubt8bZjNg9SvptxumXaYyhAfZluujhLqP:j0mMvRubtgNg8vpbfaYeUluujhL2

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      6e663f1a0de94bc05d64d020da5d6f36

    • SHA1

      c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

    • SHA256

      458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

    • SHA512

      2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

    • SSDEEP

      192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/SetupLib.dll

    • Size

      251KB

    • MD5

      6a15e1ffba29f5eee8102265603f290b

    • SHA1

      a47f3888628d6e3c0f9c05a802b5c1f7b8003ee7

    • SHA256

      2d3282216fdba84ca77d00deac32cb7d9c03c968a8a82c1d0aaaf7c283ea36a5

    • SHA512

      6ade66f73450167a1175e606bd744dfbd9a3a0207166874b4b41a11171c1bef61f11672141b45a643191801560c9dfbd772971d0ba22b43bda7514b9d6a4ce8a

    • SSDEEP

      3072:PDDnuiQxi3ekNz+vlLy5h76qm1SWgRBCHGh81zbMd7ZvmfXZ3NUtZtdSnPEmP5pG:7DnuQekNz2I36bpIGGAINnZ+nPdJqJ

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      5ce52c5c52c7ece604cb5b07faf234df

    • SHA1

      ab244b4a8caa29ecb24477d1cc1dd8484371176b

    • SHA256

      96ac4ef189260d5d6137c27c9470afbbde382f771fef040e9a6fa3f0ca2e4ecc

    • SHA512

      c42ec0d29350aa59cd783fdad542cd6dfcd983266726c1d45e7bdfcfa9a4302b2119b5081f987d967ec7a99b3b195717da3e839c9c9b8a34aeb38ca0e0d62262

    • SSDEEP

      96:cXEsZNrFQiAYLvx8RxjjL82Orp2YDDBKIakCT9KNotMQl3gJk:cXEsYYLvxcSDBxan9my3O

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b9f430f71c7144d8ff4ab94be2785aa6

    • SHA1

      c5c1e153caff7ad1d221a9acc8bbb831f05ccb05

    • SHA256

      b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655

    • SHA512

      c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099

    • SSDEEP

      192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO

    Score
    3/10
    • Target

      $_10_/ExtensionManager.exe

    • Size

      956KB

    • MD5

      309b7b8cb7ac4bb4776e6477a10d65b2

    • SHA1

      173bffb374da7a963303bceed63afd378731caaa

    • SHA256

      3dc52ec5cba0df1f31ec2888e4fab79f47a3273b3450d4011d18c617f35a0077

    • SHA512

      ab910cd48c20f8cbeb516b163ab6db917c3056e8005001bd596b182458300788562b451ed58bc363d77e43a365633553c23eab12543a72c7099442ba42f1ec60

    • SSDEEP

      24576:3SGRZqu+BVJzwbBJEo3Icf8JZT4cjYG8eT5E:3FLcdzwbBJD3jOT6lYE

    Score
    3/10
    • Target

      $_10_/HWSignature.dll

    • Size

      73KB

    • MD5

      1f44dac59733b07ed8dcd59d36701c24

    • SHA1

      1f94c730760022d6f49de52562b8755461e6f5af

    • SHA256

      8df7ca7ab51d8ec5176439b0b4060008555cd2aee8ce7288d8710ccc522fedce

    • SHA512

      77656e96cdd148ead8bad218431c6301861e8f7e6104cc81ef80d180960a3201ef01b97099464d60f2035770261f28013478c85ee56b1c2897a9a94d42a50ab7

    • SSDEEP

      1536:MO7Dxmyt+JrD5Vtg27vK4k75J1X/V2CRc:MOEygtZSb75J1v9c

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $_10_/ZipLib.dll

    • Size

      252KB

    • MD5

      a6a64eb3fe9b0e60acc54a55af6e8278

    • SHA1

      527aac365292104f95527040507104fdc1ffcecc

    • SHA256

      c889aad509f461baaa302ec93021f837ecf89e01f8156995f7bda9e0e34bbd1d

    • SHA512

      72fcc353bb3e271aa3715c3ddbec518dd4e2eaeeb06ecaa9785b92f0d2a1127c66d9a7c40832706fb8255d137d20049651f887e6f646a66cb60cd15a86b10ac4

    • SSDEEP

      6144:V8JHuqFQyIH9BcDtcCSRzJLKvGEmQQN60:6JHuqeyOBcD1wpKu5js0

    Score
    3/10
    • Target

      5.1.1.4851/HWSignature.dll

    • Size

      73KB

    • MD5

      1f44dac59733b07ed8dcd59d36701c24

    • SHA1

      1f94c730760022d6f49de52562b8755461e6f5af

    • SHA256

      8df7ca7ab51d8ec5176439b0b4060008555cd2aee8ce7288d8710ccc522fedce

    • SHA512

      77656e96cdd148ead8bad218431c6301861e8f7e6104cc81ef80d180960a3201ef01b97099464d60f2035770261f28013478c85ee56b1c2897a9a94d42a50ab7

    • SSDEEP

      1536:MO7Dxmyt+JrD5Vtg27vK4k75J1X/V2CRc:MOEygtZSb75J1v9c

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      5.1.1.4851/ImeUtil.exe

    • Size

      1.5MB

    • MD5

      9a284f64641e6f8e5219f02effa8a3b9

    • SHA1

      60ba5d49b783a73cd0511542eb7075e401d1c08d

    • SHA256

      d12cfef921b75df0d45c4f5c71413d03a68a5b04e227be2cf1b6d2e9694d08fc

    • SHA512

      505804e5d0ee209cb30fd181e7de4b7df98678c73884918fcb5cc234f55655061b15a0aad004098f7ebcec3317a4dbc1c1628883a75733f4d918bd4131140923

    • SSDEEP

      49152:dlBl81nAJfdx79w5sfYl9Bfx6TvTFtyzB:jJ1x79w5syfN

    Score
    3/10
    • Target

      5.1.1.4851/PinyinUp.exe

    • Size

      2.2MB

    • MD5

      152b1e0762587312658bbb1df30707fa

    • SHA1

      265af2cf80c8e920a1dceba5b930cd2f96fb0018

    • SHA256

      6645a2ebf9b6a80550e9e3a1a8ddd15167b3edf224fc644653c1adea1d2cfc77

    • SHA512

      ca6a80b8b230c7c46da0752cc1f6d3abad630394c6173a26611ab61c0d6b21fe874bf7ac66d8a26dba8fa3d4226f45d851059e71269dc904cb0802637524de81

    • SSDEEP

      24576:Rv8U0+fk31FBv3wfNK5hZvT9m54NQtMOtFPVaDT9JMKiyoa45fK4Zjw35hzZatNA:RvzNKmIvMKiDaww3FG8fvGTYpToU

    Score
    3/10
    • Target

      5.1.1.4851/QuickInput.exe

    • Size

      1.1MB

    • MD5

      6a5c8ec4fd58b943cea063954530b461

    • SHA1

      2dce20887a098fcd1d4f75d44d78e1f1fc62c44b

    • SHA256

      bbbe12b65903a9cd4677a2c743f24abaf8dbece2dd98ea731926fa35a5bd20fe

    • SHA512

      efbdeb4523da05cdfe35382480dc7c6c2091e5083b1e0b5e6465d0daeef31eabd74c78f533682e5b249b184c0aaaef9a3c19eb086bcec41657e818c488deea63

    • SSDEEP

      24576:3XnwEhDicOCpRBd2ZUqVol1Nv8mMqYuxm+XTRcj1N2nle:nBfc1Vol11aSXTnnle

    Score
    3/10
    • Target

      5.1.1.4851/Resource.dll

    • Size

      582KB

    • MD5

      8f0181abb034be415a5df9fdf27879a8

    • SHA1

      d17528cd3a834a4253f9132db10bfa8332cee516

    • SHA256

      1c1695162c38f5f9ad281115ca5840d581b4f2f2f85f363600bcbb9840ede5b4

    • SHA512

      a9125cece9481c61fced3940e6671d9bfe21469cc7285c16fd5332c154ee68f6ab06a2e11df8a5848af137d1a3e9767e6bfd91e3e17926bbf4c7de71dc68bc65

    • SSDEEP

      6144:OO4bfNEJEWLd7KnIsm3WN2HSLdCeqoU6JWrj:p4bfNAEiGIsJySLdrPJ2j

    Score
    1/10
    • Target

      5.1.1.4851/SGTool.exe

    • Size

      70KB

    • MD5

      db49c43d03333c29cd4fce90a1cfd9e4

    • SHA1

      4f2162faf8fa7d4e21e74765be9a8b76594c5518

    • SHA256

      8bc6d9ef6ce1b493ff27b445ded4487e5ac001821942f65586ef63568e9f4420

    • SHA512

      bfc616e78d70a7e63b919b4affcf96e6b19623dec25a94ef0e30ddbec726ffcd4ea8f10b3fb90f44edbad589e7f88a5e53f34d13101dc05fdb034961c8f3b7de

    • SSDEEP

      768:RVLaxGC+5kWtE5cYYsXeGz28Xxrz34KGNLiJd9ezWJUl1zPxawLHG0aOf:RVLGukHzXeCxvoKG+dJJUl1T0wzei

    Score
    1/10
    • Target

      5.1.1.4851/ScdMaker.exe

    • Size

      635KB

    • MD5

      c573e9ea8881d207977a6d3770b77137

    • SHA1

      8a1f8006c88367c98d5fe416019153e3df54888d

    • SHA256

      68f8835057d26b77c8f54af54ae1eaefe5f164e1781928dc79f72ce6ef93528c

    • SHA512

      23a1483986c4fbe123755cd8f486b2750a5ca189c5c96118c2e77ae5d7f666e9d47ff4b1a98b8690e5576f395190f244af2d4d57262d5f2e1dadecc1f82784ed

    • SSDEEP

      12288:2qv2VvicOWygeQ//Bn5OPDpUCVVagpkjo++wYDBAl5gMtgf88:3cOYXIDtHpWo++wYDBkiMif88

    Score
    3/10
    • Target

      5.1.1.4851/ScdReg.exe

    • Size

      722KB

    • MD5

      5a5b584a6ca71b141977360d991caeba

    • SHA1

      ae26bd78515a48d43e0e5162a1034e4d95630f1b

    • SHA256

      4d3ae26d49f8d0ad5ad02a86810af3adcd7cf6a8a9b6e3c50ac2e66d743bdc70

    • SHA512

      92f4f42784fa63c049d747d26885775abc8ad7063bf72454b00c1f7ccf2acbf9f3d2951a76bc04af9f2195d5f270360004971594e9f84f287cc1b7df0ecf7cb0

    • SSDEEP

      12288:V7hnz7p+F7W0hoeEzXrzVbIF0KHHlQeMAN8GMCnQv64c+8Nql:7z7O7W0hMzqi8HieMAN8GMiQvMDNql

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryupx
Score
5/10

behavioral2

discoveryupx
Score
5/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

bootkitdiscoverypersistence
Score
6/10

behavioral14

bootkitdiscoverypersistence
Score
6/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

bootkitdiscoverypersistence
Score
6/10

behavioral18

bootkitdiscoverypersistence
Score
6/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10