a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c
Size

969KB
Sample

250328-t1bqksyvat
MD5

8ad5786bd8973d15d926e4fd2d4d9a5c
SHA1

8ee7846bab2b6a2b5ef518f6200f9d06762ff1d3
SHA256

a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa
SHA512

4a79d9bda26c14f41d8bbb09a65beec07c05541a0de3d64b5c30b1454708ba63b31d73002fda3f80590d76aa416bd991070e74422051ad2f2afbfd355899d314
SSDEEP

24576:xUP3DQ1pFy9U83Zn8tnc56FctQj5K/jtZrXPz:OPDQ1Ly9AtncRQdK7tZ3

Score

7^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_8ad5786bd8973d15d926e4fd2d4d9a5c
- Size
  
  969KB
- MD5
  
  8ad5786bd8973d15d926e4fd2d4d9a5c
- SHA1
  
  8ee7846bab2b6a2b5ef518f6200f9d06762ff1d3
- SHA256
  
  a2e9381c96ebfac40bf1c3e471d157397d526f5fcd44e2b911460ad493dee4fa
- SHA512
  
  4a79d9bda26c14f41d8bbb09a65beec07c05541a0de3d64b5c30b1454708ba63b31d73002fda3f80590d76aa416bd991070e74422051ad2f2afbfd355899d314
- SSDEEP
  
  24576:xUP3DQ1pFy9U83Zn8tnc56FctQj5K/jtZrXPz:OPDQ1Ly9AtncRQdK7tZ3
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  72f18eaa88886bd0d46de64a17d9720c
- SHA1
  
  e604c84de0ded023cf4c5e215c0534faf1d18227
- SHA256
  
  05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
- SHA512
  
  5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
- SSDEEP
  
  96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  2b54369538b0fb45e1bb9f49f71ce2db
- SHA1
  
  c20df42fda5854329e23826ba8f2015f506f7b92
- SHA256
  
  761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
- SHA512
  
  25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
- SSDEEP
  
  192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PROGRAMFILES/NetMeeting/360.knl
- Size
  
  6KB
- MD5
  
  5c1512b2632927dd12837c74f431061c
- SHA1
  
  b2bea9c32771b258a23c89934d33476518b25371
- SHA256
  
  161941a6efafa22308ea856b4c07b859de3c0b80c0e16874b0483a9e34f46f69
- SHA512
  
  8cfeb98a1fff40c30b3b3dce463a1f2987c4c2028f414b27843375446667df33ee1494b7f3f99a662066af9f9010d656ea7223fca84dd129d74d3f672cac6973
- SSDEEP
  
  192:MjNBQi2529bCkp40e9As/7gS8kPzJszGQ:MjNKN52ZCb0pScS5DQ
Score

7^/10

discovery execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  $PROGRAMFILES/files/3.bat
- Size
  
  3KB
- MD5
  
  175c06ae5ec020506749d7dbd0c72923
- SHA1
  
  dfe43fb80dc91eef02427c9f2ee903225f6b1725
- SHA256
  
  0ab58ea7a47d1050faf4ba0f4d8fe6786be2e5616b662a2a3ed90457ee57d7f4
- SHA512
  
  0a90b1135163dea907aabe6545e7b7d36196a303010e283c235e82c2ac1de38bcde67f330a00a6887a88a7e42e49047096d84e0ea965a268ee27dd78ea900731
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PROGRAMFILES/files/3.vbs
- Size
  
  1KB
- MD5
  
  647fbc4e1b3eea4ee899b37a8ee29a5a
- SHA1
  
  b169eba879ef6b0bdda1906ced2f9036672bb55b
- SHA256
  
  4073d8deeb8790f49fe9d2933e86bb696cc48c928014b4b02e5cd1b2dc1708c6
- SHA512
  
  8d9b4aeeb35c4362d5dc0c5d5af92a624d2b79a3302fa91fc378dc97476b5e2b249d3371ba1c186aecbebe42aa54e10708d8aab966c92f5e7690b5eaaa05cb54
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PROGRAMFILES/files/q
- Size
  
  2KB
- MD5
  
  97af5fe6faf87f3a438f6220e4a67337
- SHA1
  
  431095968ed4b65f95d548a2aee327dd27a23f2a
- SHA256
  
  5ec1a99388aff9ac4333f616df25dbb1e9d2c0ee46fa8c2837c7c329b0c24e73
- SHA512
  
  03f1b50f954af9d2244f7ebc36a27d1334ecacc00ecd307c3aec0c1854357656a6c0d3c2e6f1f081a9d02bd82b3a3490bad52174e58a6104a9aa11e8f973141f
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMP/SeFastInstall3_3201.exe
- Size
  
  227KB
- MD5
  
  97a0b8d4d70e2358f67721496fd901de
- SHA1
  
  f5a39a0636dbe64cfbaa4f5888a620e2ef291bfe
- SHA256
  
  78b79361df52fbafd5503471094af6c21c9d998f53feb57d9cfcf64a8b54d7f8
- SHA512
  
  cfa66b29677ac35c20183e95322916591da1b519e3cf6e7767d2a264eb6b0b80829ae2a2d64eab3836e4c73589789702bfd6ad5157abe547d651e687d7200f79
- SSDEEP
  
  6144:SDez3bkqxR5/zpu9EKR7NutEdfUv95u9rn39Vk+K5d:SDcxRW93NldmkdLBK5d
Score

6^/10

bootkit discovery persistence upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  ֮.exe
- Size
  
  1.4MB
- MD5
  
  5b09029117dedb91f4b06ef3c0e8b94f
- SHA1
  
  6cef43f5147d5fe01b66748157782626cce44c28
- SHA256
  
  4dbc3ae45a04dea291f318cfefdd091af2d6a2a747f4970a1c369752ca093558
- SHA512
  
  fdd0385a7f094774fb77bec9830c7eb62fa081936c55c91539394421d2b0b8dde8ea7bb84a48001814a1e0b496e741cc5ee5c2ebd905c9ef945e7dbb22e38c32
- SSDEEP
  
  24576:SRFS7Iid6Nx7izcFsaWrtLTOITQA6kOStpbspT63cGnD:vDd6ziVTOITQAOpT63cGnD
Score

6^/10

bootkit defense_evasion discovery persistence trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Writes to the Master Boot Record (MBR)

UPX packed file

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20