General

  • Target

    JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e

  • Size

    1.1MB

  • Sample

    250704-vtghxswxf1

  • MD5

    1c6ba00cc76d6c5a4b4188168a6fa57e

  • SHA1

    ecfe3ada8ac06cc7381684e105b201fab81154e6

  • SHA256

    e82578b70f38c43529dc480d53b6150a997da62942547bd0d3a9284c98db008d

  • SHA512

    c15f245c9045111a179733f6f2bc69bb208827eed6d2d56276e84081fad5138987b3b9c86144bef67798bd0c199fcef481e8d44a896dd3e11e968d626054e643

  • SSDEEP

    24576:xAcyRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRN7ih3:0GfQNuN7seJ+2Yk/3ih3

Malware Config

Targets

    • Target

      JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e

    • Size

      1.1MB

    • MD5

      1c6ba00cc76d6c5a4b4188168a6fa57e

    • SHA1

      ecfe3ada8ac06cc7381684e105b201fab81154e6

    • SHA256

      e82578b70f38c43529dc480d53b6150a997da62942547bd0d3a9284c98db008d

    • SHA512

      c15f245c9045111a179733f6f2bc69bb208827eed6d2d56276e84081fad5138987b3b9c86144bef67798bd0c199fcef481e8d44a896dd3e11e968d626054e643

    • SSDEEP

      24576:xAcyRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRN7ih3:0GfQNuN7seJ+2Yk/3ih3

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/Md5dll.dll

    • Size

      8KB

    • MD5

      a7d710e78711d5ab90e4792763241754

    • SHA1

      f31cecd926c5d497aba163a17b75975ec34beb13

    • SHA256

      9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

    • SHA512

      f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

    • SSDEEP

      96:YV2qpbvYSflug0Dvxn6GuKM9sh1gdrN9+oB7FT9WibOoBZcko5N/:Yt5lugRK8hlvbwkKV

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/bind.dll

    • Size

      62KB

    • MD5

      68ab2b372a52864275c3f50a113b3ed4

    • SHA1

      3e3311628026f689751853199ab9c9166231cada

    • SHA256

      fb57e46a9c429c5149e44807679149f9cf3edc559abaca9c1a72fc9864253456

    • SHA512

      9acd0467b449a280733188d12a701ea2ed320a3e8f8e4ba3dce25bcd867ab7c75f1a1fc6bf0e490769ac214ee6c9122c02aec25bac65b91d68ea1e30e5b5442e

    • SSDEEP

      768:/eudUvMaTC7XOrfNT9H77HyOnZsqUb0hh2v9kkDwJtn20EDFvCwWGWxS1GJ9rqof:GMUv/mLqN579nU221kDAvCh+GTr3

    Score
    3/10
    • Target

      $PLUGINSDIR/xID.dll

    • Size

      9KB

    • MD5

      3a5ed71aa9c6846d95d57235c4c443d7

    • SHA1

      08156d29bed654f8f8d7f46ddbce84d22d4710cf

    • SHA256

      5e3fa4d610cb2d80ed9991cb2562bd70c5b4d49dbcf4e42a1017c59eedbe28a4

    • SHA512

      5cdb5059020c20a83f230ae2d75bfb6fd69a03418ba6407336db9f0c653fea1e8f4a51400812da81a8bde2f6e4d95fd80e29eb462e818ddbd881789c00d5d1d1

    • SSDEEP

      192:Lq+oDX4BAl9WNd7+1KUl9xLhMVCXuDAx5n35q6yy:Lq+oDfl9WN8QmxlMVCXu0x5g6T

    Score
    3/10
    • Target

      bin/sdad.exe

    • Size

      395KB

    • MD5

      8f87437f10cd1ae1d2e8a16c74edb3bd

    • SHA1

      2439b6b338091402c08fb51355ffaaa251697875

    • SHA256

      c5e8d908d64d1c58f8cb458e9ece92231283b48397efbb5ed82ef2f11831d600

    • SHA512

      4ae6e48294352a87c34734d5927f73f9728842aa2a23a3ce58717e68b5095b926147f32687b5746520350f0583c76232d430b9d04e21054c890c432ddd1fadd1

    • SSDEEP

      6144:tj6ypnUxOMyinsmrkCA7pZKNPWv9wfaH+vaiUbPbdXjq9:tuypnUxOVijrc7KNvfQ+vaisw

    Score
    3/10
    • Target

      bin/shandian.exe

    • Size

      1.4MB

    • MD5

      5d58564e0c3a20c424c6e2485217773b

    • SHA1

      437a5a65403bfca0a56205388d02829af73c0b15

    • SHA256

      ec6bc95964de7688d7af92813db866e3188b511c3d9217bd7ba8134c729f329d

    • SHA512

      15bc85e95502e09f1edac9720ade75d536ca83e05b051f00998f3786f5fb7c8c577c5b929e1c02bf9d1282579d3be430b7f9dc1fb78d8531a6fc772cdd2d0c92

    • SSDEEP

      24576:TKDRGCmOTybrPjgFMMJHrx9xTOITPJbCSsTMEPTAKhm7Zv+N:Ttwy6NTOITPJboTAKhm7Zv+N

    • Target

      home.bat

    • Size

      691B

    • MD5

      9226a826194dccfbe24baeb5ef8625c6

    • SHA1

      ffa2856e43e0c0a937561f6d88082a8c10373e7b

    • SHA256

      a742f86a3a81a3ffa506797faabe9c107fbe9ae5757ac78e349b5c40831236d3

    • SHA512

      9e181541e208b5a60954dea4148b8b7891f45003e26b19ab8398523026b6d5ba5923796524525de03ca2790f4e3eaf3dd58d685b022ee9bc98741d30b451dff8

    • Target

      shandian.exe

    • Size

      96KB

    • MD5

      3ab67e3bb0941abd2e4c6117904d10d6

    • SHA1

      2439498fc2f2e72aa0bf2d489f16acf8e0f8f8ce

    • SHA256

      79225f50f7751d9294ef966598fc41e21b0e0b3f750c39a7ac1a6c1615fec05f

    • SHA512

      229b64647793b3183409ff31169cfadadc12d8b5387bf68581472533141d232f45a397c5d73248556fc2a4011338e38f0d9fa7d5fb4e1610f7ba5f931461f23a

    • SSDEEP

      1536:/Yg/J6/Rngh15G7yd8MvG7OahYg/J6/Rn:ZJZhm7ydxu73hxJ

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      uninst.exe

    • Size

      99KB

    • MD5

      2d14f7b96c2343e39323637985b8336c

    • SHA1

      3f49f6e8e952f0d139969008e90f4bb3440512e5

    • SHA256

      a1f870ad82c84b6cf3afefc74238ee47d43e0b7b7faeb7ff3c47a3868e367287

    • SHA512

      c0f02e3d81dee28c80dd8148e5c45d350250dea2829a76cf6f04103d71afdaaa1f6321e68c4652a33e528166b56aa3b848708b8bf87c5965d3cc17119c2561a9

    • SSDEEP

      3072:3gXdZt9P6D3XJThTjWmUEVF3BVbIJa1sE:3e34lsmUEVRzIJaSE

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/bind.dll

    • Size

      62KB

    • MD5

      68ab2b372a52864275c3f50a113b3ed4

    • SHA1

      3e3311628026f689751853199ab9c9166231cada

    • SHA256

      fb57e46a9c429c5149e44807679149f9cf3edc559abaca9c1a72fc9864253456

    • SHA512

      9acd0467b449a280733188d12a701ea2ed320a3e8f8e4ba3dce25bcd867ab7c75f1a1fc6bf0e490769ac214ee6c9122c02aec25bac65b91d68ea1e30e5b5442e

    • SSDEEP

      768:/eudUvMaTC7XOrfNT9H77HyOnZsqUb0hh2v9kkDwJtn20EDFvCwWGWxS1GJ9rqof:GMUv/mLqN579nU221kDAvCh+GTr3

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks

static1

installer
Score
3/10

behavioral1

adwarebootkitdefense_evasiondiscoverypersistencespywarestealertrojan
Score
7/10

behavioral2

adwarebootkitdefense_evasiondiscoverypersistencespywarestealertrojan
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

adwarebootkitdefense_evasiondiscoverypersistencespywaretrojan
Score
6/10

behavioral14

adwarebootkitdefense_evasiondiscoverypersistencespywaretrojan
Score
6/10

behavioral15

adwarespywarestealer
Score
1/10

behavioral16

adwarespywarestealer
Score
1/10

behavioral17

adwarebootkitdiscoverypersistencespyware
Score
6/10

behavioral18

adwarebootkitdiscoverypersistencespyware
Score
6/10

behavioral19

discoveryinstaller
Score
7/10

behavioral20

discoveryinstaller
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10