a00efafb9deb99a99bfdd34f55818983e9cc675d1cac6b71b9fec4b0bea1aa56

Sharing

Copy URL

Twitter E-mail

General

Target

1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118
Size

3.8MB
Sample

240701-j9pzfs1dnh
MD5

1a953973ae8428f6f44f37c6fdae3d68
SHA1

13337723278cf301891f6372451123552b9bf97f
SHA256

a00efafb9deb99a99bfdd34f55818983e9cc675d1cac6b71b9fec4b0bea1aa56
SHA512

8547d333fc7d24a9e6662e4a34b7cf544783acc8c54b422f51ed81b3fa6819e93a07ba46bdb4bb0d31c7256abb748b20797475c849c5b026574a9f08b26879c1
SSDEEP

98304:cdaT/7lJGQLHsaVw+OCzYSnKaWFZ45wVtew/ORnC0N5:cA7lJhWg/KamcMIw/OF3v

Score

7^/10

Malware Config

Targets

- Target
  
  1a953973ae8428f6f44f37c6fdae3d68_JaffaCakes118
- Size
  
  3.8MB
- MD5
  
  1a953973ae8428f6f44f37c6fdae3d68
- SHA1
  
  13337723278cf301891f6372451123552b9bf97f
- SHA256
  
  a00efafb9deb99a99bfdd34f55818983e9cc675d1cac6b71b9fec4b0bea1aa56
- SHA512
  
  8547d333fc7d24a9e6662e4a34b7cf544783acc8c54b422f51ed81b3fa6819e93a07ba46bdb4bb0d31c7256abb748b20797475c849c5b026574a9f08b26879c1
- SSDEEP
  
  98304:cdaT/7lJGQLHsaVw+OCzYSnKaWFZ45wVtew/ORnC0N5:cA7lJhWg/KamcMIw/OF3v
Score

7^/10

bootkit discovery persistence evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FileInfo.dll
- Size
  
  46KB
- MD5
  
  25aa25fcec2065cdf81f77d2153a63a7
- SHA1
  
  e09b96d596323201ce5586daa16c9b8ecfaa7654
- SHA256
  
  ba62fc93cdd027de00af9cbaf31bf102d47fe9f1d74493ebf6faa2f2c9982435
- SHA512
  
  5de8b9ca1b38fba4f63756066d10a0312acafe9c051645fd192e500d1cff23a21845cec2d1fb1002ddf7002f9f6ae3962fd6087f3ab793d9630c33e35d6aba64
- SSDEEP
  
  768:tAZ9soz3qR9QI6vY+V882mIqfhvsXRi1wOieGtJOQ:uZ9jqR9dP+7hvx1wO4tJOQ
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  56KB
- MD5
  
  8a4b879da60260c2ba80b246ce514839
- SHA1
  
  8efbc9f5c4d8b18b0edb4a9f3745c162e85b97eb
- SHA256
  
  bf68ebbdcc0906e74156154fe70652d64410c754cee155e47216ceffdb77f9a0
- SHA512
  
  79f211b0af92c2efade03169e3108566cf7cdacecc4253ecb16b871957005c1691c163aa265b3a3430b9dcf951fe3ec8e9bec7c6b87e1bbc1066b3c56d6bf30e
- SSDEEP
  
  768:CWOfBb2ozjdNJhig26W7ziwgyQYnpoAtWYjOMbo:fOfooPlhIZWwgy3ltNxbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a82b0479708b96c7bf4dd6b798aedee0
- SHA1
  
  7e47b402848a86bdddd5f0de8bb4620471caaab0
- SHA256
  
  72410442a894b8316da6ad469f03997ec17c0b0d117745bb6ac5cac3232c7d20
- SHA512
  
  02e07def3897d87d546c0cf1492191591be587f64ae5c165b9a91fb977585c65a860135eb8c102b67dede913ea935459ce70c4ca973b292122c8d097ab130d58
- SSDEEP
  
  192:hCZej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7y6G:hCi2HgN4GbeWmbI4Eybogia7y6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  329f721e5109a9731f114c58c03ca6d1
- SHA1
  
  a2b346099a35792d80e1dfe8f408695ef07e05b5
- SHA256
  
  6a8aaa3940cc292bdc61603f51c2f8328a8d1614b998485e0de08347631615b6
- SHA512
  
  b6eedc986dd80157541be4d65490d0df2ef6ab3248800fb15e23f517ebcff3687c4d4cc51908cd779b50db5d76da6c946f4a05ddc79405248dd91566547cd7ca
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  a3c40444a87d4fa00c4d3a432561917e
- SHA1
  
  3f9a66255f8f360f1702a3e28055a003fd2e0986
- SHA256
  
  813110186ec95d7f8294c7018d191983a96c20f5ba0b7c81d64406be92e98296
- SHA512
  
  4d9174e62448c599577045a3cf8150596ed27611ce065945ab85b9488126e60357a9892d7faef25d69c416a929c605fabb2f7de87371293fc2d4e8299686666e
- SSDEEP
  
  192:0zQhZDqlJcKISw99ioU3MSfwLF/+nhHUbsdz:0zoZDGKYw9goWyFGBUmz
Score

3^/10
behavioral11 behavioral12
- Target
  
  Coral.dll
- Size
  
  583KB
- MD5
  
  afac79e92e3785299f191e74de3f366a
- SHA1
  
  d00b781bffff2967a434bc8cb69d4e6202e6f57c
- SHA256
  
  e2fd8e0e1de3035c9cddc201fea8cbdc89f91e89bfd60a1ab70bfd317e3043b8
- SHA512
  
  212f730fcd0c587ca3920c4dfbcf1266a96c87bb045f2b0ee7e80e0551c97b2978be0024ff14e3afc4e6025d273fe7508de1d7ec08d6d5ba24201a0f502f5806
- SSDEEP
  
  12288:hvixHSC0MYWG50tUvuhyGiCHnUgNGzaf3/l/2jjSj:hvixyC0MYWG50Wvu7HNGzaf3/l/wSj
Score

3^/10
behavioral13 behavioral14
- Target
  
  Coral.exe
- Size
  
  391KB
- MD5
  
  f22c19dda6a7b1ee28a17c96da81708a
- SHA1
  
  2e562cd48ac73b66fdfe66389c57b05abc205be2
- SHA256
  
  2f54d182dc21951bf4bc083bc479bf5afa7fc3ce2bc0d4153fc122824d94ea43
- SHA512
  
  9c370d716f88db992e424f6899a50962eea9f19478022263c95cdc06d15d5663e8a25c2dede8b6728407e75b8c201fa162b91e5b747188f77e37b83c1c37234b
- SSDEEP
  
  6144:H0bHfnkqOFQl7ZpbJelj7vC18dViTXCix327:UTfOG7ZpbJ0LXibC97
Score

6^/10

bootkit evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  CoralApp.dll
- Size
  
  109KB
- MD5
  
  007807250a94f82a475c21908f840ea5
- SHA1
  
  187cba9542083eefab386b2f51610a3a9eed0fde
- SHA256
  
  f8af22dcba5f19703cf3a8bb36b14c7c8f1c4797dbc383844f78db3eacbcf4cd
- SHA512
  
  58c48e86a9635bac92569fcd5afa48508c96a833576eedd76efb010883f0e711baab18f79bfa92be71a5b85256b60bbc9ab3bb2da3243a460d37e3aee898d241
- SSDEEP
  
  3072:0fbZOmtLctOIJ2B5H4vNdvEKl19U16LS3HOgZAwXjSy:8FOmtgtOS2B54ga19U1j3HOgZ1
Score

3^/10
behavioral17 behavioral18
- Target
  
  CoralDb.dll
- Size
  
  1.0MB
- MD5
  
  c97b98c70ec8e4407879270b3ffe8984
- SHA1
  
  f226b353a5090931186842b36f01fb6d3f089760
- SHA256
  
  4e7b5abf6df3b4ca12e1edb1543344452446da9ac3fdb27e5bf754ae09906714
- SHA512
  
  f8f3eca681855bbaee443053f8429c4785838edb379588beb501fa6ac6d0de8ea6c2ec9136a3d8a0005bb48efd7fd7a2a9741eb78d3dca8e49081ee4a817275b
- SSDEEP
  
  24576:NopftMsUXD8fv+A8x1+RsZnnIIQvzNnqf4P9pTmboiiSDEgd4:IeGx8LIef4P9pTmboiiS5d4
Score

3^/10
behavioral19 behavioral20
- Target
  
  CoralDownload.dll
- Size
  
  294KB
- MD5
  
  6973407fda8c04e298013976ed07eb88
- SHA1
  
  fdc718fac0f1e122083f75771bffc32da90a8d38
- SHA256
  
  5c53566c36ae2d03aec24711ea33dba5d60f8943306a70a15c52836ab99545f0
- SHA512
  
  2e4af02cd94d72934c66e919d7f023b483491edafedbe0d59cd1118d098cd9e51bd07d7fe37f9d27955ee1a94bbe891b8037376c83705d33f47bca20a061ec80
- SSDEEP
  
  6144:xCWOzeJPd9gBXI7ne1K5ioaxNele6HGiLmG1zPwYaCOAntYm8iPgf:cWOFBX8ne1qDHGi6G1rwlCl8ogf
Score

3^/10
behavioral21 behavioral22
- Target
  
  CoralRender.dll
- Size
  
  137KB
- MD5
  
  832bf20d1d1ed5c247ed7367508dd428
- SHA1
  
  9715a09440933d558e208af914ab730e0e4789ef
- SHA256
  
  e1b1f74f7048c9d4bdba657912b622481271e8ac7519d1ff2ea7b38d68090253
- SHA512
  
  5550991e2f010585956df506d9c2c6a636afa556c29462e56cbf6c3ad26dcd493dd235f1e26f21529a07fee485d7398e61cb4ae9d78a85a8514d2b93263a0016
- SSDEEP
  
  3072:hpJqiHpl8l71rgDi8cEBGi5Nkl3fUUJ0oYl0WuZYODtM2tBnRPV:giHn8YBGiu0DSjZYODtMIxV
Score

3^/10
behavioral23 behavioral24
- Target
  
  CoralTrident.dll
- Size
  
  506KB
- MD5
  
  993b059afd143fcd153d4aa1e456a5bb
- SHA1
  
  8a7bdd26b963b65cd490f25c21340f5f10dccb1d
- SHA256
  
  aecae09d1637cd5910b06fa41ee73fb2cdde6c8756a535152c6fec9cb4b9253b
- SHA512
  
  dc5dc8ca1f4ee7a88ad43b790d1563ff27c335df6931eaa0041cf78c4602a56792c93c6a1cfa71b42693c91dd76366186b27b3f63c7f05a3440fb97f47761d0d
- SSDEEP
  
  6144:3lkKz9RPBkGKRHTNbxuecoTlj7DifMw9OrJhNVtUV3SY+2ad1TXc+fcOgCiSC:nBWTNnhcfMagraJrOTX33C
Score

3^/10
behavioral25 behavioral26
- Target
  
  CoralUI.dll
- Size
  
  1.4MB
- MD5
  
  2c157ecdaf8a1cec3106f214db9dd974
- SHA1
  
  a0505c990694c03b349fbc7597935807c0bfcf52
- SHA256
  
  6662595d4183df68a822c715ed3ea07e0db1c7478b76747ecfc737fc183b0aa4
- SHA512
  
  f52c4419d64426aa6a914a46a2885b77a488d2442e4b34109d569222c187a9a42872745eb0603221791cc4aae119bdfcf0776d597a5f08aebccbd051462c773a
- SSDEEP
  
  24576:olq4VOZD8+hakWpXo9AadfnzcSknBC9BE8xHRwjZPMaNdrsnIy8R:zEy8+hak9a691oOedrsIy8R
Score

3^/10
behavioral27 behavioral28
- Target
  
  CoralUI2.dll
- Size
  
  1.2MB
- MD5
  
  f9cc511af5284c1de27cd87a76aa684b
- SHA1
  
  c1319584ef86228eb76b51c816024554e54e450e
- SHA256
  
  43e5e9f9e40a9cff4580e31d69a7c2851184ac69d98a7ffa1c768e2e17e14505
- SHA512
  
  d4ef4b62c07b262cc9d760645f6e819b41e28b1207ab9f1a968bc7584b4c63a2cf09c5b0e0a56384f1777f06a0887ced5172b32f05e940b92013b3f262e8c153
- SSDEEP
  
  12288:SBwyZS6XWlDHxZbbyRf6gPudrREVtKPZzeResv7PKxGQ/tY7YrDt:SBwyZBGZHjbuxPudAteaR2xGQVY7YrDt
Score

3^/10
behavioral29 behavioral30
- Target
  
  CoralUpdate.dll
- Size
  
  352KB
- MD5
  
  7b1938124b07781bea91fae264e99f87
- SHA1
  
  39ff40d2b9d1e5f51a2d9817d801c4242d21763e
- SHA256
  
  281bd67d445ccc728f5a92fb8200e306cd8d4d311a6a9edcb8c9760cf9d1ea93
- SHA512
  
  6bee84c135c60496eb79b272afbb5881cc3c1ac82bcf370b40209b5532d3922fec7be4b5af05044ef644146cda7d0baa32f344b86a40f1c27d416bb758c743bd
- SSDEEP
  
  6144:NiQRHSkgCAoHD/LDtwd3Zp5VsjInbJC65iRnGik0MPAcTHe1OjDxW6aOgoftcl:BZAoj/L2d31QoiRnGilcTHYOPJ0l
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32