Software: ChChes, Scorpion, HAYMAKER

From enterprise
Jump to: navigation, search
ChChes, Scorpion, HAYMAKER
ID S0144
Aliases ChChes, Scorpion, HAYMAKER
Type Malware
Platform Windows

ChChes is a Trojan that appears to be used exclusively by menuPass. It was used to target Japanese organizations in 2016. Its lack of persistence methods suggests it may be intended as a first-stage tool.123

Alias Descriptions

  • ChChes - 123
  • Scorpion - 3
  • HAYMAKER - Based on similarities in reported malware behavior and open source reporting, it is assessed that the malware named HAYMAKER by FireEye is likely the same as the malware ChChes.45

Techniques Used

  • Code Signing - ChChes samples were digitally signed with a certificate originally used by Hacking Team that was later leaked and subsequently revoked.123
  • Masquerading - ChChes copies itself to an .exe file with a filename that is likely intended to imitate Norton Antivirus but has several letters reversed (e.g. notron.exe).3


The following groups use this software: