7595471a5408461166040f96c51a9f9b6d3e2f79d27c7bbd22d77a11ddbd48a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

edae374bd01eb5977a4273f10a8c323b_JaffaCakes118
Size

1.5MB
Sample

240411-r8eq4adg32
MD5

edae374bd01eb5977a4273f10a8c323b
SHA1

5c632cac8921ce3d67a4e94847c322642fa174fd
SHA256

7595471a5408461166040f96c51a9f9b6d3e2f79d27c7bbd22d77a11ddbd48a9
SHA512

87862ea5e4378a300e0e6e252b7530ebbbe79bfe022f313769a9166b014aeb401540ed24c519afaf710eb432ccafeb90cbf382667d0d725dab47e0267cb8b78a
SSDEEP

49152:hNRst8GPulPK6F9D2rgORNk/rZkHMHkmjy3lx:vEUy6nD2rgOoDZDgf

Score

7^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  ezsss42_cn.exe
- Size
  
  1.5MB
- MD5
  
  d3eb7c3bda08e25d92bf6ca8cab5587d
- SHA1
  
  fc2304ad6f6e5c5e786bf315fb9b98c72e999017
- SHA256
  
  6bf1ab81c446e2ce78a2971eab06e3237602fc66774ade736ef5182984d5da3f
- SHA512
  
  343fa2a1f3fb72fa970bf1fd0fe2a851a460483649043bd776f7e6448dd75c1b4f972b7b1038c2b9a7904056085819a8595e2f24acaac49b7231bbf22746bda6
- SSDEEP
  
  49152:dJnoL4XI6+I2Q6UTqF72FWBo7XdrduWNa7/:3PXBtk7AWWTdJnNaj
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  4c7d97d0786ff08b20d0e8315b5fc3cb
- SHA1
  
  bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c
- SHA256
  
  75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84
- SHA512
  
  f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a
- SSDEEP
  
  192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu
Score

3^/10
behavioral3 behavioral4
- Target
  
  $SYSDIR/SCRPlayer.scr
- Size
  
  1.2MB
- MD5
  
  c89e9f22a1b29077db0af8219ad24033
- SHA1
  
  01a05bf5f41a83cccb3b3b7a120238bb7a86484d
- SHA256
  
  216092d2f826339fb5f52d5b8b37ad211555255513576ef8f09fe4a519bcee1c
- SHA512
  
  740c276afdcbe12768cb74a66e6434a0ea633d5d09338435d714153accd6bac6494e631b170198141855d286fd536d60ecc4bae0c1c20f6f65b493b67af03644
- SSDEEP
  
  24576:fkg642doOmlW9H7HRtbYNUZz3/9zkRGSrp:xiT0NM92p
Score

1^/10
behavioral5 behavioral6
- Target
  
  DDSoft.url
- Size
  
  57B
- MD5
  
  9ee6108d6972229f53ee88385fed2b86
- SHA1
  
  c73b3cfbe51feb2b3307511158745eab554fb101
- SHA256
  
  e43de4223d8db270a8586e8f2462ebcd7caecbcd185d0441bfcfbad8cf0ae364
- SHA512
  
  64e10d04bda1b397129e9937d25ac5348403d268a7341453ae0a7f3fd2e4dac2938068cb2a145478b01dd25ac3e831514624cc78fc264d309282926c4235ddcf
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral7 behavioral8
- Target
  
  EzSSSEditor.dll
- Size
  
  1.4MB
- MD5
  
  1b63bdf89a772b6c7be4ad7441bd99b9
- SHA1
  
  33e27863ca4e89a411965806b7de25cef6e97478
- SHA256
  
  4b8d3887c4531f1d8221c625445691222f799da25ab1b5b4e734778b6d2eaad8
- SHA512
  
  e664ad2c5e0a1103346c2be3abc2f6136133883b5a46373d4fe98284ca951a26ac9291511a5e1c8bb95061b1e203630afd13883b4717a49e639c4c7521f0fa96
- SSDEEP
  
  24576:RI5BeU0W83UxOZ/ohFS+9AjnyMehVMUL4WMHwSGlh2/:yeANOZQVsyMwOULCOl
Score

3^/10
behavioral10 behavioral9
- Target
  
  EzSSSRes.dll
- Size
  
  783KB
- MD5
  
  44d73793b614e3cf648168e5ca40d7eb
- SHA1
  
  950993b8663b576fff2b71b93947b1dd9bd18227
- SHA256
  
  eaf39781414e77859552abba2b66124e4a62058aa3580a61231ad162dba22034
- SHA512
  
  50bc5764842ab52f69b9598a74bd74cf15d03aee8a814083915bef57f5eaa00ebf2382a0a151702be86c4af5369626ecf6f673c8da917e4514e38b85f660f966
- SSDEEP
  
  12288:rYj7o+QT7/IeQV2irpthiZsssj9WoUQlZRrg8EM3EPzymE2tJsj:rY/dQn/Pq2Qp2ZsbWVWPrdh3EPGmEoi
Score

3^/10
behavioral11 behavioral12
- Target
  
  EzSSStation.chm
- Size
  
  176KB
- MD5
  
  e9782ff2145ad33eb729a14d90e97f84
- SHA1
  
  1f3b912e663357b906149030d9ff60f8d3a37616
- SHA256
  
  b26387594ccbaa32000743cec3d548c4c9da8594e1078ed19fc69ce9fadfc119
- SHA512
  
  c98320c8b538415380c7fa7302f357e16812afe0b4f405ba5dcafb017d95683f62f83680f1591acd02aeae0d9ee3cc65d2947c4c70bf1c68663fe813cd24df7d
- SSDEEP
  
  3072:zEZhhsxNSIN8ybLIRJbF2JKEpnj0XH9kPBjbLYrGAlNXgk0h333D90GnJIqf:zEFINBbU/J4Kuj0tkJfYSSz0h33zmGnp
Score

1^/10
behavioral13 behavioral14
- Target
  
  EzSSStation.exe
- Size
  
  72KB
- MD5
  
  79b1b0b86fcdda468bd40e16823e18b2
- SHA1
  
  2c699b7d22a15ed2070c7c9debae55413a878c85
- SHA256
  
  10c5bd157ff5ab79a45b4ffbdf48ee44b6a0119090a52bb95b0dff3c0f9fd4f6
- SHA512
  
  5d101a805188fdb159e25cacb70d68f9507cc590cee1aa58f883db1342170bfa6b918ec452de100ee73b82fe0fe05a82dd58662f935130b89af1515d9e7195e7
- SSDEEP
  
  1536:wlxujwJ05wBd4TiJ1AkFrgVZR7Llk5jOZrDGcGU01ASCm29zvONLS:wzujwAwn4QNNAl6jOZwz29CpS
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  EzSend.exe
- Size
  
  65KB
- MD5
  
  3d54ed266d93aa4896ff7a309e726713
- SHA1
  
  9d9c060143c5ec588fdda721d3e878723fb7623a
- SHA256
  
  3b0c6ce80d6fed5e53a26379e515e52209290be6a77ec317f4ec68d71e64d1bb
- SHA512
  
  44cb676b6ad5cb50cfe33b780703240a4f06fb0452ef4a712cbb759dd8f6a104437f295b592e0ed926249071ce28241979bae648e5194768b9b009b69e2a17b7
- SSDEEP
  
  1536:Mvnam1w5w5qUtxh4uNz0risQ6iM0lec5gdC7GMG6rr/DQ4:MvaJjUh7eSgdmr7M
Score

1^/10
behavioral17 behavioral18
- Target
  
  keygen.exe
- Size
  
  41KB
- MD5
  
  355e67e077e035a8d32b4a14a1102e35
- SHA1
  
  9a21bcb43d0d0700413046d10a32df1b0500fea0
- SHA256
  
  af1c836e6bf42d0ae108363e9815b795a1394978383aab57d864fa4e36f8df47
- SHA512
  
  71b15b2562e24b0b39214ee5a02433eb8025938932ce95d0a771307e7bc8e1cb72a309664b899d9b14b04e47cb6f9f494f9091133fd35c920a3cab829efbb4e5
- SSDEEP
  
  768:XrKHOrZhGzDTjzu+KXGuMJsLuduolqiyCIYiw5buIocKxX7/NrSnkcn32ejTT8DZ:FXlGsagolqAIE5bzoN71k32ejTTsI3z6
Score

1^/10
behavioral19 behavioral20
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22