8ce29cca5742cea8b4b2cbed42a4c99bc46f6c9de0b4481710273b596a26f293

Sharing

Copy URL Twitter E-mail

General

Target

fc06c6d9567ab75bd919e99709798270_JaffaCakes118
Size

1.5MB
Sample

240420-f5xa7ahf56
MD5

fc06c6d9567ab75bd919e99709798270
SHA1

1edbe360300f9aab619e2f23ca74a9595843204d
SHA256

8ce29cca5742cea8b4b2cbed42a4c99bc46f6c9de0b4481710273b596a26f293
SHA512

5e2accc244a44c840fb086569f15c4e3d1d05339f6e913b2ca46c35e3d3b477a9cb868a266335b7500fc0f34e03538f5a5de054fb8f8462023423878009e7f91
SSDEEP

24576:4yIifmSCrkWqTnLNSrrGlBEyJ3ya+Lr2F8dHUE/vkSkrn9Lc6Za3ezmvG:4villNSrrGIyJkCMvkn7YeSvG

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  CSVExportor/LocoyCommon.dll
- Size
  
  1.4MB
- MD5
  
  1153cb9e16b07ca1ba89608ce4963fd2
- SHA1
  
  51662d70931bf96358474b3e30f4192dfc98b22e
- SHA256
  
  45fb08ec16e1b5517b2cca171fe0e7a534fc29ca18da083973f319778236baf1
- SHA512
  
  60d29c3b457b76dc4feaf2e409a77f68240d368835a51d4c778b092900ed4574a4d4dbc4eb47aa84c03e478a8708eb7ad8e570be411a5bea45fe5e73190d2f56
- SSDEEP
  
  12288:T/WYHkxEGe+Z5bM3N3LSE/t5OMUYq6e2xprdw3iy5A5KMJkKCCjBoA4yrhvnSjXy:T/FNvLr/te2ny3yKMxqA/Ui
Score

1^/10
behavioral1 behavioral2
- Target
  
  CSVExportor/LocoyDBOperator.dll
- Size
  
  112KB
- MD5
  
  0de8ea0579f757c488fa4e14d8926f96
- SHA1
  
  0e29fc58953bd29005fad800c74a1d40b380d79d
- SHA256
  
  8ef5eeb08676a4108340270912b208548a3e2ec7cc13409092a8ea7ffbfd33cb
- SHA512
  
  d138dc5c568e2c1ab60fcbc379e19f318230ddba7f07b6640a51c0ccfab89cb6e1032fea53bef182704b0a2da94eef451b5d1e0507320cd0d42eb2ff21b620d2
- SSDEEP
  
  1536:60Tq0KmTFaAvKpKdGVeGcKbRHdCu0cSHUvN0UjPQS6L4AYWt:tTrRbIKdGgGrVHAtcS0vN0UjPQiA3
Score

1^/10
behavioral3 behavioral4
- Target
  
  CSVExportor/LocoyListView.dll
- Size
  
  80KB
- MD5
  
  3b499489f1bb2cf8b2984951fddca45b
- SHA1
  
  20d51db406847cde6a8711e4c144dce86baa75f8
- SHA256
  
  e710070f57a5225c8ab936c00bda09107eceede1082737d10e29dd34f8ee12cd
- SHA512
  
  178b364c973880d1801b4a167d7df011f77beb747e11c23c5550df2ac0bb6da5c5402fd9d67649f6fa51e4762eefef643c42ffc5e1f84338d4a5e75e359f5aea
- SSDEEP
  
  1536:WVTXYlX6TFzQ5/s6dG55DGgYqER9VhCggysttOOF4qT5kqxOBJ0ZXKrKD6kRkwpB:sOyk506dGTDGgYqE5lF9JVkRkjE
Score

1^/10
behavioral5 behavioral6
- Target
  
  CSVExportor/MaxToCode.dll
- Size
  
  592KB
- MD5
  
  7017791a0aaa8db5958942012fb34726
- SHA1
  
  8891f0ad3edd1d8ba5c877bb7d9b58d45687dbdd
- SHA256
  
  25f703eac5811e668b60537c500a2e241cb4b31789de9974fb231a268e3f87d4
- SHA512
  
  78fef2cbecda43f73720948932ba25901a2ed9e7498f4f492df3e9f528e7d166aad1096647c870e9d48a307e83c6fe05991ca1146f1c57148e7d0c99bd459676
- SSDEEP
  
  12288:3pypiXIompnBDQdXbGSvDDToiAHv5EQ/CJAJ4Dt+/l:qmKgbGSvTSHv5EQ/ObCl
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral7 behavioral8
- Target
  
  CSVExportor/MySql.Data.dll
- Size
  
  212KB
- MD5
  
  b7e49c4dc29d894f74514593a9132407
- SHA1
  
  1f7c0de65345cea928a9e16ac8223ddca353f1ab
- SHA256
  
  41c222f2ce47561652e7876c3eb908fe83df21e9c1df0b70467483d4054e508e
- SHA512
  
  e419cbf1082feb12d3bf3550e788b79e0ed58f55003e86a375995760fdbdaef5295ffabf95f9ae04ecacad7b74f10657c20034ca1e9253c401c5c875e387e9a9
- SSDEEP
  
  3072:3Dklrw9WU44qAeHYqho+V7/fdOYL+eUEbKetGBY+wI6LS4m4shUkI/KZ73Wm86IX:Tklrw9WjhoY4YLZFLG4Xst
Score

1^/10
behavioral10 behavioral9
- Target
  
  CSVExportor/System.Data.SQLite.DLL
- Size
  
  659KB
- MD5
  
  d0602bd9fe6304c0fb60efdf2a07e08c
- SHA1
  
  986c55aa6fa37d766c1c5dcfdd66b2645acd0ccc
- SHA256
  
  747fb526dcef608aa874efc94878bddd1585db4aeeb40e50694728cfa2464ad1
- SHA512
  
  c960fe508d1b3e6122f3f0ae778c67fd9d1acf8c11f909eab1dfc19221aeecb4183506b8861654a29bf4979c611d49d9b01d6dda38242ba36305475f89168dbb
- SSDEEP
  
  12288:3VchzqH9OikSgyqQ4v+51W1aDX1YLedwSJ/FNFGFOFwcGF6cmFWc0FWc8cIcUFJr:aVUYik7yqDODlYIp
Score

3^/10
behavioral11 behavioral12
- Target
  
  CSVExportor/如程序无法运行请点击下载.NET.url
- Size
  
  120B
- MD5
  
  c1107441274e7263c3acd810b0a2976c
- SHA1
  
  93d33b336ab9a63738dff15b00f2b1494e31632f
- SHA256
  
  8a95bf7039aead7cf72ea05db9bef0373a23e08b2ace02d48f017d7090eae842
- SHA512
  
  050447bc817a5d642345dfead56eca81f7d0c7fb22c67120a288253f7356c0a35e0830046d0fef2a6143a408fc96519b1e52e034c945d5bc9025f45632ed307c
Score

1^/10
behavioral13 behavioral14
- Target
  
  CSVExportor/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral15 behavioral16
- Target
  
  CSVExportor/本地数据库导出CSV小工具.exe
- Size
  
  104KB
- MD5
  
  4d0595cdcad05dca77d780da964e6b24
- SHA1
  
  32fbdd0cd1fa3dd285410880f5516e44a1de1096
- SHA256
  
  fe42e45924a2191d619bb4b2d4397ca928acc40ba23eb32b74cb5fc0ce8f0fb1
- SHA512
  
  7f52ea7c05c0f3d972ca8c7556a9694123c75ee6fccfd4a88eb2aa353f2366d6a1d633e6d308211313e49f76524e6584d138d9b6525fb126437122c16c0fd94e
- SSDEEP
  
  1536:z2qTF7Ee2Uc+BBZdGfJ5LGVSC28e1f/zy5BaVdBxIEGssF2:9Ye2Uc+BBZdGfJNGIC28KrqO02
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18