21422f8dffcd0e9191c7af77b416622382e4fd9a1fc38b96ab3e11494e8d9ceb | Triage

Sharing

General

Target

04d6e9370217e0b0015f24049cf6937e_JaffaCakes118
Size

1.9MB
Sample

240428-k11v2acc72
MD5

04d6e9370217e0b0015f24049cf6937e
SHA1

ade6cebe27ef984e0a7ae80b97d31255c7b6c22e
SHA256

21422f8dffcd0e9191c7af77b416622382e4fd9a1fc38b96ab3e11494e8d9ceb
SHA512

9d046887d08c63c257c4e55f934e3a58060f17f99f8169cc4ae32d9b475ef6f2653492f83dfbde06b95284328c9e759ee811839485df6bdcb66443a8bb9a0b43
SSDEEP

49152:PQXhYt1vqD12do1/ury0GWQERmiCGrhivWWcAr+4i6e:4mIZ2u0GuRBrhOWWcA6P6e

Score

7^/10

evasion trojan upx

Malware Config

Targets

- Target
  
  readme.url
- Size
  
  328B
- MD5
  
  63ce37659e34f6542d31a4bc64ec19e5
- SHA1
  
  31938110d10a8ebce18ce02d1ebaca0e344a797c
- SHA256
  
  36dcd2cc9ef2a279014b4f85915100f62d36bd0c2cf439638d4ce0e9c18cc2ff
- SHA512
  
  39dc956c870a2bd80786dd215b503e5f22a1259bb858ff37ae601cb11d425afd5304e6472512c99afcb98569f08990e1d03df5e3d392ec484b1a98dd3f7b86e2
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  下载王www.xzking.com.url
- Size
  
  302B
- MD5
  
  f6069f943715d9a180c3d138647cff0f
- SHA1
  
  d11eac1bcc2bd7ec49c3640063c5e378cd3c83fd
- SHA256
  
  5315aa654483ecb41f08131f411397c4c9629c0a01820c1dc1b5fba2ead4eb18
- SHA512
  
  96985ea678c97cff36f6258e0bb08bc1bca10a7f9cc4c6f27941dfed668795caca5bfaacf7939d608f50a234ab2954f98f00a5b1ecdb260adb9851e8cc924b76
Score

1^/10
behavioral3 behavioral4
- Target
  
  易语言邮箱客户端/SkinH_EL.dll
- Size
  
  95KB
- MD5
  
  74643bfcb5506297fc0a08baa172db15
- SHA1
  
  d5b8d5a7b9ba10d346a28750f8bce0c5b9fa597b
- SHA256
  
  97988664ef4449da37eb18f1c3df31a44a7decd581ae7e35e8078768fc957d9a
- SHA512
  
  2a14130822ae0921885e03a4a10de39f9c40da71333036ec1b30747b93991c71d8ce65e6cdd29a77619d44b505489d2c231b498f660a1db0b392aa7f36717b4f
- SSDEEP
  
  1536:YCD5ctuIdG6o7z2+kJ1iw3pkaCPh0H8T7QLIXe4J58OTV8b0T+V8OLoBm02FsB7r:ZYfjSz2+kPRpkaCPaH8T7QweW58WVPSY
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  易语言邮箱客户端/iext.fnr
- Size
  
  216KB
- MD5
  
  3f1b2b497172b65f7bb15453d0d93de0
- SHA1
  
  e24556e47ced0b6ae6b89a5e280b83e15ed42e8a
- SHA256
  
  4f9ad22aa55455f56619e76a01afeb337e1f28f61c7dde5869eb2a6d8776581e
- SHA512
  
  8837e6108ffde548674487c5ebba3e3dbee8bfafa5727470d3ebaeec039baefc6dc3d756a199f4fb334754985288f0a5577b32eb41fbd69295fc9681354cd3f2
- SSDEEP
  
  3072:Mn8on8DDXsrbOfcrhoqJJeSld1oLLPCa/p9Z/oUHhRO6fVo:Ogcmqmud1oVldRp
Score

1^/10
behavioral7 behavioral8
- Target
  
  易语言邮箱客户端/iext2.fne
- Size
  
  492KB
- MD5
  
  dba5fdbe7ec94463b3f6fdf2162c9f95
- SHA1
  
  a97137b4f2b77166b2a23da1f58e0bdb7365f4f2
- SHA256
  
  a8b14f31098a191631696db5ddc77e029b48999542e0ec15b63df02220c66d37
- SHA512
  
  325439bb5fe0e18e08cd547e9e9d505aa5b1ee51a436cb155254cfb04d318679e7a016cc2e72ffaba49bed20e15e85b26fd2a22e726e211650317218dde53ba6
- SSDEEP
  
  6144:0ujp9xZF+ES6jisyHOzC8QxEksWINE1DfYmgykSjsUgZ43KyEBuXwKF:VZFX5zC8XkBIm1DfYml7otm3YBu
Score

1^/10
behavioral10 behavioral9
- Target
  
  易语言邮箱客户端/internet.fne
- Size
  
  188KB
- MD5
  
  7b129c5916896c845752f93b9635fc4c
- SHA1
  
  e3fc632af5e1f36e8022e651f64eb8f8381c73c3
- SHA256
  
  adc45970f4a0eafd2f372302f64836802380c253096a99ca964677a70a7128f8
- SHA512
  
  c72dd4043e7cdc0ccefe26ce8a6d05701b4c610f88ab827e6731296da76b8cbe5b63c0970954ec7616369172b8b8f9cb546545271be3e86c18c54d0b9cad8f95
- SSDEEP
  
  3072:mpTEys+TR7yRoHzXjlhvtcxVIThpEbbAKNXoqlSY9M02MF8:mpTEt+ycLHlCIThpEX9+XM
Score

1^/10
behavioral11 behavioral12
- Target
  
  易语言邮箱客户端/krnln.fnr
- Size
  
  1.0MB
- MD5
  
  44e2ca67c060fbe3dc0d030149f5a478
- SHA1
  
  5df61eb626bc3849893701942114609c1086d496
- SHA256
  
  6ced19283dbbb95f264448f380592f4e98ba8228efca2f68821ab3ae61029d93
- SHA512
  
  1a348c7585d78dd68c1d0e059ea1d7cea57c1aeff734f834f75025719b9fdd0e9bb16aebe75e15502a1b83106387eaa9493b8990999e0a68b62c1afdbc8cf45e
- SSDEEP
  
  12288:rb0+sqCE6yy4bmhSd+1YCHYFZzktq0TNSARuOrRUVbNGvNXXYA/2b:AjE6+bhiHYF5kZI6uOrRUjYNXXYA/
Score

1^/10
behavioral13 behavioral14
- Target
  
  易语言邮箱客户端/pop3.fne
- Size
  
  164KB
- MD5
  
  68a3720cb4bb5d079b90867177a7bbf3
- SHA1
  
  75f5b5de69757293dae3eff7c5561938f7c1dc4d
- SHA256
  
  ffb23a6c07ee55e2801761faaa6160c1529ad3d17797a9e1e549c3a493e53fc3
- SHA512
  
  d1cdad2b7ad241ff5df7298baa854f13d71d1e5a1c61998905228636ce4f11d792ce429b39337c7f70385c6f3995c68f2fce4ace1ce80d551f1ae29d61028a5c
- SSDEEP
  
  3072:/ipEtFbthgqh3hN/UtuYWctn99gh0Y8qOF8mvdo7U:/ipwb/gqh3hdUtGct92h0YGSU
Score

1^/10
behavioral15 behavioral16
- Target
  
  易语言邮箱客户端/spec.fne
- Size
  
  88KB
- MD5
  
  51d7be0ca4431fec32d0ba0978cb2cae
- SHA1
  
  1aa65ca721bd881b615b16602f6bc7cc4c7d74d8
- SHA256
  
  1e4d44d3a865a766517057c199eda71e005e56c13fce2c4137b66d185a416986
- SHA512
  
  5cf2214bc60dde261f44aa339ba1943f5c9b70337a11d064185224b3dcfc705e55386c95de280b6d05c4b60a318abbfa3d5728724c28dfc009d57c3bbfd76ef5
- SSDEEP
  
  1536:DcrPILJRJT/DpWc6hVoabwhfoeW7JsVRj0:QrMW1ojfolax0
Score

1^/10
behavioral17 behavioral18
- Target
  
  易语言邮箱客户端/邮箱V1.0.exe
- Size
  
  1.2MB
- MD5
  
  ae82ffc116fc7a208df8ca50797e631e
- SHA1
  
  c0024e7f533a33d251ac78871d372978bb91fe59
- SHA256
  
  d42b93e0b3910573bc6a8082911e5ee2aa7d44ea9dc642ad0e0c15b39b9420d8
- SHA512
  
  8d7cb236a63cf239b39498ccdd576599ba60eca1ed8dda0801c186f2425ecdf80eb5c9d42288d572b47a78a19a5ff3be95d746af40538ff5be9279287e9427a9
- SSDEEP
  
  12288:SDDPdoT14w97k5ZC+kWgl/KSuB/xr8KEVLYSg5PfnsDWTuLV+15P+8V+gV+fY3Za:ASJV5QZCoe/jNLiHkRmE8XV1D5FY
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20