68ba050bc8dba981d55c1b543d999239b0fdf552b180042accd6fa30624c97d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08c065e666329ed3cc52ed00d6b20c89_JaffaCakes118
Size

830KB
Sample

240430-b8jr2sgh26
MD5

08c065e666329ed3cc52ed00d6b20c89
SHA1

6bca96788106925cbe169655782a743775ddf2b4
SHA256

68ba050bc8dba981d55c1b543d999239b0fdf552b180042accd6fa30624c97d8
SHA512

cce3ebbb0b474263e063ce42bfa5b1f180ad2155fa5b43afd64b39147d8491cbdfe9fc73d48c4cfdbcae3a68002621b99fc8f2698ef2534e878c66d0c088dd9b
SSDEEP

24576:W/GrKxXtHBCOlsf5M6BTOVtmBZpUIjHJz:kGmBthluM6BSEpUmz

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  08c065e666329ed3cc52ed00d6b20c89_JaffaCakes118
- Size
  
  830KB
- MD5
  
  08c065e666329ed3cc52ed00d6b20c89
- SHA1
  
  6bca96788106925cbe169655782a743775ddf2b4
- SHA256
  
  68ba050bc8dba981d55c1b543d999239b0fdf552b180042accd6fa30624c97d8
- SHA512
  
  cce3ebbb0b474263e063ce42bfa5b1f180ad2155fa5b43afd64b39147d8491cbdfe9fc73d48c4cfdbcae3a68002621b99fc8f2698ef2534e878c66d0c088dd9b
- SSDEEP
  
  24576:W/GrKxXtHBCOlsf5M6BTOVtmBZpUIjHJz:kGmBthluM6BSEpUmz
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/garibaldis.dll
- Size
  
  64KB
- MD5
  
  aa191c8977c64beb25e4cca96d001eaa
- SHA1
  
  0da1ca6efebe4b31e2cbb4947d7059eb4b30f73a
- SHA256
  
  0df5d18c3b7256f038c72a7d4f45cf26e9b3b5e72be948c63261956e267ac012
- SHA512
  
  5e8f4d62d1f7ea89f8da5176ff9d149be678e249add66ab0f90e988c892c4b2c1838b2bc7187b004c5028f1e85ea622efb1f14d246d9d9deb3d19cd8f260bb2e
- SSDEEP
  
  768:gbacCn6BXFGOUrCrS5tLcrUrlrNLA7/MYure8up1wtJzu6si1n:I5BVOrj5dcWlh2/MYpvwtF1
Score

3^/10
behavioral5 behavioral6
- Target
  
  WindNinja-2.0.1/Uninstall.exe
- Size
  
  49KB
- MD5
  
  bdde1de2125e0a4379b59bc7728a3849
- SHA1
  
  77d7130e2f617f8aa71930fce728fe8fe131f99f
- SHA256
  
  6cc883bec4ccfe006b4fa27e3466f25dacb0f442aefdd28ebb6a2be9baf7b54a
- SHA512
  
  0b8875f889fe87a313ce1f8347ef326857264951d2bf749b317681f9b3c99eebe49486ed018fe150f0145fe9018dc6190ef4c3721064c6677e7f89c991269951
- SSDEEP
  
  1536:WwJOoN1oYaoZ5iV685XJPChgdLeAyNJzD:WwJ52Y7ZoH5XJahceAUD
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8