04ecc10cab96832c0322cde368ba98b01f2b3b8d5f3677def16ca533028e701b

Sharing

Copy URL

Twitter E-mail

General

Target

4f2031afa82b0789986fd75943dc3180_JaffaCakes118
Size

41.5MB
Sample

240517-j439wshc63
MD5

4f2031afa82b0789986fd75943dc3180
SHA1

57fb4b82c8e0d7314209883d3bc033fd34342a46
SHA256

04ecc10cab96832c0322cde368ba98b01f2b3b8d5f3677def16ca533028e701b
SHA512

a35f2369c36d4d4e114b7ff63852208681bf5ff8ff04afc5ed645173d8abb1bbe156db759908d2d24557f440ca36a5f1a8b13422f5a6b87117039a6cc5602667
SSDEEP

786432:wn6quKy8kOL/aN2MTEHWqdnI7pPpuPyh+nWcGO2RcYwKi1SApbefO9UXeX2/WY:Tmtja3gGHuSO2GSAdeftOX2/b

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://api.wordpress.org/plugins/info/1.0/

Targets

- Target
  
  bahs.us.h/error/index.html
- Size
  
  19B
- MD5
  
  77e7562bb761bf92388be0d513da5818
- SHA1
  
  430a26c2ba4865d98719bdaeb920f9c54ec7d848
- SHA256
  
  968b4bcd53cf6cce8c678329ec2a8a45e9f347e156113cd43c2cb17ff8602273
- SHA512
  
  9dcf3a311b208622e2e5ad2ce6d20b7b3fda6a9e94083d75b77384ff96e457b9506caf6e5d38a4847642a49385acd5503052200cb615be0b5aa4ccb4685a65d0
Score

1^/10
behavioral1 behavioral2
- Target
  
  bahs.us.h/googleef66f006cda939e5.html
- Size
  
  54B
- MD5
  
  9a9eb37d373924f7bfb312768e1a0484
- SHA1
  
  bb1cebddfa48d9abca14b668d7c817d203fba32c
- SHA256
  
  0d5e81765a54da5b07d5d6390a673f77f1e8b301332d744337b9e5e115c46f31
- SHA512
  
  63751a5955e39bd6b2820c3be5f4d7aa8521c15c4e0c60f44cb250c0c33b4d911d2450dc9c44561547001266b2ea62d0598c5c80b3f2a7712f6d892a3697b056
Score

1^/10
behavioral3 behavioral4
- Target
  
  bahs.us.h/ninja/conf/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral5 behavioral6
- Target
  
  bahs.us.h/ninja/index.php
- Size
  
  22KB
- MD5
  
  e93a1b61a7b5df4839971fd9738cd9f3
- SHA1
  
  6bf94d5c701601728540df12cdee5176a470d90d
- SHA256
  
  8ceea0ec7abd7c095606b7c4372290a6bcf30b910920367144163a1fcc337641
- SHA512
  
  c842b0b0e5b222b57a7521ea1782ce4e7c878fc5bdb1839f390e153d0635316a0d857d4d80a17eee808f3acf2b24c5106cd75b5cd1f9ef704493c7b314c9c8da
- SSDEEP
  
  384:cz1mOLx/DtKRJkorq9ECRAuFlmSFipbbKMw8ZehAZG4MZofdfIfj2mKpEkOiw:cz1mOHAnzw
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  bahs.us.h/ninja/install.php
- Size
  
  66KB
- MD5
  
  9eb2235ecd120fc447623ac1e9f6b50f
- SHA1
  
  13c5304ec105bbc4f86de646f52b3327eff61f46
- SHA256
  
  631279db91c684021b962712f3856f06e112ff6d185d4257842f1b841b23df5e
- SHA512
  
  dca74be1583c38b9f9f51cf12c05090013e0bdc80aae52fc816b8d9441a537b3cc223d9fc977c71f587105869ce419b0938089cc29d779b7002558376a1adb44
- SSDEEP
  
  768:8zQmO2zDz0ZfWboHPbHNp8Ui5iOPRALoo6bditlG61wtj7:HOwlWQPbMb5vNiB1wtj7
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  bahs.us.h/ninja/lib/account_options.php
- Size
  
  17KB
- MD5
  
  649286bd6fc7a8db90c33f744e3a9bc9
- SHA1
  
  df2e1109cc312d115debce5c519d182e6b3c4e13
- SHA256
  
  5615a191c6061788c3299480a4a8fa34b11d3e90bac691f4497abfd42d1e19cd
- SHA512
  
  e737a03aba44a0a4b2596e1a4e4bcec62d3fd603b13653dec98e960b5a12c227b636da2df6e8b778ee1d0b4f56976329d49d29c94e96299d06c38e44d15a7a66
- SSDEEP
  
  384:+zoP2C/FlZf6Akl93EMPY94gRcsWAEFJSW3ig:+zoPT/jZfW0g
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  bahs.us.h/ninja/lib/firewall_filecheck.php
- Size
  
  23KB
- MD5
  
  515064665effd5b672f7f73aa18cbf16
- SHA1
  
  ced4e2ed2b95c273121eac7776cd74fe4a98af00
- SHA256
  
  2ddb1900f864aef7114ab21ec84b8768577d592fb8b378727ab597547183c996
- SHA512
  
  7f45598e3a6beb0ce5395c9eab08243eca49d74c05c60a4a79447f13f6d25f5cd6f33078125a0455292a537dafca6e56a168a6754617340946be5aecb9d64dff
- SSDEEP
  
  384:czIcjXGu4NuJ6rqFvaqc4De+JXLinHdKkp3umVrzhoelFdjhO7d8vZQMfN7QLvH:czSuJ6sa4z7d8veMfN7QL/
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  bahs.us.h/ninja/lib/firewall_log.php
- Size
  
  16KB
- MD5
  
  cc627e15b23404c37d342fa898d817b8
- SHA1
  
  2ffc8f06b02d6a3fb2ebe8c9e401e76c08a10337
- SHA256
  
  3e5fd8ab7bd70d352ea1310ba5828136e889c3c3a1032830ac99880af23f2baf
- SHA512
  
  c3f0a2a32d0bf4e182d38ab772310896980c99e4e452090fe910595bf1a96cbe365bf2fcaa0e4ebf19f93340e1f37cab01e13f1d38eed6e25c48f3d0fcdf8d06
- SSDEEP
  
  384:/zgTyD5RPqqPhctZjqCi/jf6FbAODEgyJTa6CcuR:/zDPhNwjbR
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  bahs.us.h/ninja/lib/firewall_options.php
- Size
  
  12KB
- MD5
  
  3c7bd9e27e4a0d7b19843861f2d3fd59
- SHA1
  
  3e3fda2e9a05e3fdb47a6255e540b6dde1a540f2
- SHA256
  
  547f54aeeff6a39c33193ada8505c8e88ac65ae53da5aed214a84fe0ae0f67ac
- SHA512
  
  6a4257abafe38d6065d01a8eeda12fba5e270a35922b6254990adced04668570f171ee9a06e0ef5edf6acbbed9f5d5671d601c078e6a4653fb41e75a10049ea7
- SSDEEP
  
  192:N+z1cZVWSLfGGLIkztDl6lDlO+xWn6QR5F2Y4XSG+kU425sQ9obRh+vFJWBCd:kz1tSjbVso+kF2+r425sQ9obRUvFJGCd
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  bahs.us.h/ninja/lib/firewall_policies.php
- Size
  
  41KB
- MD5
  
  7bd66bf474337fd512c92151aae11f5a
- SHA1
  
  41648295ec6bdcfad13a3f84cfc869a704579e54
- SHA256
  
  6af29e4a4364db86976b0af36da825c1b73d4a867b5ddd8ae4f7c5a55b323dd3
- SHA512
  
  acaf85295e518dbe3ac761c4a790d82f4f093737d9a6b04585ffc5525c36e6ebf07092105f556dd0a40e6fdd84eb69421e54b471e45fe32177e334f6728995e3
- SSDEEP
  
  768:0zeypUQr/FyYwV2LFQkVRyumi1BBCozCECoTCVCQfCGCRYC9C0vCmCEyuo9CEQ9D:zQr/FyYwV2LFQkVRyumi1BBCozCECoTL
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  bahs.us.h/ninja/lib/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral21 behavioral22
- Target
  
  bahs.us.h/ninja/lib/lang/en/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral23 behavioral24
- Target
  
  bahs.us.h/ninja/lib/lang/fr/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral25 behavioral26
- Target
  
  bahs.us.h/ninja/lib/lang/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral27 behavioral28
- Target
  
  bahs.us.h/ninja/lib/share/index.html
- Size
  
  82B
- MD5
  
  7df5d2a7243f6d39af484a5ce6e7894f
- SHA1
  
  c867978a506f8a11376f6f45b7de064beb643509
- SHA256
  
  932e7061e2af93d7ab71f32360d43437e516806f7f3586d8c211ed20af14226d
- SHA512
  
  9eecc6af24450014abfa58186fdfe2a5706ad4f547244b5bf1da7910c55ab520018eef1a695734cabd3a74cd677e4c05addaafd13c5c84a1b13f952007e23965
Score

1^/10
behavioral29 behavioral30
- Target
  
  bahs.us.h/ninja/nfwlog/cache/index.html
- Size
  
  13B
- MD5
  
  c83301425b2ad1d496473a5ff3d9ecca
- SHA1
  
  941efb7368e46b27b937d34b07fc4d41da01b002
- SHA256
  
  b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
- SHA512
  
  83bafe4c888008afdd1b72c028c7f50dee651ca9e7d8e1b332e0bf3aa1315884155a1458a304f6e5c5627e714bf5a855a8b8d7db3f4eb2bb2789fe2f8f6a1d83
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32