a6f10947d6c37b62a4c0f5e4d0d32cc826a957c7d1026f316d5651262c4f0b24 | Triage

Sharing

General

Target

6d1f649d90313b7e3624c0e86563b5dd_JaffaCakes118
Size

2.2MB
Sample

240524-dftgwsag3v
MD5

6d1f649d90313b7e3624c0e86563b5dd
SHA1

2ab93a242511c38ff7661eb84107ca2ce380d135
SHA256

a6f10947d6c37b62a4c0f5e4d0d32cc826a957c7d1026f316d5651262c4f0b24
SHA512

7313603db16057f68eb3d7db53d7611c9681c57c906fa3e234f1fc6507344aedfab85b755f373f211a34c961914c25ac9d078a75d0619f3245d96db0d184229d
SSDEEP

49152:7lzO5MCEcRPOmqeWozDQvPFq1IYRJRyYkUCJrWVnrxjSYdl:wNEcRPDPq8IYrRyY/CJsnr9SYdl

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Dump/dump1.exe
- Size
  
  268KB
- MD5
  
  4ef5f0a660c9ae3e32eb109e1e7bfa30
- SHA1
  
  b02b7fde30930161726fdd7e872da43b271f2c3b
- SHA256
  
  db8c0fc8427546ed54664fba24bdc7aa335eedb34b21c0d9a030dbc4f2bd7aef
- SHA512
  
  6a49b7d2c46e072f329f75b0ab74e011aee16cd35ba9a83734294fcbb3ad73539a8545f27695d58aa9d9150114c8f344a3b193b2e6005edb3085eba0906e9a81
- SSDEEP
  
  6144:uj7pn+5J7GRQtr3XMxJR2O5jRQtr3Xxw+:uj47mor3XMxJL5dor3X5
Score

3^/10
behavioral1 behavioral2
- Target
  
  Original/999bc5e16312db6abff5f6c9e54c546f.bin
- Size
  
  573KB
- MD5
  
  999bc5e16312db6abff5f6c9e54c546f
- SHA1
  
  c19761497efcdf156f50c014e7520fdae40822e7
- SHA256
  
  dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741
- SHA512
  
  37d8403df63db243ec631267abb167da67acc257a45c775a8e646467e9c121820ce420bc15b920afdd386f2c5edcabe8d310ecd3074405c31ee37f348ec4c78d
- SSDEEP
  
  12288:wZ2BkVm1YvrIm9/nefmiM+Si2BiYRdAugT:GVm2rvJgmX+n2oYRdvA
Score

7^/10
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Original/Document-772976_829712.scr
- Size
  
  241KB
- MD5
  
  c2d73485095efdbd7ab625e469affb11
- SHA1
  
  a0a7b943b46979cc593474b94f14f2451b8ac3c0
- SHA256
  
  523b9e8057ef0905e2c7d51b742d4be9374cf2eee5a810f05d987604847c549d
- SHA512
  
  ceafd283a2ce95ae5288871fe1732f97b600a4e08981b044fda925e15cfed120a37015c633de4daabfccdd3716dc9e0f4865468f647d8bd627339815d5bcf131
- SSDEEP
  
  6144:/GpBEWJvXcs5eyOfevIUdy/ZV6u2nf0+8aq:/GkEEJy3IUdy/ZVrifqaq
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  Original/b44634d90a9ff2ed8a9d0304c11bf612.bin
- Size
  
  480KB
- MD5
  
  b44634d90a9ff2ed8a9d0304c11bf612
- SHA1
  
  8f72e02dcbd87a4c1b880d349e34e0deb8e7bdd4
- SHA256
  
  27d3378f41d3bd82d84544f7331856001a5fca259b6ef9001c15cdc43207c73e
- SHA512
  
  7e48e19817a132c8c29f56c271865ad7ef375291229e9b844c3d3c7ff8927b23fe4eb87494ef89f3dae0e1795648ae910e576ca0c42c231c15aaca60bb619239
- SSDEEP
  
  6144:iWWPaCGkGGCBJKeNm1VbeuJCeU2HM7R+mzZUxrKkhhcghPrQANJRjiP6EQ6a9k7v:ReGkGJN8VyUxrvoZgJRjJ6a9TgS
Score

7^/10
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  Original/chqpl.file
- Size
  
  255KB
- MD5
  
  c6315a09e06e2ba775e5be0979d23755
- SHA1
  
  68abb2c430eebcad865157b4ef3e25f23ec5daca
- SHA256
  
  0e2706d24d9aaf93a2c9181a892367bb6094cf658c97b237d336f0651f35ff5b
- SHA512
  
  6895a0dd192ce95a4a9c2ce51cc7e0cfcdcc5a024e6e83e39528f10b835b7eb329deebc72b258c25968291f4c06f27e1a7d06007ee785f684ba920d097e7cb5a
- SSDEEP
  
  6144:E9kZ+d0Wm7M5MyYzWteHu4HCRdfKgvaY:E9OnWm7S26eAf5iY
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral10 behavioral9
- Target
  
  Original/dd207384b31d118745ebc83203a4b04a.bin
- Size
  
  538KB
- MD5
  
  dd207384b31d118745ebc83203a4b04a
- SHA1
  
  72dbfa32bc3a099833f3d2190371e3478d3324fc
- SHA256
  
  a4bc61a4b1b5cbfa25ae56d0fcf94424893a60abcb68aad2c0321f99e5d7b520
- SHA512
  
  60e6a0467d42171cfb07c33349789f3e679f498df483c7901ad04c3171c0bc324dc86c6b897928cf622873e20ac4e17a87ea88ecac8b555812b16d91f1fe954a
- SSDEEP
  
  12288:uEQTUs9+7tGwu0BubanwRfiHX3XVQtCJJaHPJGLhT:Tq+ebanwR6HXVQtg4HPA
Score

7^/10
- Allows Network login with blank passwords
  Allows local user accounts with blank passwords to access device from the network.
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  Original/fax_390392029_072514.exe
- Size
  
  276KB
- MD5
  
  4ba43f0b82f86efed437c8523f7a4dee
- SHA1
  
  356b21b749c8bc5e2295a3db62ea03c47cb4c1cf
- SHA256
  
  10745182ac1b738e4a363166f650069d16b81873b3bbb1990e7d07cb652495e8
- SHA512
  
  b0d36313226069688e1710be561f6bb75e232ee35212d41b50e12800ef54c48fbe29b1e97d8d08add642714887a10d598a06cfd2b8a609556242689496ad82a0
- SSDEEP
  
  6144:NYIPjoJyR6dNNdUvw9IbxQi2qJ+4DhYxrtaDi:NY/eP9j2LvxaDi
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  Original/loader_9b313e9c79921b22b488a11344b280d4cec9dd09c2201f9e5aaf08a115650b25
- Size
  
  313KB
- MD5
  
  2f08d1f1b1968be7f9669e2ff94dea76
- SHA1
  
  168befbd8691891fc9a983da90a80bff0aa79cb1
- SHA256
  
  9b313e9c79921b22b488a11344b280d4cec9dd09c2201f9e5aaf08a115650b25
- SHA512
  
  3dc06215caeff44944f577a5040a7f5ea89c16988021dd34dd914c110cd82052b4e4e8a1190568ed1bda89887bc4b132ac965818406b652c91a30acfc3b0ec5a
- SSDEEP
  
  6144:ixxjPBn35E+ZXJtWc/yx1kk5NiIm4ALtvhwhz1m9r8:iTrZpEePWQyx5fiIm4otZm
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral15 behavioral16
- Target
  
  Original/payload_f8eccfebda8a1e0caabbe23a8b94d7ced980353a9b3673a4173e24958a3bdbb9
- Size
  
  123KB
- MD5
  
  cb10fb803dc1f81b4bd324a5859b3ed5
- SHA1
  
  9e778c1253ea59de4ea76f97d858b0a8d23a2fd2
- SHA256
  
  f8eccfebda8a1e0caabbe23a8b94d7ced980353a9b3673a4173e24958a3bdbb9
- SHA512
  
  05865e3554c1f8c90673baf0681de88058c7202439bbecacaaab4ce97bdc60bc77cb1e89d54b3c4ed049c0140c4bb2784433e5dc500debc47a7605b98312506f
- SSDEEP
  
  1536:r8BG7Nckd6tnE0VVQrZzsIQSaB9a0OyJzL0OzfiPO4pPbEFvwfPISaOW9bmCDmf:rzikjEVQlQtBfOUPaP1zkqASxW9yCK
Score

8^/10
- Blocklisted process makes network request
behavioral17 behavioral18
- Target
  
  Unpacked/Dyre_Unpacked.file
- Size
  
  1.0MB
- MD5
  
  4d1d43789e038c6a03c07083ca0b0809
- SHA1
  
  8c4d87363a4a2352847923091b9ddfa6891f2807
- SHA256
  
  05edcc3e5679ee254c78058c4f446e195544d3ff3374bd141c1895e7ed6a410b
- SHA512
  
  32de7891671af7049b22f8384735fbd342413b2dcafc1c3d94cfa773079e10a006fe21af730558a2839c1b07deb1edd3462b07bed777a5f306863991b9709710
- SSDEEP
  
  6144:rj7W89i5WWwR7A7XJfZ4FFhDhMWwR7A7XJVgNgG7:rjntWqA7X5Z+NMWqA7XOgG
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20