7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617

Sharing

Copy URL

Twitter E-mail

General

Target

6f1449121c5a88a5fcfb408a5915543a_JaffaCakes118
Size

1.2MB
Sample

240524-tkp82abd7y
MD5

6f1449121c5a88a5fcfb408a5915543a
SHA1

e1ead1a83c4356a628fc22142652914e5f5242c4
SHA256

7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617
SHA512

fb1b2b19c190425ce72af8af399534b4b912f7fdc344ab93f595c33eb58fd2812cde4e9fc7c090a0c48de6458615f0b33a7b280aaa5076b86e49bff510ac105a
SSDEEP

24576:uij4cIfWZMDHDGGpjewI3TWacQjDnArnbzywHnlePH3+Ipi6HU:rIfWZM/GKjFuTh+bewFevOI8aU

Score

9^/10

Malware Config

Targets

- Target
  
  gpg.exe
- Size
  
  1.1MB
- MD5
  
  ffed73d78416e68f0af5eb9d539be746
- SHA1
  
  c4238312dde349c4f16505abe537e925cfeae1da
- SHA256
  
  a30c9de2a1317e9ac9da49bcf6b33c9dbd26724f70d4df6ae8fc4cc3449605ce
- SHA512
  
  45aaca162d844c8394c149eb4c272caf596b69c4f5351dc735b58b72e1033bc5ec2a945097ab1c8f13762dec68542d863afbc62b4f86da50bafb21766f594ca1
- SSDEEP
  
  24576:O7TNpt9OZUHFqL71sa/aqt95fb3POt49smQ19eFFZ7GrPPwz4baXgQnaFA:6TN8CFqtPrz3POt49ngF
Score

1^/10
behavioral1 behavioral2
- Target
  
  gpgconf.exe
- Size
  
  147KB
- MD5
  
  dc02c87e65311abdfef34e8724f4e65b
- SHA1
  
  cc3d4b60cc98e0d61f4ecca41a227ae5c1cc764e
- SHA256
  
  626d1b4bed319a2a158c96a6a0fe147b2ea82566e50374c792c51648806801a2
- SHA512
  
  ee67910373081238e07a101568749f14bb3cc61d7fc9d1df71cc1944be74168f7bfe761d96073b6ab4555247bc821ae6b00cc4c39b07e93606399958aae6c93f
- SSDEEP
  
  3072:f6/73a4HykdUtKZTAJhyg4z/M1F6rnHlTvLErZspNo:f+OkdVzk1F6blTvL1
Score

1^/10
behavioral3 behavioral4
- Target
  
  libassuan-0.dll
- Size
  
  77KB
- MD5
  
  baf6dcfd5eb06852939681f5209e9cdb
- SHA1
  
  36c6eb5e401d2c21fcbcb7bf833a41422e668469
- SHA256
  
  fc7a9a77d6bccb993185ebc71e8d223e698132f761aec65ab7590a7f028fb90b
- SHA512
  
  4bab1bad23df95c520dc40f6ccf9f11974aa895f0cfe7c9fb320caad5a2237aca695d23d0a06195325c4c3e19dc75d5aec7ee34a36bd7839a9c79bf3bdf95853
- SSDEEP
  
  1536:Atznsf5Dko+qtyNMoj6LXaq+FjCrBCBxYfJjvlbN+AL:AFgk0eMm62dcrBCvYfJlbNZ
Score

3^/10
behavioral5 behavioral6
- Target
  
  libgcrypt-20.dll
- Size
  
  979KB
- MD5
  
  e7f12f3680f5150e29994a500d7c022f
- SHA1
  
  b0021e21d16c0dd5fcd7e067d828e7372d164873
- SHA256
  
  9f2862f520943aff5a1825a0fb92a4e98757dabe557c89e92cb24d0523905df4
- SHA512
  
  d7cd75ee6a7d16a6a16eff446ccecd60ed531903ddacae10081835f803ba69c9ed10cbcb2e17e262960e156b407b844cba3c5890a56f633c0b84d5e0ff005e62
- SSDEEP
  
  12288:PdETpCAy8RMKOsF0zIcG8GxEruMWkVyc25lPSd/uCf:1AQlsOzIcGJuruMWrc2XPSdt
Score

3^/10
behavioral7 behavioral8
- Target
  
  libgpg-error-0.dll
- Size
  
  167KB
- MD5
  
  f00d0500d0e18f9cbbf24df4c867447f
- SHA1
  
  930c42e51296f9c706b683973d36b32401adea88
- SHA256
  
  2aef5c58f9454174d816729fce925919d8c5994a37f129288357bf8ec2b26783
- SHA512
  
  71f9d683ab1bbfe3ff247cdd2da99c29fdaf7c55489773aad58004ef853709d962de3f08f63b01bda3467366bf49eab4e86634e10837473446e9788df6d9682c
- SSDEEP
  
  3072:1VLFn1do/If9mvLJmVj+JP2xxFTTa6MpVf1JJKDo7wvQGxm8uNIW2A:vFn1db9mvLJmAurTaxVf1JJKDo7wvzxQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  libnpth-0.dll
- Size
  
  27KB
- MD5
  
  e132eccf9a1eac741c9e9806a143c475
- SHA1
  
  e5420ea0a935e32a6b4634756345aa3d2174cac5
- SHA256
  
  30362bd4c6d7d2bf23f76b2d23a64dfdb79f3dd3f32478e6247d31cf1de78fc7
- SHA512
  
  3ea415452dd3ee9d0571c3ecad32cac2f24895cfaf8756bb3543a9e193deb46edee8fd73c38b188b44dd296fabe7013d74dfd4ca02e3a4485f339e6c49a1ff05
- SSDEEP
  
  384:S4Io6T8B6ShjRWuU4JfSZ1kUMqurUfc1ckt+w0WhGGdBAVXIZTmGiWmrzsgWlsAb:FRxYkUJE0WdBAVXIriDrzw/
Score

1^/10
behavioral11 behavioral12
- Target
  
  libsqlite3-0.dll
- Size
  
  795KB
- MD5
  
  3cdc28af73770e4a3068a47c094c73df
- SHA1
  
  f2ee14b5bd6f156a16def829e85fe4d5ad791dfd
- SHA256
  
  9d5d08972b624e5ef9cd9cef6e9fed21cca7972df624c3248992b96974afa3ae
- SHA512
  
  a055d712f4874d6239107e2ccbd751fd2de3d6a5db5e5f510e1e51b0a28591f60c56b0d0c11074308ad2afb6edae65d76c8318cbd8eac9278fe472fedc4479a6
- SSDEEP
  
  12288:58LF0+BcKh68H8vMwHvF/Jkbh84dQ64Jns0xmQak/lVTNRGwhP444dZIEqGw6KQc:KdBZ84Wq0xda4jhAZZzZtn/giGbfAK
Score

3^/10
behavioral13 behavioral14
- Target
  
  trkop.vbs
- Size
  
  4KB
- MD5
  
  e709fe17f4e7f99292b8685ddd0a0a7c
- SHA1
  
  f7f05bd5b2b4c134577a375f4d3d29fda36fc146
- SHA256
  
  101f060edf89f4362ee6657acc110f88d3140090fb676620049a2407b503b837
- SHA512
  
  58a3df44e7123d84abe59be6af06587845157f3e75132c0c55b891cd911c77ab0fa958eb1c395c17d34fec02fc07af93b57aa3188cb4bb9f66a251a9b23b9647
- SSDEEP
  
  96:UgWBAP2GmFP5AI2IYAvk4yZxIe2H132Tes2X2nj2jW32p2eR2p52pvc272nRgu/b:UAPbmFPrKlZxLk3uesceKso2eRo5okGY
Score

9^/10

defense_evasion execution impact ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral15 behavioral16
- Target
  
  zapa.bat
- Size
  
  494B
- MD5
  
  ef99b93eced6ca4bb4e1ea3406c46c8e
- SHA1
  
  2d5f1f4ce603a608ad709796dc94558a9d896d46
- SHA256
  
  7ce948f3b772b1829bf86cde37fa2f52916c5b1b5065b5207f7e1c2a423dd24e
- SHA512
  
  4ed77ef571aa7e5ba87e93e8bd7268026e78eccc5480c4fff787129c9ff273857b47986dea04273534d52ed99ec32a32d5bcbe131efbe768c6436eefd7ee6f08
Score

7^/10
- Deletes itself
behavioral17 behavioral18
- Target
  
  zlib1.dll
- Size
  
  99KB
- MD5
  
  caa9c3b04efe83d93a9e4cac94b8e4a9
- SHA1
  
  95499536603ea18daf9be781bd927908d8327ac4
- SHA256
  
  249221a372e83580fa03e789714117c709fc1ce55cb7372640895833916b9f04
- SHA512
  
  faf16f7941e7a4f8a1caa144b0f845c704d38420e3bf549cb8961089dc380d7b08ebf347934366a2ec9b42c69d32e5ac675d56dbed6ebe029cafc2c23410b3b3
- SSDEEP
  
  1536:bON+QZJpRJ1glrdXOW0nTEDIptmwRh4p1nToIf6IOqIOqIF4qY+O:0HpRkXOlsIpkwYdTBfI4qIF4qY+O
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

T1490

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Deletes shadow copies

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20