450d7f97f23c00301ac334c05f296fe304b4bdb02cd72e4a98391e691c7b35f6 | Triage

Sharing

General

Target

8109fe22b584248c396f6a2cea3baf50_JaffaCakes118
Size

1.6MB
Sample

240529-rpk4rsaa39
MD5

8109fe22b584248c396f6a2cea3baf50
SHA1

13b1e2af45b7be21cee79b58a03a0c4399995178
SHA256

450d7f97f23c00301ac334c05f296fe304b4bdb02cd72e4a98391e691c7b35f6
SHA512

5e9a1dcd94a228ef779f8748313e142967c678cea611246a5cf8a849fe9f2b33370fafbea7dd954f3875045848836286c6926c2c10c0c54f35286e3f4d556b53
SSDEEP

24576:k00XOSvEJd8eEDPq6tP/1w9D8AB+Pcx4+ElgICVOpGForZx1D:k0ov4d8eEDPnJ1sYAB+Pcxmgo1xh

Score

9^/10

evasion upx

Malware Config

Targets

- Target
  
  9gpan.exe
- Size
  
  1.6MB
- MD5
  
  4ab1764f657d113a8a5ce4ba1374f5cf
- SHA1
  
  8d087e7f19787daee69ec69347f77895a2079284
- SHA256
  
  5d838f8cb19dfc41737fee7718f4638da40c044c5f03fa4791e45cff6b707543
- SHA512
  
  1b13296934dcc6a32daa4bb86fb78499545c7b4e9082eaf06783308e69d77ceb4e7a19b738823a63ee7f317a916cb38dabe94ea91f9391fa15669073781736a0
- SSDEEP
  
  49152:hrQXuHTEgedDme7cG2NgiL2c9SAWK39P0KXZcN:hmuznq7cZNVL2cgQL
Score

9^/10

evasion upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  多多软件站-提供绿色软件和热门单机游戏下载.url
- Size
  
  149B
- MD5
  
  829f4620e7cfc918a5e9aa64dc7b1516
- SHA1
  
  448a5078d6abeb5b7cec64bebd2cb52f1a775bf3
- SHA256
  
  be35c1f6807f0b264074ece00a59435b44f06fed9695a522db2b47a0feade51d
- SHA512
  
  ff11639ad24c4eaf27217a1c07acd51900b988c2f4cd230cde0ceae342f1179eb3c2d88bd58fb31e86c0c9db463f5b60390769b0de2b7f24678c1be8ecd6b0f5
Score

1^/10
behavioral3 behavioral4
- Target
  
  软件说明.url
- Size
  
  167B
- MD5
  
  838c9300db2b7abbe4d2ec720a176a56
- SHA1
  
  bc2e2130203cdd2381dfc3280dffa9dc7d896cb6
- SHA256
  
  acd834fa70bb31d58dc9ca1e3a653840ab2e82bd53c14708b9429699f16dfc58
- SHA512
  
  979d0efd4b516437998b62d3e011d01b18ba44b6a15e047dcb6d535f0d9cbaf57dbd37760577fcec399593d61d4c548121625892e0f8ca81ceb887989248f9e5
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6