f09bb4f1130aea6776d57b65e8e73144019c3f9208b5fdd3100f9ad9e12fc453 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d8fa88fb819469c201f6290d567c4b4_JaffaCakes118
Size

2.2MB
Sample

240611-kdv19szgpf
MD5

9d8fa88fb819469c201f6290d567c4b4
SHA1

cb9e653f59e3946baa10400e0bc39b268a2122fd
SHA256

f09bb4f1130aea6776d57b65e8e73144019c3f9208b5fdd3100f9ad9e12fc453
SHA512

7282ff35b6c1b63af4c1f6aaeb993e7e5d725ec8a2b682ee6c80d947782283f8428a5fccba5a4e63029397bc1de2050253c680547560f0bbf16b126041534662
SSDEEP

49152:b8LWYWPag7CEInZDeB4ZrsRX9DrscBVTz33k9zNglsYO1+q3Wji:b8LWYWPVmy7RtrscjTzkEleJmji

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  9d8fa88fb819469c201f6290d567c4b4_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  9d8fa88fb819469c201f6290d567c4b4
- SHA1
  
  cb9e653f59e3946baa10400e0bc39b268a2122fd
- SHA256
  
  f09bb4f1130aea6776d57b65e8e73144019c3f9208b5fdd3100f9ad9e12fc453
- SHA512
  
  7282ff35b6c1b63af4c1f6aaeb993e7e5d725ec8a2b682ee6c80d947782283f8428a5fccba5a4e63029397bc1de2050253c680547560f0bbf16b126041534662
- SSDEEP
  
  49152:b8LWYWPag7CEInZDeB4ZrsRX9DrscBVTz33k9zNglsYO1+q3Wji:b8LWYWPVmy7RtrscjTzkEleJmji
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $1/QipInstallerStuff.exe
- Size
  
  92KB
- MD5
  
  e46a394db6c15bb86ad6aca9014d6bbf
- SHA1
  
  83e57986f9f5bc7a99bd588a1e19c6bad122da18
- SHA256
  
  9c39b94cae98a018fe681a735aeb36078bfb7d9d155574fe9c6dc4817868340a
- SHA512
  
  e445e1c6e9cbb32ac30def2b9cd5c8d4d5473566fa36e987eb82b29139b148c71abfef9927fcd72e2f18a7abbe5d07ee0ad3abf529428e36539546e66abce2d1
- SSDEEP
  
  1536:qn8o0QVRYvGs9OqEVgSzBDV1CKHygijsQlsWwcdYBNgf7IALEIRAm:K0qs9OqEVVBZ1f8sOYDgTIALEImm
Score

1^/10
behavioral3 behavioral4
- Target
  
  $3/QIPApp.exe
- Size
  
  563KB
- MD5
  
  3665f4cbb5f68812f7a80931b46c5cae
- SHA1
  
  93a61a6026dc54fa59d53245d2c664bd9a7e4591
- SHA256
  
  064d3ce9a1161425ed7b85485c6c061f8993184daa6dfb6ac403e3d0eb7106a4
- SHA512
  
  b79a419ad339b6f7e4dd41239ab22e7611cba365518c920b7b4e731619e34f5680859072a99f3cd8452e5600b0b2e08c5b05c5ef19f514cbbf30fe03af28a8be
- SSDEEP
  
  12288:Zqs/pXJJVKgszsbsrsCssxhxhxhxhxhxhxhxRGWYviMh:DLJVKgszsbsrsCssxhxhxhxhxhxhxhxm
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral7 behavioral8
- Target
  
  $R1/Plugins/docking.dll
- Size
  
  60KB
- MD5
  
  bf49f5ac4bcda179d3e2af86dd92ae7d
- SHA1
  
  715ad84d9eaf7ef52bcf97d5477d3cdcd4f07965
- SHA256
  
  cff686ad048c9d7db12113f2fcb0947ba03c0186cb6daefc1bdca9e2ea395e7f
- SHA512
  
  d5f9c60272dfea4609f9cc3e00aea4b36c1df716af015b58e2b1f5124039fccd9b879dce8abca0954b4b86c8ed748ac698e9837faf7c1d621b1fbfe2f23e2da8
- SSDEEP
  
  768:0O1uVg17CZCojegVKLxAwbITiXjugNgvLiws8U4n1p0L2D0DfOxCU:Nmm+ZCeVKLxfGiTu8gvLiwjU4kbDfOd
Score

1^/10
behavioral10 behavioral9
- Target
  
  $R1/qip 8.0.exe
- Size
  
  3.2MB
- MD5
  
  e0fb51ae556cb2c8d88a326705b2b602
- SHA1
  
  30031d0ea12cf5aa34f2222fdc4be3a3a6205b7b
- SHA256
  
  66a20bffe2e1e2fcbfddc8ee3a90418da636b833cbb7a075c743a18d54914437
- SHA512
  
  59a9488ce451351c9ac407f67364b07a8992b4b9e9e6a97f1dcd4f0933d1693ad574fcb56192b4776c92de021c1d0dfd83e9d5c969eb1d6208a2b0ad4ea7a346
- SSDEEP
  
  49152:KjjfdlGBAJIAAw0HAcQzTndgmZ1NGBbBIKgmAvlhhciTnLHwf2foam+:KPffGCJIAAPHAcQfRZ1NGRIhhgft+
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12