General

  • Target

    a11dfbf5eaa8a8016c3e5b37917295ff_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240612-smygratcqr

  • MD5

    a11dfbf5eaa8a8016c3e5b37917295ff

  • SHA1

    9c56c50f024d0c30d65fecc21d0606d13e150fc4

  • SHA256

    c01d3627e75521e6a8596bbb12f63111878429b5ac4aec18a1b113645f4759f9

  • SHA512

    788892d0e36d1139345ae7e12be6446f84f1d9598e3f07d06d5828d0f294210c4a97c4fae4339e7f8e4e2870dc40641a97bae9f48d7962988f5a0b0aec6d008e

  • SSDEEP

    49152:0+RZpVJqANpiLXIJasTQ3qmWKF6w4M+huMv3zyW5j1KttISDL5i2iyPwf:0+RZp9NpJTTQ6JJEwjyW7KttISDLkyPg

Score
7/10
upx

Malware Config

Targets

    • Target

      plugin/BGKM5.dll

    • Size

      16KB

    • MD5

      401f134a132d9dcc286ccc4b32790598

    • SHA1

      4a144db77caedca32c5a07b9e5e08c6801fecacc

    • SHA256

      cd6710844d3051b888e0353e36861e88c721a2075c8089a44ff1691b48c672e1

    • SHA512

      37e8a08d59c8278eaf2b865c584e2384eca57af43a0622f58e04905a2e043adf6b4bf3954c61145d0309c48ca42c54ef443273f00ddc4fc641899190911e1ca5

    • SSDEEP

      384:wfvqBy3JZErrEX3f8oU5FbGV6cwAILnVtHnzYd:qyeorr4UoU5FiV6clILn

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/BkgndColor.dll

    • Size

      10KB

    • MD5

      406bb5c488b5029e901fc2153e344547

    • SHA1

      8f833d516d74393e6b253df8933dbabaeba646ce

    • SHA256

      a2143a69fc32961107ef0847c1d881e95bb2226bcde6703d9536c74414853b76

    • SHA512

      77c6d3deb34aa3f0a6557d7e1a7f6cfafb43034fec84fe406ed630495aa2db48c6b329bc46dca1f24d55ac26d17ce113f32504349bedaa878efa74cc3720e452

    • SSDEEP

      192:eAlOijltG+1f+rJkn7Q/8tiO2qo/X6Sjkf8:ea9jXXSk1tG/Rj

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/Console.dll

    • Size

      8KB

    • MD5

      d36c7bfc1cf49351794d00d326b12716

    • SHA1

      5a76a3b68c61f47be9c118687199cba0cfd83495

    • SHA256

      2dc3e998a5b1352f205cdc90e9c8bc5e981c20f12308efb598dac8239484651a

    • SHA512

      8314629cf573d75bd91da2965d87eaf28f53b753c77e1bd041a17b532eef2cc9097484560bf26fd67b84bd12b3194665b4b8c2a14e75ae34dd9be0b5be60809a

    • SSDEEP

      96:8UbFOqwOzmpHgo9DGYQ28LsN5DSgN517MVWACXFaQVPg/7PnFj0bu8p:8UbFOqwO3IQ2sSSgN37MUtAQJ09068

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/DBSoft.dll

    • Size

      140KB

    • MD5

      e7e4b6a9a4e5836d8b63cfa9565a9856

    • SHA1

      fe99220f2e4640ecec8e99ef3697e4d9a56a3ccf

    • SHA256

      38f70707fd10c400dc33beb7af6a86b5242e13df3090a9a285ea17a869096e44

    • SHA512

      68191f80a3be6d09bde52094e55e59be4213d115b80c45f6d5099e7eb4f668f541e3130c01bd1857614d11ec3cff00c597d4845ffd59eba9cd2a4441026e5617

    • SSDEEP

      3072:wgKeudcjcZtrJPPYW25cKJo3BBnkeVEPcyo2E6jvk80xK:RNuiWrJ4AKJWBBnTEPo2E

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/File.dll

    • Size

      10KB

    • MD5

      5c2965d5bb421a4f59e2de8f6258bc60

    • SHA1

      1fc382a993362615db88cbf75a722f30c7591a51

    • SHA256

      501488bac9d0abfdc088e607b373bb1478e21cefab5432cb9cf740e17548e360

    • SHA512

      324d158107b1cd4ea38c08e93f8c36d01d665f01c85dcdb46853c450608c8ab7317896634514800f10cc1a46f6ac1873cae0a9b4f1aac0c76b3ff2627926f581

    • SSDEEP

      96:YCLColQLIzVjZMGL23Z3Q/q+Kb9dqaNB4d3RZ+NZwfqxdpPSi9unFWj4NRnhCTBa:dH7EG6NR5uan4dBGwCxdpPJjm7LTTo8

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/GetSysInfo.dll

    • Size

      8KB

    • MD5

      c5a4807548f698529b612bf97fc8a47a

    • SHA1

      5cc923faebf4b069bc63d250fdb19e3edbe203a9

    • SHA256

      a07a0bdac6da18dd11b07ae8584d7ad3d2965f5c8ee6bc9b69c0d98c02846bed

    • SHA512

      5ea379cc9a9041c7ce62d957b7b91725415f55d619979ea5305209d0be4ad82e625ecbad46a7ca25cc5a8d9c69e99d0c9a831ae844a9ff8b06f4b6fc50dbf62b

    • SSDEEP

      96:PsiaoN5CfgOzwJrL8zKJJhHJJ6t5xFjkQCBKAjzbdQt5g4TRnFXjAQlS8:nN51OOQKJrpexeDbjvdWRAQ48

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/Memory.dll

    • Size

      11KB

    • MD5

      50f0c0e24d88d0eefda4fcfcacae802e

    • SHA1

      646603ef9b9c0fd68e05dde596e8276670f81261

    • SHA256

      7d06b85946191b2cfdf77916ffd77de2d07a09c8c46ff2aa78981e71b23f8296

    • SHA512

      24477003c62f608325ebbd855435242cd41beee2cd40052cd3f24c3784300ceccac26b9874b6ffa6996e32d14baec6ea2841d8f31d06d59cd9079251fcf6af6e

    • SSDEEP

      96:vKL9xc9+Z2E8F6EnqlJ1j6Ied0tQvNSVIK4AFp7qCdQZkyDF7nFnBePyFDMM4C4v:Yxc9oEz90+Kzp7qlZkeEyFD6Y8

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/Window.dll

    • Size

      11KB

    • MD5

      53de569bc68df5c126ce5cd7157b6cda

    • SHA1

      0a0de405ec78609b9bdbbd360d5a7a5f6ab9464a

    • SHA256

      22d2f22c31236b35b2027ebfc89ac058db3a4d1620b2627b3d3d8f1ab8d367c2

    • SHA512

      e09afb9d384194c2f2e5358bc36cf8990612272a72695d9c85518bdf215487082c20d083d8acea105b1c062d99412d55778cd95457259c9f2da61e61e09a2dd1

    • SSDEEP

      192:1u7OspcwgW/Ek7Tnk2SamuWjyaFx8ZyP8:WfSwgWcEknMWjCy

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      plugin/darkblue.dll

    • Size

      108KB

    • MD5

      61be0ee0a412cad0296a0521ed24004e

    • SHA1

      0a6809ee3fd1af28599dad41571e34f5599e912e

    • SHA256

      d327d384584331629e3d491d67bbaccd7d7d770bc02a900de43ad371a31290e3

    • SHA512

      80a36492a878d261d28e6a50266baba1e65ae2f7664a38afdf8a9430e900a561f068e50430ac05c17bd6fa627af736afbfad3292cfef0095eeea5b58709511d6

    • SSDEEP

      3072:rdsPvMKWavRon55WQ4LzleKmDfi8Xtkmd:a37efh4vleKmDfi8N

    Score
    1/10
    • Target

      plugin/playsound.dll

    • Size

      112KB

    • MD5

      fc8ef22f195ccd08ba537f75501f5095

    • SHA1

      943cdffc7ca68e0b8c66c0966cf069c1f1fc4ca6

    • SHA256

      ce9720ad41b7632d83c04085a3487e114923053bda01cafcbf061e6e90086a0e

    • SHA512

      342887346674c8d60adb37cd34f79e109bc6fa6e2354fe3d05a6de68453f095d542921167c2b5583e12cf3ba7bcfff91e86494ac693e871ab62fedf6af186a3f

    • SSDEEP

      1536:Bkomc3dlgTwdfZS0t6czw5ZUtRGTzXFDwkN5s92vfy:BktcITwdRS0t6HZUtsTz1DwY5M2C

    Score
    1/10
    • Target

      小小问道90环3.18.exe

    • Size

      3.4MB

    • MD5

      8235c18ab15f8e6b4355363a0749d562

    • SHA1

      9c7020007ce637229a4ccb4402537860287cb41a

    • SHA256

      6bcbf1c65c8f57b13a3c5c898f33ef8bdfd133881ffd12fd601dc5c64d8ee07b

    • SHA512

      0fdeb85f1814a4ffeadaf71f70fa83b0319e7c02927de79efda4866e2e16dcbd8ab771f16dcae5bcdefd3b5c4428f258da1df817366c3cdc963a1e726994973d

    • SSDEEP

      98304:SyxL5/Lf0ZKIG5vmXEXSuJOUJ6d6upOneOpO:S2Wf2p4mxU

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks