fe969ff53db60ef3b5973a06cb61e53e94e242bb3d71a8f3efe54bfab718010d | Triage

Sharing

General

Target

15f5cfa5ba98ccb12d64fee64b916558_JaffaCakes118
Size

710KB
Sample

240627-pc5lja1aqf
MD5

15f5cfa5ba98ccb12d64fee64b916558
SHA1

041acab6d3d927b5ec7a02931818d7e0b7e92512
SHA256

fe969ff53db60ef3b5973a06cb61e53e94e242bb3d71a8f3efe54bfab718010d
SHA512

608cdfd86c0fa56f1ff139718a6d9438a3a73905fdb900e03f8e312680fe45f8e9c807defb0bec32f1e447e4a8b19a841822b482bec669e52c3be96dd7c11111
SSDEEP

12288:RsQaoaKhMnUtZfRtla/EaCDAOa1LUzReiWH2c3u+cqOb6LU/WpughEUHPTSxGhQu:koaKSnUt/ParC0b1LGLU2c3O/WpBhEUz

Score

3^/10

execution

Malware Config

Targets

- Target
  
  WebFTP_v1.2/WebFTP/do.php
- Size
  
  29KB
- MD5
  
  b5e5fd65846f6589d68ca7e9f2d5f6c3
- SHA1
  
  96ac36ae9cb575bc7a673bb939de6fd9f45b4205
- SHA256
  
  c5e483860be1b6213513226ea239d828ef459e2fceb0ad0bf464f2bbac5a6a2e
- SHA512
  
  551bbeb6f89035f8bd1686d2c5449048e6e4f4f5b36682db52bd63929675aa8aef57ff94e6b574f453c8671d65a3e93ea3b62013ce4a21e1723e0e1319ecc7e1
- SSDEEP
  
  768:H/ibH+r8hYtp9SDnMMj7Me3Zo/2D4vO2q3:H/irhYtp9SDMMjAUZy2D4vO2q3
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  WebFTP_v1.2/WebFTP/inc/Base.class.php
- Size
  
  8KB
- MD5
  
  431877db408421348236193d99d0953a
- SHA1
  
  4d6cc08ebee414cb5e0896623fdb50cb65552581
- SHA256
  
  3799b3e1ad2ad92224db61022d81bca02480809e8a6545114c15799f9324dc33
- SHA512
  
  0a3b9c4e3864596f6d670ffcb08b066781dfdd874815d5cdf814f6bc6de909f46e653c699afe0f7b5b965b464f20cbcc40746b364b72ee4e60017af6c3718ccd
- SSDEEP
  
  192:Z/jY9ELykxnU/rWJs3FDUu5mEFDJp7MQo:ZJykxnU/SJs3FDUu5mEFVp7Mv
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  WebFTP_v1.2/WebFTP/inc/PclZip.class.php
- Size
  
  90KB
- MD5
  
  5d47f52c46fd3e91f36c9e4dd4fe6602
- SHA1
  
  079757dd56dc9408e0e3841a66db151d3081e36a
- SHA256
  
  990eb0675f2dc5e6e99e1d8bb4627f60a93b101ae8789a4db727340557ed8156
- SHA512
  
  683309675bc4e288ecbce93fb5aca2b4d1a3d83e0165dc4947c3a0fc7faa2ca22f0586a1fd12bb58918164e929d4e352c32e1854714b26b171885bc64bd610b5
- SSDEEP
  
  768:+RCe1mX/j5Hq0XYUBLu10H55x73bA671MMGMsks9mZo/cmZumdLmjqsysHi+smiL:jkhIbFhpRdRPCvC6ApsYNmsqsRY
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  WebFTP_v1.2/WebFTP/inc/function.php
- Size
  
  12KB
- MD5
  
  f8075a69203a1a9b70ccdbcf97e9bcf5
- SHA1
  
  54014c2ad0dc364f865b73ddb741848b4d00cea5
- SHA256
  
  2b93f8f23749326acb3beee1f916b4b5dd89845fd1218775cc264066c652b0d9
- SHA512
  
  117d7b7ff62f8d0717b733496653ffd1cde893d04332bca2ada5bd44400778d81865a78ad514f9a02f24390c5f0b4b06b9114b10337998e3ce71cb8d97448338
- SSDEEP
  
  192:leEAj4dH4WCFhlG6Vn+aK7JFyv5XRMa+z7CNUwT9dPkKnq8Nsdqfn27wZb6:kEA8dHaoaIyNPLk/
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  WebFTP_v1.2/WebFTP/index.php
- Size
  
  8KB
- MD5
  
  a09c872d588394b48e2f086c58db2bf7
- SHA1
  
  db4a0f62a1133d4b478efbccb57285cd316e50a4
- SHA256
  
  7a50c8fc7aa393cceee03ffb332643c7c5b6506b37843d1ab72991899bca97c5
- SHA512
  
  6491e0dacb040130e6ca062d779e66e5ffdf31295e267e1066fa5513a0ad8738f9b447f05b5c82954a1b8c787ee6b33c6071c5c5999f02003b29d30517c9c54a
- SSDEEP
  
  96:dznXIpM/S1hDdV2IlDOOTWTbrjTXs3Y5T7Gto1L1qTbuY+4sU69:pXIpM/0hNxaPZPGUYT+4Q
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/lib/jquery-1.4.2.min.js
- Size
  
  70KB
- MD5
  
  10092eee563dec2dca82b77d2cf5a1ae
- SHA1
  
  65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
- SHA256
  
  e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
- SHA512
  
  cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81
- SSDEEP
  
  1536:Du98G2ltZMNWnDr7doqPp07HVDTLGbY9TGA7zEcbnkb17jQq3nPRefqvpsz:DuJItn6qepq15nUfqvpsz
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/Rookie/Rookie.js
- Size
  
  1KB
- MD5
  
  8f0af492f47ef4a27dbf41b1209429bf
- SHA1
  
  d01d08cebd68a02aedf603279689b47540770acb
- SHA256
  
  456147d626a2571aebfa5f95ecc845d91e879fec90c8a5739647897b2f8c2674
- SHA512
  
  ca3273f612e05603ee87d714c9c5b5de82ed29102c3d2f269804d2e714bb4a971e94a66298ebe79279fc12bb1e2d438ceae373f402faab31fac1677091bf979e
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/TitleEdit/js/jquery.fm.js
- Size
  
  8KB
- MD5
  
  748f1358176cb22e43a5cf064f2c136c
- SHA1
  
  6e8c182adb569ec8080e7983f498904c40a8edd6
- SHA256
  
  dd9d256075bd5bafa767cfcbb2d5c5ae8b04a2568da257e5c69934afbdf950a0
- SHA512
  
  bdb7daf75d301a3514c5a239667491bc3c988f077b5682f75b147308e9e474fbebc0308ad0208e32b3bdc3e84494e2e64b88c3981770ba1e3d1e6aec2d15ed53
- SSDEEP
  
  96:/Qdmezwj45jFjjWerojFjcPnj4hjFjjBLUvJTN2/gnv3S+wrYN36RpEZMkba6/uJ:/QdpzbrCps3Okq2LaCpz0BX6r5GpL
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/asyncbox/AsyncBox.v1.4.js
- Size
  
  11KB
- MD5
  
  8ce851e281f0b0a5bfc0a6ad018218d3
- SHA1
  
  c38906731654fa3606477c0803464cb9665ee5e9
- SHA256
  
  0e46c645626c79c76b96cbabc17026349426c467e716c900b89f154b37791117
- SHA512
  
  f7dca39388177c833b7547399869a522e05d7fa5f6340c92b2590ec85a34799d32d364f69981fb199c8edb5eb4c01f3d92e0e74a92bdcacf0c4935a92b9c5800
- SSDEEP
  
  192:dKQ8E6dJRZT9fHn8CwlTAike3+YOtNcpxqh/BePG2+OrkCvHC+Jl0/4mPBreonoL:8QF2bZThn8zAi/uVcpxqh/0j+OrkCVrp
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/codepress.html
- Size
  
  1KB
- MD5
  
  13db6129d42f5758c73ba5c7489003b9
- SHA1
  
  2f5bdba29a32623eb83353128844a0232e51176d
- SHA256
  
  a055d32ec3233f6bed47727931160ccd8d9bb9f84f47cc0ebf7a7b47831a11f7
- SHA512
  
  78e8a27362ea3dae7ffa06e83a0a7701551ed953864bec4bda944d4ec551adb00957fcb8e2550472fa82db3aff03e743e756894c2bc97526a31c604c9114cf46
Score

1^/10
behavioral19 behavioral20
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/codepress.js
- Size
  
  4KB
- MD5
  
  662e42e9cfdc1dfb5e6494786043533f
- SHA1
  
  32050d37f811e62949ee6c850ee36d7cc3e20136
- SHA256
  
  5aa9300c70a477428a81eb85e737f61fd0fa81c36f634bd40bd1befaaf6834db
- SHA512
  
  951abbb39f0c574550877fc4c9c4d300750bd808ac24a588ef90a0f456b63f734374e9a34513c1e1d322bf0ad1e83a16270c26b297353ce6af28c941e91ba040
- SSDEEP
  
  96:DwuOSrkL4Fitk7iicqN4yISmD+6ipUBOHmofDcIxKngZz3aV7nuQnZe3+ocaCVIy:WQ4qVVUBUL+nZ5ja7Gz8DpN1HAOVu
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/engines/gecko.js
- Size
  
  9KB
- MD5
  
  b85f72310cf30c476043a531890193b0
- SHA1
  
  51bf9a49eddff05d9d24f5b90471471d11059529
- SHA256
  
  e35b33e776adbbb797890241dab33720dcaca0eb10cfbad22c0487b88d8851b8
- SHA512
  
  f85224011e6af33a065342970c46a9ead68b628ed08b69ee494f79760adab62c18559026a4efb64a39e29cdb420c63e362c1ccecb39f1451644e352e74c83173
- SSDEEP
  
  192:PKGexf+/EaOyCB2Qg/7ZbRiM4TtI3bhspPaYvRFmnv9VH2UyJNWOVF42wsqYP35C:PNexf+caLtNl4TtI3bhspPzcVWlJNR41
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/engines/msie.js
- Size
  
  9KB
- MD5
  
  45c137beca44f603a085f45bdfe6ea84
- SHA1
  
  1088765f36ae1f34c33a2849cf56d12cc6cca200
- SHA256
  
  2b67e4669e981b07fa6cf768de81337fc4d8f3bcf8a5b14917f7b5144796c712
- SHA512
  
  dc5b41f136aac5412d378f85c9d1f943b545002f9e53f7c2c80cf8db21fa20eba212b65ff6b63a5367d654d34e1e4514643dffac8680f1c18bf1b60d77c1c838
- SSDEEP
  
  192:+KgAJDZfBQQhpBc9aOygXqmuIDA4FdXFMzvMQWdNNWz3xDTS4Nnx15RT3vRjTXvh:+PAJ9eZaiX7uSA4NQaNy3pNx1FZ/
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/engines/opera.js
- Size
  
  8KB
- MD5
  
  b66f44b6f1bd2146a0284be2e8955fc7
- SHA1
  
  15fd0c1dac7271374c6c4165d8569038eba2045c
- SHA256
  
  d47226096f248fc78b9320cec6585df0bcaeab2c3d8754db0f8c97e6973cdddd
- SHA512
  
  6a8eba5baa3eca5d5bc0045220cf6ed9b148eaf8fcda04c4971f3ee46af9683b3c8ac537cf356b67c7eb435c25efd17ffec46b02d4797ea4134435ee142e2ff9
- SSDEEP
  
  192:6KU9/5eOyKCuYfprZbg8xLX0Yk9Fmnv9+yJNWOVFWw1w1bRT3vRjTXvRkBe:6t9YYClHk8xDmwbJNRWwi1fZf
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/index.html
- Size
  
  14KB
- MD5
  
  8ea75ae93263d03545814f90b972273b
- SHA1
  
  86ac75e7f66c7ab911f1cf0d48520dcf2744fc17
- SHA256
  
  70bb6f1d71af9683319fb3cc328e3fddef79e758055d10e8c04cc44efa84cf20
- SHA512
  
  b14d55cec7fe8dd88d7740fe139000ed51b69e87469bbe0d3a36e2490e5d9d86ae4237305ec7523250329eb60c3866624f8049eff34689d0a279c594a236132e
- SSDEEP
  
  192:SdUYAoy4ddHPBakRo5+ItAwdEJXlhov78lJF/cl1mOXqPBakRo5+Ie2wo7Ag2+NV:SocdZifQq7UJF/cvmOai8TvCp+CymOML
Score

1^/10
behavioral29 behavioral30
- Target
  
  WebFTP_v1.2/WebFTP/jQuery/plugins/codepress/languages/asp.js
- Size
  
  7KB
- MD5
  
  109437f7bc694dfaa92f53ad893eebcb
- SHA1
  
  754d42234f3621414b527fa83651e4cf8cfbe15e
- SHA256
  
  5147717db9400c9165c7f2368b22aa95be781e5eca69ae8dd549f6a1f3fc07c7
- SHA512
  
  51d7cca001bd7f57a129f5191ce104524213837ac9f2657834c692b4b63e3ebab2b275623aa5c15844d2d2243ddce3d17a4570a2aac5a38cc709d35696250983
- SSDEEP
  
  96:DY/9tEdaq+ACoOLABDXcKFdUJKoesGbneSJGZPuerGxN/EZZwFpo9JdE4xoTQeHW:8VEX+RVABDzFdUJK3RGZPuero4xH
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32