52cf5e0d855f6672516e7c2cb5524f5d11dd21d2de1280416bb47334ac8d58e4 | Triage

Sharing

General

Target

2da5f2d4512e5008dcdebec081a8c8e5_JaffaCakes118
Size

1.1MB
Sample

240708-yxd4rayfkc
MD5

2da5f2d4512e5008dcdebec081a8c8e5
SHA1

9fe2480b72faea91ca7caed8e1e2c3a26e3d0ec7
SHA256

52cf5e0d855f6672516e7c2cb5524f5d11dd21d2de1280416bb47334ac8d58e4
SHA512

41ecf60630274560df1f0ba0f4fda6a1f057f23d24b51328137c74cd378878d6b553994238347478801de4df1742da62713ffce70a2293a068a3156765ffd79e
SSDEEP

24576:Wsy2gEMPmT/IjjvPqH+hMf7D63vMfrcd6ZVD8G:c2gdPmT/IjjHhqDq0rK6ZGG

Score

3^/10

execution

Malware Config

Targets

- Target
  
  dadeng.org-v0.6/404.html
- Size
  
  582B
- MD5
  
  293a4ba540af62247908bc04f7a821e0
- SHA1
  
  fe8bf4afa74ca7268806f28974ab699d7e903c1d
- SHA256
  
  15259df4d497b20e41df07f8989a0990c639220706c131882ac04da56d284b63
- SHA512
  
  554e92a9fb9ee983956dfdf8b9642e388ddd9da80d2b0dc6c595324f8f0b2f70da0992864e524947608dda1734fd368804c0233b456193a83aac1c5a6247ec11
Score

1^/10
behavioral1 behavioral2
- Target
  
  dadeng.org-v0.6/ThinkPHP/Common/extend.php
- Size
  
  28KB
- MD5
  
  470f68c5e9acc92dc5a5b348499bc66d
- SHA1
  
  59496b08647c0a3fb523c9d629014956d3ebe396
- SHA256
  
  26787f602ea3eb3b78ac5702f9c254811eddaa913cca1f202c373c8566230b9d
- SHA512
  
  33b30034e3f63e45d0ce1413461516f5dd5c2befed09874c7b01e16665c25832a57b3d8ca612994f63faecca00eaffb114afe7ee65a80b09d2526268276eb4c1
- SSDEEP
  
  768:T5ducSwSGewARi/bAm3Q0Ul48NkaZTY9FvfP:HPTA2bA7l48NzyNfP
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  dadeng.org-v0.6/ThinkPHP/Common/functions.php
- Size
  
  29KB
- MD5
  
  0fc518af87a434daf47a387b9defd47c
- SHA1
  
  ef8ebe53b31efd940799281201da4e0b5f51bdc1
- SHA256
  
  b80d686f04c3a958e57497888915d5108bd43b333b885e13f17a2cd15417069a
- SHA512
  
  f9507aec5d97e97807c0e0c7681fcd25eed4839c911f5bcd2f8263a44d1be1055687dda27f9a2dddb6c4fd260085c40406521d8ced793a197c61c5d81f07fb54
- SSDEEP
  
  384:rjotHdQ90RWkjF0SKvKBm5hUDBfsXG3Z01uV:rjorQ90RRjF0SKyo5hUDB1+6
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  dadeng.org-v0.6/ThinkPHP/Common/runtime.php
- Size
  
  6KB
- MD5
  
  859877e808b01ec536901452e7c8445c
- SHA1
  
  9397bc56cabd010c410f2741f6b7eb743e1ce78c
- SHA256
  
  6d142fb083440d439ba90fc1201e029c5cb09814ac0bc2fcd3bfc66ebf2232c7
- SHA512
  
  b3ff6910c806f5a6f15e75722e21900c387327d21197b1e9f092e0705d5f7f136d94971c4ffcbf79679673af99b75fb977887b386d63c81a77ddb7062957ed9e
- SSDEEP
  
  96:ydjxSQEA7iXvTXKWfWTXnLNVNvbnnm0X6Vz16aK6pbzQRCFlDE:4xbEJvDKWfWDHNvbnmBYaZaOE
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Com/ImageResize.class.php
- Size
  
  3KB
- MD5
  
  7c78514047fd87c5e608a00bcd0c862c
- SHA1
  
  5231a0e13d224e30f0c19190a0d13724d19d8f21
- SHA256
  
  9b441e746bea38a774ec41d7b030856b54bc2956ac41fc4583a90e9242f14ea2
- SHA512
  
  ad04724f82ff21be7e2c75446deb42d9809363840c92e8e18f56e6e9cd0f8f96aff26f2e0fc626c4fd1a31e992d03fc328fe1de8a9aacdee4c346f08f68c4327
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Com/SMTP.class.php
- Size
  
  6KB
- MD5
  
  2974e9cf977cdb146cc3867272f2e029
- SHA1
  
  70a66e74de23481b93335787e4be7d000c8e30bf
- SHA256
  
  49e95adb6434da520a240c6ac79dcd3b040bb4e1c6da51c0e4bfeef7a2b0d603
- SHA512
  
  f05bde3f6e141d174a39e8658d3dd087abb3af4d2ff5e9f4dabed2ce23d92365c144f0bcddd4d1839a0661a5e6744a84c9478b870edea0d6b84f0f1a83dbfbcb
- SSDEEP
  
  192:mVzr+5yf0P/S3CKGTwPwNKdbQFsugx7AGtfmnq9Vt2LIPaOMA:B/fK4w3i8LViQVt2LIPoA
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/ORG/Util/RBAC.class.php
- Size
  
  12KB
- MD5
  
  5f5d400a3fb979af9e5ad1823bad61ab
- SHA1
  
  8f2dc176e9f5ae0361712b4e253ba1be5fa27153
- SHA256
  
  93ccf564d540e9848bff7b7bafc3226c6626525aa3c68bb1fa5234a88b096e97
- SHA512
  
  06e482fff7da5ee2346cd386d8672b5d93f22b023266ab2867ad6cdeae383659d23019756461cb481d603fccce918141eff997d7430ffc51cda46816ed058e47
- SSDEEP
  
  192:WdCsWhAE6QZNX8Sqp8/EybYqmB0yBbdiius:SXEtDqp8/Ey0qWjQs
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Core/App.class.php
- Size
  
  19KB
- MD5
  
  9555324b57240cb0cf6a60cb823820d6
- SHA1
  
  e3ba57a772cf5d20751ce5e17bab70a2fc5aee3b
- SHA256
  
  c63eb3d16208ecdad380e84b6a129b296fa9af497653ea3967bf955f459a661f
- SHA512
  
  0990f23feee202c4098073fdf695e4bb22e62c59e656d5b16e55bca23e7673a8355a7e1458a7c070152255f892ec337648ec192355c820f1de33af949b6414cf
- SSDEEP
  
  384:VyiO4IhDqI2liVYbnhp6qFyLg9gWNhs8V:QiHIhuIuiVYbhp6MmyV
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Core/Model.class.php
- Size
  
  47KB
- MD5
  
  cbe4e7cbbb205aff2e541db05228771c
- SHA1
  
  776062558e44505b6b1a58777fcdc78964420ea1
- SHA256
  
  ed4647a9d2c0564496f6cbff7c5623c49a16eaf9cc1bdf0d2fc05cb4dea69b3b
- SHA512
  
  a88e3aa97cbf77c03d865dea11e41275fdacbbad28d041eb0be4473357914748d71311b42ad28a5846dde2fcc763cfd72fb404bd0ec2a6bc87f44205b436edf3
- SSDEEP
  
  384:Wvm4Tm0LcCnbiPzn28Cd/ZXdp2r9hx1wVz4SvhVMX2xyo62vLetMNRfbvcRXoLnY:WzTm0LcCnbiPzMboD0CGxyFtMTbqo8
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Core/Model/AdvModel.class.php
- Size
  
  34KB
- MD5
  
  2e48bb999dfdebad4743ddc5e65733ac
- SHA1
  
  6c4a8bd6dda074e1aaddbef1b48b29b1089fbfd0
- SHA256
  
  ff2c1d598b91daf671a9715f0226190c939f9028b2f067cdd8b0faba4d9c1e6b
- SHA512
  
  240293b53df3426ac3ea1b5437f7d107a66bb2d067a7b9b9bdaff0b67b60ae315d8578b9e2a04e5b63aa3c7517cbcd5b04e28d40cc9fc5a94ba361e1b9ca44e4
- SSDEEP
  
  384:e3QyUgq0qYCqwLRImJOIVNJt4TsUZXnBD81fNbsh824DZHpgNXCKwHpgN038qd4O:eAyUgq0qUFBMIqd41zsUUcbdK
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Core/Model/RelationModel.class.php
- Size
  
  21KB
- MD5
  
  e91453e300dcee1d18092fc6fe11b084
- SHA1
  
  b89b821d5f777e9de6f8cba50e301613ef99e4da
- SHA256
  
  124d2d5dec8811d6be8b6f15fc5dc2b282e758fc27da73596932cddc5c896619
- SHA512
  
  a3f964f20edcf786388913b2adf9484883531a0083b8700e9a851077a29747425e4980d7441ec90c2005cdbea8b964ce61b5a2ad2588e752d68971c5dfcd34f8
- SSDEEP
  
  192:X+48g9cWZTPwGvhvW7+aHiWPpqaljnYknuAQ+kRn4Y4nSFY6CJH:J8+ZToOcHi+plKUB
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Core/Model/ViewModel.class.php
- Size
  
  11KB
- MD5
  
  350d433aeda310f4cb5d0a87c20e6eb5
- SHA1
  
  a5e0e6885a0ff34cb4250f674ac2931bb76a0cd9
- SHA256
  
  0a6b4ab9cb5d841b9ed16db97612ae0d84d4e10bcea976862a143b7fdee612c1
- SHA512
  
  f933debffa04fee348b489b76778ecd609c5400c8111f6c999463b7b9970e86b1c7b88017d68ce31bf9de4b2f6ecb783c445b5c452d23816e2de462873065b84
- SSDEEP
  
  96:ydR+Md/KT7TqSeVWN4xNIwh2QaL2GEjJD2FcxwatXEQf4hWFXxHKzGZthWFXxHRK:I+rsAusQaingYLKSBLSBcB9OwySBWkN
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Db/Db.class.php
- Size
  
  38KB
- MD5
  
  a70087b1b7d07b526c7b3e3f7475de5f
- SHA1
  
  ad4bb876094da65e2b394cb54941a544f14b12ca
- SHA256
  
  eac0235a34bbab771d981d993492a690b87b5d95ebf88bee31759b45b2719445
- SHA512
  
  1fc2252a30a6f6fe65e6aa28f9b44ac7431b074b4e2f21f35866f5c8892ca9b1ffc409ea36e1f873ef4f1c61da010f092bd215eea19bf9216e1f0a5026c039f9
- SSDEEP
  
  768:uSnz7F1+VzE3Eh8jlDr2oBY/ZUl2CRg8yxGJfYw9:uMzJCeDr2oBUZC2CRfyxGJfd9
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Db/Driver/DbOracle.class.php
- Size
  
  15KB
- MD5
  
  6576858542390eff51aa5401d1683bc5
- SHA1
  
  6e8476bd3e193adbb2806378eb830af007186915
- SHA256
  
  2decfe7ef8a2c12a3662f2f44aea22651cc35f7a2dba28998da0167d575a409b
- SHA512
  
  b730cff55a551b741e4b83dc5e2599e1439e41e4d7021a29f2142413dd80f2b5e79fa4bf63b2b2136e46d0ac4104288aad8a6b69e5236fa605b7c5d047b6fa37
- SSDEEP
  
  96:K+wp8SVWfZvlsQDrR4xWDgM0Ln06mYO+8iyCGuzR+xccb73iSQac2I:K+wpfWd7DgM0Ln06xv8iyJu+zHtQ
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Db/Driver/DbPdo.class.php
- Size
  
  19KB
- MD5
  
  953f978242c5b0b62d399e3e0183d399
- SHA1
  
  c090b82effd0bf4c48c697339760dfa9d5686315
- SHA256
  
  a056d3aef60f2df24daa5abcd1365353a21076ca28a36ec34c47a94d46a9d2ee
- SHA512
  
  2b533d13a31b177208018454bc08ddd06c8891f510f4068e7370cccec32663670393b920b1a81d86aba556e09b032f2f5530f909127e37d71688cc208e1673d4
- SSDEEP
  
  192:r+gwPnykgdPZIARrVEp6QMgo2SFf3miaE3BCm:XKUZIARrVEp6QMgoPFf3mORCm
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  dadeng.org-v0.6/ThinkPHP/Lib/Think/Template/TagLib.class.php
- Size
  
  15KB
- MD5
  
  5253b34a07929652df1dcc46a436c944
- SHA1
  
  f7154b3075859d94d9a8de40fe985357881165e4
- SHA256
  
  e56abc2211354f02825a7cbaab13314d1761f36626e3d3609c9ab974f26a7369
- SHA512
  
  c7ae96b064d366a513638d9cb1d5a585a9087bd3bf335e29a932515103844d6323c1e85c83c3566a2bf543cdb93a614b35b9507de296429ae5ccb64d3626e30a
- SSDEEP
  
  96:ydqm+DdQmsyXTi3jPZI5BYHsdWLXS89ioUdgR90Wpjv47EWpkYJgqThDTOwQcw2o:3m+aE3BnsS89BYgR9Rv4mYS2+pc7o
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32