22cda0ab9267828694f069a68f88caf8a72e8b516e519c0758b1502d9345d884 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e8d0c4a63666416c57ec30f860b5111_JaffaCakes118
Size

285KB
Sample

240709-b1n2sszbnl
MD5

2e8d0c4a63666416c57ec30f860b5111
SHA1

cfdbcba33493c864d7259f80cf807f185419caeb
SHA256

22cda0ab9267828694f069a68f88caf8a72e8b516e519c0758b1502d9345d884
SHA512

f982b2d1d4840c1ad79da2084932ff946c5ae657887acb11ec6543aed66fd1a1a08e8378e593c2c034b686ff62031e93f58bffa354e0728487977441035486b1
SSDEEP

6144:UmuVBQyMOVZm5yxtpY0F7NqUuVSQyMOVZm5yxtpY0F7NL:UmoBQyMOVg58tOuYUoSQyMOVg58tOuZ

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral1 behavioral2
- Target
  
  键盘记录器7.1 华军版/keyboardhook.dll
- Size
  
  48KB
- MD5
  
  718b0d4ceb3a318c1406dcccdf392473
- SHA1
  
  657920b021c2a7ed06fc5e71e89e61b792ce5dc0
- SHA256
  
  de4207b3a560b4e6a7ee7c8117ad01cddc5c596ae3bcbb70eafa1a11c0cbd38e
- SHA512
  
  5d79e1fd1c7d78be87ddabcaf71f1a96f8da12c18ce8ec0b80f1af8d4ef01a0d89cc2ab69b6eb2db42d205d690c406806135f89d1dc7d4f32d82ba831a8cfa16
- SSDEEP
  
  384:JMi8ezQ71VeTlxFoA6xVRTtcpjm/7KHF0srY3VyYYDzgJ47uL+cA/8oOgLZ/:+zb2TlxFL6xGpjm/EyV0DzgJ473/8o
Score

1^/10
behavioral3 behavioral4
- Target
  
  键盘记录器7.1 华军版/keyboardlog.exe
- Size
  
  29KB
- MD5
  
  55bc3652535ede1c4c53d064611d732c
- SHA1
  
  fb4fb23b3256df8d1f8d82bc27858ba97fdb4020
- SHA256
  
  9d9f2599910fcd955bcdad30a05efc308bd95a1c0962f38a984ebb7f21d05b40
- SHA512
  
  e2cfd1fb98c57dae5ac046e3a24678dc6a47619463633c90812c30c261d57a27952f1d39aff8f78dff81d5a9fd47f81e5a5a217338163d714a904b478c7e97b5
- SSDEEP
  
  768:KWpacY5IATDwACn1f1c/Zw0Ql8e0XE/m0:KaYFNa1dc/Zw/0XE/m0
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  键盘记录器7.1 华军版/monitor.exe
- Size
  
  112KB
- MD5
  
  f6c953feb4d30d4ac6739cb5120f4243
- SHA1
  
  39ac18004c3df8539c06c8cc82d04699c686bf73
- SHA256
  
  ed99b7605b92ace778f2585d80c90cb10c6a4b29460e73aa3bb5e2d9c866860f
- SHA512
  
  a2ca415908e33d98a75027658089c82f93862c0d7f038ca0a5b02aada96c5db2246188f28c4d779be4d75753e93d721547d969ccbf40f670346fba9fbd382790
- SSDEEP
  
  1536:/LTXC1sKCGGH9kk9zHYt2X3f/SLcRH3PP2mngmqB9Ip850pf5vP20SP5YfNfaPFl:HcCtd39zdfaLcRHmwtFmGf0SMl4l8
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardhook.dll
- Size
  
  48KB
- MD5
  
  718b0d4ceb3a318c1406dcccdf392473
- SHA1
  
  657920b021c2a7ed06fc5e71e89e61b792ce5dc0
- SHA256
  
  de4207b3a560b4e6a7ee7c8117ad01cddc5c596ae3bcbb70eafa1a11c0cbd38e
- SHA512
  
  5d79e1fd1c7d78be87ddabcaf71f1a96f8da12c18ce8ec0b80f1af8d4ef01a0d89cc2ab69b6eb2db42d205d690c406806135f89d1dc7d4f32d82ba831a8cfa16
- SSDEEP
  
  384:JMi8ezQ71VeTlxFoA6xVRTtcpjm/7KHF0srY3VyYYDzgJ47uL+cA/8oOgLZ/:+zb2TlxFL6xGpjm/EyV0DzgJ473/8o
Score

1^/10
behavioral10 behavioral9
- Target
  
  键盘记录器7.1 华军版/键盘记录器7.1 华军版/keyboardlog.exe
- Size
  
  29KB
- MD5
  
  55bc3652535ede1c4c53d064611d732c
- SHA1
  
  fb4fb23b3256df8d1f8d82bc27858ba97fdb4020
- SHA256
  
  9d9f2599910fcd955bcdad30a05efc308bd95a1c0962f38a984ebb7f21d05b40
- SHA512
  
  e2cfd1fb98c57dae5ac046e3a24678dc6a47619463633c90812c30c261d57a27952f1d39aff8f78dff81d5a9fd47f81e5a5a217338163d714a904b478c7e97b5
- SSDEEP
  
  768:KWpacY5IATDwACn1f1c/Zw0Ql8e0XE/m0:KaYFNa1dc/Zw/0XE/m0
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  键盘记录器7.1 华军版/键盘记录器7.1 华军版/monitor.exe
- Size
  
  112KB
- MD5
  
  f6c953feb4d30d4ac6739cb5120f4243
- SHA1
  
  39ac18004c3df8539c06c8cc82d04699c686bf73
- SHA256
  
  ed99b7605b92ace778f2585d80c90cb10c6a4b29460e73aa3bb5e2d9c866860f
- SHA512
  
  a2ca415908e33d98a75027658089c82f93862c0d7f038ca0a5b02aada96c5db2246188f28c4d779be4d75753e93d721547d969ccbf40f670346fba9fbd382790
- SSDEEP
  
  1536:/LTXC1sKCGGH9kk9zHYt2X3f/SLcRH3PP2mngmqB9Ip850pf5vP20SP5YfNfaPFl:HcCtd39zdfaLcRHmwtFmGf0SMl4l8
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14