a31460e215b69d3de51121321d205458c6e15b2f90c6a7681e457ba171afb03d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30ff13d350b27067f3a6aa67f18d1f28_JaffaCakes118
Size

1.4MB
Sample

240709-s9yq2a1crp
MD5

30ff13d350b27067f3a6aa67f18d1f28
SHA1

622c93e8ab667652b0e79ed203b21e594c89f82b
SHA256

a31460e215b69d3de51121321d205458c6e15b2f90c6a7681e457ba171afb03d
SHA512

b4fa5b35f5f87a7a41bd36b3e4dd1c672d6c1d89888131e1320c46439837b93d0238216e93eadcb9eb5c8ce9bd0e7a0e94599e3766a0ee4de4fea86690b41995
SSDEEP

24576:15wdBEHoP+sgeXu55a+8CXYZBybibcmIPWiB4XTUbz1lFkbC4:8dh655a5JWVmEWiB4jGz1lFkbC4

Score

7^/10

upx

Malware Config

Targets

- Target
  
  30ff13d350b27067f3a6aa67f18d1f28_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  30ff13d350b27067f3a6aa67f18d1f28
- SHA1
  
  622c93e8ab667652b0e79ed203b21e594c89f82b
- SHA256
  
  a31460e215b69d3de51121321d205458c6e15b2f90c6a7681e457ba171afb03d
- SHA512
  
  b4fa5b35f5f87a7a41bd36b3e4dd1c672d6c1d89888131e1320c46439837b93d0238216e93eadcb9eb5c8ce9bd0e7a0e94599e3766a0ee4de4fea86690b41995
- SSDEEP
  
  24576:15wdBEHoP+sgeXu55a+8CXYZBybibcmIPWiB4XTUbz1lFkbC4:8dh655a5JWVmEWiB4jGz1lFkbC4
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  bb4b86bbf59b2845585ca27c2d7934af
- SHA1
  
  eb6d64c3e78302de79cfc240c779ca500f46e6f5
- SHA256
  
  eca5d929a6d7b6099429c6c4eff400c2e3df517a015543b3cadfc2444df25e0e
- SHA512
  
  c6af12bbab169690a380a6c9db04c0d4e856798a94f93ac2609ea0d43a61bb406a3531e8808c3613239c92d4d1032c76a602a46556c56f2fe8030a5b99cc6150
- SSDEEP
  
  192:OzF86tZDWrepiJLEqUErRtdD4fUuMZwt2h8sIGO2x9:Oh8TLLweSfUuM0GOC
Score

3^/10
behavioral3 behavioral4
- Target
  
  dca.exe
- Size
  
  584KB
- MD5
  
  fcf398b2c172d1052c26cd536225f386
- SHA1
  
  fb1dac694f6ee7b0a32bdbe16d5122c345698a20
- SHA256
  
  bc464042345d3381c2ccda9842e901299021ce21e0508aeed6aa93908df66b4a
- SHA512
  
  c6b93f5fabddb51a7f81b8265fae00329512b7b70af8d1734b98e9d63602d5c653aafa21d23d5dfeec9998802c4ef9751249f3c5120523f8f3ecc7cf34c17277
- SSDEEP
  
  6144:4wz4jMSaW9k1b2/eRJB7ztczfnJnuTARMlfTSf6gaDXY6xA34byh9OAYKc1N0dPZ:5z4jMSaE1fnJuTfTSfXca9jpc1NwZ
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  htmlayout.dll
- Size
  
  920KB
- MD5
  
  6ed2f0b1b13e068e0e9377298f2c550d
- SHA1
  
  8edcb7f3b6b4e578363d12a991a75164a4632521
- SHA256
  
  5a63558628f3bc939a393a46d1c201a0fb706ee36f39db5375d2cfa2c72c69b0
- SHA512
  
  4b50e8316d170722c7cd717ca8c700e2b1f790531ea750c7fd88864a5a2add4718aa658231d7ba9c8f25ea4478338474762456322c3dba944b34d791856245b4
- SSDEEP
  
  24576:h6+0bI4EotRfKHLz70IapiuKKhvTxLAlxXi8iQ:Y+0U4ESRWz70IUqrXi8
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8