3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1 | Triage

Sharing

General

Target

31413f6a097a9e07722d122ecdb62f79_JaffaCakes118
Size

325KB
Sample

240709-vprhbsvcjn
MD5

31413f6a097a9e07722d122ecdb62f79
SHA1

68507a30c659d2b3f165b9450b6776c58c8f3a23
SHA256

3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1
SHA512

347274afeaa8b4843502dc779b16c6c998dc28dc8440f606a494d428e553ebf12e5bed8023fd757504f7b7960ead201d91b3e2a43b7130e511a99e5f7294d1d1
SSDEEP

6144:1qPQiqlc2wd8qOERSDfhoGh9lBsYQT1OeA9q6q6cvQziNJfQ:1TA2wIER2fhou9l3Y1OXZcoz2I

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Нападение на американские космические системы очень дорого обойдется.scr
- Size
  
  386KB
- MD5
  
  6da437dcce6eaa6b39aedf008142e1d3
- SHA1
  
  4114f56826c1d531a8bbffd2d8831d312be6376e
- SHA256
  
  9e2c7a431cfb2d446f22e6f45f5344e861bebfad767bbf297b64802f8c17f815
- SHA512
  
  67454df95816b1be875ad8d26d0d484c028d4f0438c2d5d28a04edd3be71bcde672a5d1c2945797b5f8325e1e96ef87ab70e952954512598482e51f4c9a55eb3
- SSDEEP
  
  6144:otjWxbczG4XMoxnBLFIRTwLhmJpEVxdg0L9JbAnj3wzaAvPaejiA6:oRWNcr8oxn8Urxdg495CjTeSz
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Новый щит и новый меч Вооруженные Силы России и США.doc
- Size
  
  80KB
- MD5
  
  5cc125e416646bb04e253793b52252c0
- SHA1
  
  5f9b986c6792de82bdb992c7504ae090b84d6d52
- SHA256
  
  6c85434279ce173bf41eec77ff1f7117f10eb8071c9e8cfeb5c521ed1ef5066c
- SHA512
  
  17e8961fb1700416e43908c351e5d6d4d74d1a49c8ea03e8eab4ffb00389834075a204b5099ed7e01a38f45483df16a2ebec3ddb2472ec5085a0657cd94b5d97
- SSDEEP
  
  768:089Aa2aJPfDYB0LjqRj/LtwqKsQ5OqOS0a4FMBRsKCBV0:08yLQqZd4n4F+5IV0
Score

4^/10
behavioral3 behavioral4
- Target
  
  Ракетно-ядерная рулетка.doc
- Size
  
  52KB
- MD5
  
  49b90b2f7d5c580ddd117e50f2b60eae
- SHA1
  
  630930c079461afc6ff2c527efd12d3c463a76a6
- SHA256
  
  cab10927a6399a7cf46687d59c63b9ef013c9e4fb822db595937339344558813
- SHA512
  
  42b6cd4f85c2cb295b0b12b2bfc59e69f66a2cb546330f8689cb1c7e185a7802aa9c19616a39c4508e5a8821de0f9567fe209af6f65710601d0f345aaa9478db
- SSDEEP
  
  384:9XKjWCzWFnReLmvXZgGp0SItuJ7e/VhdZZwikYZAWEyGcSdW+wRsCB4KD2V:VizWF5MuJ7cVhpzJKCBx2V
Score

4^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6