4e20147c17b6763d515d55f9389ff4b7641d85f91426e6244dc73d7458de1aa2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31d21430a527cfe8e05b406b9dff8da3_JaffaCakes118
Size

683KB
Sample

240709-yz99zaveng
MD5

31d21430a527cfe8e05b406b9dff8da3
SHA1

305cd186fb17e025e067f8b1558ae05cc0d2ae39
SHA256

4e20147c17b6763d515d55f9389ff4b7641d85f91426e6244dc73d7458de1aa2
SHA512

6d85d2a2e92cd504b82fd2674ec0b8125a049fbca84c042025c45d96922ff01d77d7e76eb8feaec3a7b4f026fcf12154b120f36ad09ab1346b7f37384a9dda34
SSDEEP

12288:/Jmfm2EWk5a6oOSK9ZwS3GNx/sn+U54Lf2aY9NukeOgZr3pgs:4bxf6oo9ZEvUyhY9peOgZlgs

Score

7^/10

Malware Config

Targets

- Target
  
  155绿色软件站.url
- Size
  
  219B
- MD5
  
  3a1f2a8a3ef08ae269517a69ea918b2c
- SHA1
  
  7d2e6719702bc8472e045e010efa6ed3f7df4b5b
- SHA256
  
  66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
- SHA512
  
  22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score

1^/10
behavioral1 behavioral2
- Target
  
  DEADLY 8强力卸载工具兼容UAC版.exe
- Size
  
  518KB
- MD5
  
  2c222fed0258e22b16b65684b0c1e3f0
- SHA1
  
  8c607eff94606048da8a72c79fd9062f21909075
- SHA256
  
  58e0e941d2bac2c9f50b354712dab551561acd4d75b146c10f2e0697d4b2bfa6
- SHA512
  
  ea213416da92e876e8433a65107b9443f15740a9a9316e50985fe5d4ab15344c3f86dfc45615a13aa1db205aa3a5b42f46870276954a0160456ae66d1dda155f
- SSDEEP
  
  12288:F79WjXvVf/LNU5CBF3r/Y0FU9P9oF9ZT9XeJUEslK6NWY:F79xo/XFUNe/ZNcUvv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  DEADLY 8强力卸载工具.exe
- Size
  
  520KB
- MD5
  
  e9a686c455f0e4fd7b78e6d7cafe4528
- SHA1
  
  eafc8a49d5d2ed28ae38f6b1d178218401438e4f
- SHA256
  
  bb5cf8861c497565c8e13fd2a6977baa1d88002ef01ee3f693093eda9a21d903
- SHA512
  
  c6894b66729e5256a30956b40451264faa187274c6ad8a5738ab01fa9c16c829da85802a9713d093d6e911aa45271364b34412b709849b4434cb1cf05125751b
- SSDEEP
  
  12288:679WjXvVP/LNU5DBF3r/YaKEq0YhnTWV3Y2E0:679h9/2hClY2E0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6