General
-
Target
3663905eff488218f5ff929c7efcd3ff_JaffaCakes118
-
Size
814KB
-
Sample
240710-zy3zyasejf
-
MD5
3663905eff488218f5ff929c7efcd3ff
-
SHA1
0a1276b23e703eed916f278181b683a3b9ed97a2
-
SHA256
08656f012511f74c5fc1ce196dceb15b7cfc722c37263bb856b820f19ffc091f
-
SHA512
b9cfc8ea9c0574cfefbb89bf92364f8018160851cb5e7c9de0428c0b30a5ab243bcba19536b046a5f641f7479a99ce537d62a71014a5a7b975ced450861ec646
-
SSDEEP
12288:tMc+0aqFrLBw3hKvFlF9KvdMou+6hxRjL84NtGJi0qJc8f9kNKMp7yEWMT0KMK6q:Kn0aAJv/M6hQ0wN8JpMZy27Ao3B
Static task
static1
Behavioral task
behavioral1
Sample
MARD_25_2/Point32.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
MARD_25_2/Point32.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
MARD_25_2/Update.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
MARD_25_2/Update.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
MARD_25_2/atwtusb.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
MARD_25_2/atwtusb.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
MARD_25_2/Point32.exe
-
Size
512KB
-
MD5
50b759474208ed15db3e792da2f39a72
-
SHA1
eef49a36c3275f5529f9b6cbd4124765bb147543
-
SHA256
2810028f749d734fb09fca8aaa4e0dc67ad794fff1f4872bee88452bd7075568
-
SHA512
a59e10401f8cdba98716d5a3fd36ba1e4ec239becf4cf9c560c9da20ca874893cdad135b9aeba1d535e0b642eae37f5555fc6777426bd7de29182516ff1caee2
-
SSDEEP
6144:4/8JeJfEuGs8k/bUlgqjpJDHCq17WSTLp980sbpy3KR/ie5bTEju4IIQVa:lJeJfEuGstgg/kjp98zHpie5nsaIQVa
Score3/10 -
-
-
Target
MARD_25_2/Update.exe
-
Size
284KB
-
MD5
ae6f29676e667282d7a35007b4a546a3
-
SHA1
16cd9fb072b6b5209833db54a4f2e382fdba06d6
-
SHA256
5635cd7c6aad1bf6e1915d207a99c92d2bc48cbaeb673416cc5f913dd233309f
-
SHA512
ccfab3f8f1fbdf414d4164ee4d1080c08e44a312934befe338637e287427c3c49a35d28dcb36ffd3650fbdc5d5ec0565ed07f9a6c8ac8290c74ae6b686542296
-
SSDEEP
6144:FY94N434H7Kl8QiPaShZhcI9gzICFBYiA0ppw35RJx:29OVehCYSgZuB35RJx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
MARD_25_2/atwtusb.exe
-
Size
600KB
-
MD5
ad9dd508d210487f099ab56fe2ea40d6
-
SHA1
031e2c1d484c8c215f48f851df8cda2ac2e7dd96
-
SHA256
46c05479987097e5d4a4a128db1011182bdd9ed339ef97ef6a99bd973bc5738f
-
SHA512
58905b72ec63bbd8ce6f7623b16a17e91c4be53357bebe2dbefbf2cf2165ef555848916039db00160e4537e3ee8820a590ac0c845ad89ee9921321ebb8488f92
-
SSDEEP
12288:lJeJfEuGstgg/kjp98zHpie5nsaIQVbOIi7ulr:lJeJfAqkjp98zHpieds+bXp
Score3/10 -