71b96d709cb160b579ec5010ce38b00084a49c420cd5945b69714dfc9acb811e

Sharing

Copy URL

Twitter E-mail

General

Target

5b7a7d1d11c31a3d7822da4f1fcb4021_JaffaCakes118
Size

711KB
Sample

240719-l43pgavgnr
MD5

5b7a7d1d11c31a3d7822da4f1fcb4021
SHA1

ec1e287ce38cd0bab4d5ec644dfdcbd6c9d432c3
SHA256

71b96d709cb160b579ec5010ce38b00084a49c420cd5945b69714dfc9acb811e
SHA512

b6ad739279f91dbb8bf79585ea4f04680f5c9ae7e7846790ec6b66461386be4a06c725057e15edeb92201a1a31c657beb09fee76b37b3d02dc7ed3d125576520
SSDEEP

12288:GLANUqVeiVtOhZNQPV8kh70MxB3HV0xBE/OFCJVRQk+3TolJUQl4CPyGJz88b5U6:Tq/4tOhZN+V8kl0c3HV0DbFCJDQk+PJe

Score

7^/10

themida upx

Malware Config

Targets

- Target
  
  QuakeRPG320.exe
- Size
  
  729KB
- MD5
  
  bd2835f62c2e03d10dcac0d6b4541b85
- SHA1
  
  a3a315b6c7fd5c099ec6f184bc77d98bff1c0ac6
- SHA256
  
  27a512cacdd75982afa4a3acf8e491e943015225c9fda4db79f563c22a2932c7
- SHA512
  
  4b7cdac25a54be587ba927563592ebb83423b62aa70f095c47f32b2af700f33279562020561e59ca2c7abd7288a9107ea33e6db046554501fee99e96fc78442d
- SSDEEP
  
  12288:Be792eBoxhjooulC0iSoum6eiQeFijc4yRgp3vCR1/sZnwQokbj:BeQQYN0iSooXM3vW+ZwQj
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  296a5f3179fa8d7a7a855eaf696ede44
- SHA1
  
  57aa5b71553ed282dd22c768e039a187f5c13f63
- SHA256
  
  ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960
- SHA512
  
  bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6
- SSDEEP
  
  192:r6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:r6JaVh4I5rpPbTy+BdhO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4973362a84e11dd8541387ab1694afcc
- SHA1
  
  b78a0fe67c07713c7abd9668b881c4bc808d9a7a
- SHA256
  
  7757518466b21ce175607f10599f26fff127d59a16dc10bf4ba4b7d83d13d47d
- SHA512
  
  65c305eced5cd81fe3a573827d62a33e400f03d5bfcb3b3a503927bc0decaedef5d74e6d1ba25a0601fe812f8d2424887d58211c3f3cea1442643f5d1c23c2fb
- SSDEEP
  
  96:Z+nBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tLGhEl5VN:Z+BepxPE1r8/FtmCDtSg5v
Score

3^/10
behavioral5 behavioral6
- Target
  
  DdpRpg.exe
- Size
  
  645KB
- MD5
  
  1869031687c9c1dbbf52ad5277acba02
- SHA1
  
  2e33a1e1c78d28ee348f76dc5f39e3bd01d39c2a
- SHA256
  
  5afe93fd87c1b9f28ff95c344b1e9b1ac7993ccf74d7b02fd1df8312e205fa51
- SHA512
  
  e851846361f28efd3709a09e14b0dea49543ad723d81c92196d386b1cc6c5da895b73da243f587fa15b7d7e109e7f0253e7bfbfde11f84ac58a70e9eb9fffb95
- SSDEEP
  
  12288:nXPV4fRzfjxaLGKRWHSjGIK/dMfdSJ72poLA5fCO/OUKrBisRrl3hdo8thY:XcBx1KRJQdWpoE5fCOWxRJ3Ho8thY
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral7 behavioral8
- Target
  
  Uninstall.exe
- Size
  
  58KB
- MD5
  
  95d238fa10af0485c2d56f5fe7cc2dc8
- SHA1
  
  7b1d1e5324315fa4baf11f2b1f5d5b60091a6ad5
- SHA256
  
  a419aa52e8d356c64429fb89b941d7897ea868077cc7cf0a15ca364e035b36e0
- SHA512
  
  d22a75b8368b6ff4895995292307e93fb23eba3eaf96a5109a4114899df3fa31851dcc9c10aead53dc99a5cf12c8bb5ff998871b4a239d2bd3fcb4c8bbc8b3b4
- SSDEEP
  
  1536:yFGGrf+wMRVrkxmJoqAELVigRzKWbm1/sJ:yFG6UVYxmJXAI0GKWbCG
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  296a5f3179fa8d7a7a855eaf696ede44
- SHA1
  
  57aa5b71553ed282dd22c768e039a187f5c13f63
- SHA256
  
  ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960
- SHA512
  
  bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6
- SSDEEP
  
  192:r6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:r6JaVh4I5rpPbTy+BdhO
Score

3^/10
behavioral11 behavioral12
- Target
  
  ddpintro.htm
- Size
  
  2KB
- MD5
  
  4c5e89b1e03b510b09c4b9ada630009c
- SHA1
  
  be2926b06522d7355a73c9f42f9685f0dc7a0332
- SHA256
  
  78d60078bf2632db0771754b6640e6f1849300185948a080c177d0a39f529c3a
- SHA512
  
  bb75eefdb1d8704cacef9c68f784065b12bbd2f366cc514466aba252c907b1aa219b06d4bfea8d809730097b75a6bb666c04bdea35bc615bc3fc7e11b00b17c8
Score

1^/10
behavioral13 behavioral14
- Target
  
  popup.exe
- Size
  
  13KB
- MD5
  
  120b93308a31b5639b5658b04505815c
- SHA1
  
  a72465ee651cdb4c0b52fe9c30df14732a7fdb2a
- SHA256
  
  f052473ab8273d90d3c2e5dd2596bee8fe8091b8793f51d13e0e748871936941
- SHA512
  
  08f393eab31813600bf3c24e78b2e9021a73b2136a986e763a14fb8e0786a6bbbab3ade0822475261f6e41e353721f1d8a0b3d1ea4b43e87d99c2bb44a6ce73d
- SSDEEP
  
  384:GwuTDhcP7fK1lPIO4vHvfqItY1zpEX1oPN86YgSs:GwoDKW1lPInHvyIO1t2aNp
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Themida packer

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18