c99ff8940c9db8bd10f11dab8044950e23c280ca33ddf2937a3e355c9a839fcd

Sharing

Copy URL

Twitter E-mail

General

Target

614699905fc8af9b2e4b1990dd688879_JaffaCakes118
Size

3.2MB
Sample

240721-y743xstakf
MD5

614699905fc8af9b2e4b1990dd688879
SHA1

8a2b4588cedd97fa0eec5ccb200b2be56ba7967b
SHA256

c99ff8940c9db8bd10f11dab8044950e23c280ca33ddf2937a3e355c9a839fcd
SHA512

53f28fc8db8caac86cb5c3929501ea4485957498aaed33a0035b3d4fc2170edce2a9052fdfe7e6d84414e724b810654e8a61d453f061f2aeac28aef955fd1ffa
SSDEEP

98304:uMXl7Es1hG4SXIdxk7m/1vIysaBvS1ESHDtbr2:TpnjJSIy7m/1vI+JdSj5r2

Score

7^/10

linux upx

Malware Config

Targets

- Target
  
  keygen.exe
- Size
  
  67KB
- MD5
  
  7573cd8c22cf4fd16dd6fba2dbd96faa
- SHA1
  
  e2b215ea956d6c454f1d43ef1cc3dfda0caaf243
- SHA256
  
  aed927dd8805fa7e56441b71023be3d1a9997f6a0d5f1e36c86ed5ffe4c8cd5c
- SHA512
  
  b075af1f6ba2adaa1d1855f597f542e88b07117e14f206e06824e27c02fca03b95b2083f55ea6ed664f67a323d6a348423535388ceaaac9e2d0ab44d00337001
- SSDEEP
  
  1536:FTkFvsI4mavC+8oqf3vz39E3NG4dtH6pZTaLNfXVM:RIaef3vzNmdtHsRWNfXVM
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  vnc-E4_2_8-x86_linux/Xvnc
- Size
  
  3.7MB
- MD5
  
  ee1ac86c3bb895b80d89d5e2e4fb8104
- SHA1
  
  2fdf90e30b03d253d51491ac7e4d5e4d9ae4c59c
- SHA256
  
  6952078190d25bba8ccbaba51976745411f0b1143e33686b8e453ad9a4e1fa4a
- SHA512
  
  9ddb4f52ee799e58e500f8efd5b22134bba6334ec25bc22ddfb9266035a476fb916b17adf1d0035e1565c504e137226a3c048be3f01f9ff5a6745b9006507b86
- SSDEEP
  
  98304:Pw8zMmTQskkcSGVU5HcUD/VPRVz895HHhZ:Y82kcqHcUD/VPRVw9f
Score

1^/10
behavioral3
- Target
  
  vnc-E4_2_8-x86_linux/java/index.vnc
- Size
  
  226B
- MD5
  
  70e5958dfb1f8340a8abc20cffb77201
- SHA1
  
  20bb7cf396a18d2acb85189ac90f1328326b9a41
- SHA256
  
  d8bb1677b89f117c5cc09513124d1d0d33dcf0c494bdd6f3d0d3ea26508bbf7d
- SHA512
  
  e3b787e7f9abe4fd58ce8298db1dd48eb0319f5bd0448764fe613e4e05ae98e7776f4f47e76eccd31837abf205ef64a67688ffe4f63e68902f5ef16a590c4007
Score

1^/10
behavioral4 behavioral5
- Target
  
  vnc-E4_2_8-x86_linux/java/vncviewer.jar
- Size
  
  133KB
- MD5
  
  df8b653d6109fd0980dcd5c8b22aef79
- SHA1
  
  7abfa25c6ddd7bd0cf6dcc5d1ae27b5db286f5a3
- SHA256
  
  fc21ef07868f1a13f4cf464bcb9edd2e1345bd7a8ab0ca3a85017dfac32edc50
- SHA512
  
  fb0a11b885d7b6340528443bcafcdb58cee1dd842d37bfe830595b8d92f73cb0377328787e0a0c7377a4081a492d8a28fe48ab5ef2de7fb550dbad021abc2a05
- SSDEEP
  
  3072:Jvujr+87n5hMWT9ckbJzS4LoiRGi2+Ub/HrV/mve5o0o+Es1/W1PBQKm:lpM5iGckbdEibWhmve5DoZI/uPBQ5
Score

1^/10
behavioral6 behavioral7
- Target
  
  vnc-E4_2_8-x86_linux/vnc.so
- Size
  
  1.4MB
- MD5
  
  17e096a718cdb7420544f9cea4d3a2d0
- SHA1
  
  fb26c368c8ceb3db92ecf613472cf96ff5004377
- SHA256
  
  79ef47de02f75be6a806667c73811c9d3210eab4dd612c8f9705efc245f2b514
- SHA512
  
  c504c40c7f105d8153a66935ce4f740164e311971536a3ca0dfbc0592858ae95f69eadc26da569d0aa485696b99671dbd87d7895636eb9f62342f327a9d88c3c
- SSDEEP
  
  24576:tLd0AybaJwu/HtQhd4RTh+6uMvhZOdTBwLP9KS3V:jruu+hdiTg3MvhZCTBwLPNV
Score

1^/10
behavioral8
- Target
  
  vnc-E4_2_8-x86_linux/vncconfig
- Size
  
  274KB
- MD5
  
  5de5ff8bee908a04de50d677856f9816
- SHA1
  
  b381debf7fc158a8729eb496d84e00eca006478d
- SHA256
  
  771b106c82818f2c8acc284fa4492beaed2d30cf5b3f8b799d3440528631b5c4
- SHA512
  
  84c263ee84dbd91bffc5212bd866cd4e6c25dd1a06d61e35f9bc4860e5815cc06d4d5e4c8ac2eaebc4411d30bb6297e6e5e3b3b7bd47af0991d24e8a65b95dc9
- SSDEEP
  
  6144:qgkOBubCmrGD5/ePF162fufGmSzINEc2fTnp8/xOzkya5SZ4KpNqIbMRAG6ubTLD:VUrnp8/xOzkya5SZfpNtvE
Score

1^/10
behavioral9
- Target
  
  vnc-E4_2_8-x86_linux/vncinstall
- Size
  
  4KB
- MD5
  
  1383e67741338d08d50cd8a3dc9e31e3
- SHA1
  
  22938f51c15cd1126eae572cfb87672f6e94e43a
- SHA256
  
  bf103da029f3fd1bde25882a13118b2b5c56d5f8f5228685f8df530e50c8d53a
- SHA512
  
  3f05ddd4f9c090df5c25a5440a9347834d86e5b6a6497a023be3e3391c33814b712454fad4e413f3fd21d989710fc8661bedd3470bf96638bfae17d466254825
- SSDEEP
  
  48:tjFORxKrMl3uLn9LCeEMIUBmWrMU4qcUQJ+9FJ/1V/qDXN/VGSLd/0FmENIB/tPV:FUDKQl3K+i3tVyDXN8SxssENIB6fAcSh
Score

7^/10
- Modifies PAM framework files
  Modifies Linux PAM framework files, possibly to intercept credentials.
- Write file to user bin folder
behavioral10 behavioral11 behavioral12 behavioral13
- Target
  
  vnc-E4_2_8-x86_linux/vnckeygen
- Size
  
  214KB
- MD5
  
  17c01487ddeb1244fe51b92b13fe95b3
- SHA1
  
  9d8fb3f37a7b43dc4523880445544fb9780c4a5d
- SHA256
  
  b2ba0920dd4bf301f49fd5afbd6985bca0308e9a75ece9b3ad265f08482a4fa7
- SHA512
  
  1c3421384d586f6353a01b9db771c47e7fdf40ddd80b1b2db27d5bffc32465639f78fd368bd13e7e987e125753b35ea45a0bea83d6b1f4064cbedcccc05b055f
- SSDEEP
  
  6144:1kOBubCmrGD5/ePF162fufGmSzINR6KfZpC75Vjkvmp0czlbw+Qc6HRHT66vlmp:1GOZ47vjVp0c1
Score

1^/10
behavioral14
- Target
  
  vnc-E4_2_8-x86_linux/vnclicense
- Size
  
  167KB
- MD5
  
  66bae9b8ef3e6def3382734e6b4a5b58
- SHA1
  
  a943f16e45e8baf5bfefe033fad05b46597657fe
- SHA256
  
  00e4b5c1832dfa2f126e6259dfa7dc0a7b0f7e09851c3660202e12dcdedc8a97
- SHA512
  
  371a548e3103d2ef4f93e4fb1281e09479b4a6d1c4c8e7c0c3716542948877052b14949fec740ecf6e3c0301b67c5e12a22fff238f5286d944a46983272b01cb
- SSDEEP
  
  3072:xuwOBubCmrGD5/ePF162fufGmSzINM4huaFoE77RDb1B7CJJ0VVVvwtJO6L3AKkh:AwOBubCmrGD5/ePF162fufGmSzINMJEx
Score

1^/10
behavioral15
- Target
  
  vnc-E4_2_8-x86_linux/vncpasswd
- Size
  
  44KB
- MD5
  
  32b23d063e58330efc19bc3d1e737488
- SHA1
  
  7539242b95ee8458180656cf8c07645b9084b949
- SHA256
  
  a17a3db0081ce97974082a05c711969b868106bf110814b88e0cd0f801434258
- SHA512
  
  785e4edc314993abda680221dbf916600a8cf87809b0b7df02b1736f1640a6174f569c02a602d4cedb17b3677185252beac933ff807fa74cf6ba791093c63c5a
- SSDEEP
  
  768:Le7+fOBubCmrGD5/ePF162fufGmSzINXM76F6qGE+xrATI/oUeQjEZDueRBhQrFN:tOBubCmrGD5/ePF162fufGmSzINMo6M+
Score

1^/10
behavioral16
- Target
  
  vnc-E4_2_8-x86_linux/vncserver
- Size
  
  177KB
- MD5
  
  a5c061ae322bd2b6bb698bc002173718
- SHA1
  
  6491f64cc48ec5bb46b92d5cceaf30497e5688f9
- SHA256
  
  b4166c87d57db35c640a52e0d616ae17b8508ec857dd625266896367df1f300e
- SHA512
  
  0986edc9a074412afd45456624c4d06742eefb1cee45c34d3c87d06993ea3d6ef01881f935e8445e4e77934172dea1bf79451d20093b34598a30eec9d6b0643b
- SSDEEP
  
  3072:tfImOBubCmrGD5/ePF162fufGmSzINmiGa/yxhQpuqVGK1Lv6XcAkQRMjzOiZ1n5:tAmOBubCmrGD5/ePF162fufGmSzINmhz
Score

1^/10
behavioral17
- Target
  
  vnc-E4_2_8-x86_linux/vncviewer
- Size
  
  895KB
- MD5
  
  f5189f15db837d3e02684d53318a6940
- SHA1
  
  ee72173615d6e69fde74c4e9d388757dc7b90ddf
- SHA256
  
  da5c680d55672de1b99da35a765208799d13c487c5e3a5e7bc3ae00f3c5c0593
- SHA512
  
  050bb6767cf76f62c12457993b9353ba9e47eef1146ec7123588cb07b6029d4561cd48d00b34f10b5446fee1eeaf5c52ed4458ea37d8ea6368be214d079f116b
- SSDEEP
  
  12288:RtAtdAki3lT9/bxsT4PWU63KrFJ/PG2d+18zlR6fzSKlv2h3LNzmT/dtiyWkfjmE:RatamrUz9d+18zl0fRumDmVK+63
Score

1^/10
behavioral18
- Target
  
  vnc-E4_2_8-x86_linux/x0vncserver
- Size
  
  725KB
- MD5
  
  ddb74fd14040696fbafe6ca6de247a85
- SHA1
  
  e31ca606976edcdedd5658274cb796aa9d03cf5c
- SHA256
  
  3c8adb06c7b42f526dd92bda5041e07d8e0aa48eaafe0645f80f36a58b8f7310
- SHA512
  
  e82ea9cb4eb18a6814c6bd4e513f21ea21c0d89f210ea4d49ea28ee8c909368b77b880c1fadb1753e8fe783a58a20521312582d0144130a8fece7bb9688a2a82
- SSDEEP
  
  12288:wG2a6qDB7D6WG0ttqysQTiyWXWNaEFEP6zqn6smfXLs:wJA6WRBs2lz+6smv
Score

1^/10
behavioral19
- Target
  
  安装说明.url
- Size
  
  261B
- MD5
  
  af534adca72cbb40fcaba6adcf4aa0b3
- SHA1
  
  486f64259c45baf815004b6ffc65301e82aecdee
- SHA256
  
  1bbc2bfe53979f537c179995a1d1b5030db3ad6f2e46b258421506a3fb0fc296
- SHA512
  
  21d4b21c0d228498275640b397e8adfcb92dca4996cb59b035eeea523c5fd0594b0c8bc66d557265343bf6e7cb35350790fcac323db841c0cd4fea6da38b70b1
Score

1^/10
behavioral20 behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Modifies PAM framework files

Write file to user bin folder

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21