30b357cf5008053e6200434633069fd81ee35b0798e00745541210890a8ce6fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fe1bdeb00afc04eaa1c79c1cd7f65df_JaffaCakes118
Size

5.4MB
Sample

240725-rct6xasdpq
MD5

6fe1bdeb00afc04eaa1c79c1cd7f65df
SHA1

1db17ab841188996a098caf54b9c3fe8042150da
SHA256

30b357cf5008053e6200434633069fd81ee35b0798e00745541210890a8ce6fe
SHA512

e819f964c7300a459859b9c36afe67d8342d1fa9ac5181552ddd1bcf528d392c8475caf5639265a708fcbd51f3dc5299692c35f8df932ee615e8386bdc70308b
SSDEEP

98304:EVyMQ+HAXDrHN2nvDD2AdP1IT2k0rLWexDIDHUX9qIMSKwcamKsFKZh+Ku/dbofm:EVFQ+Hu/N8+AdPbr6QIDQ9VUwcamKsM2

Score

7^/10

aspackv2 discovery

Malware Config

Targets

- Target
  
  Crcak/Rmvtrjan.exe
- Size
  
  948KB
- MD5
  
  576b9c640aa1076178ffa9e0b7c050e0
- SHA1
  
  2f4ec7f19093491cbb4dbcd1f463ffffba023ddd
- SHA256
  
  e1528ec7472f81f31b57e84405d1a1446442de086589c326e19867329902ef21
- SHA512
  
  d32d69738a94d81b3daf710d73803891c7331a5ef75862a9891fbe76c887a99c9822114021f6958293a0bad3181681c173f4fbcb20d55296eece060ce2cca6b5
- SSDEEP
  
  12288:vDCMRPaXK+VvGpc/rqaCOqDDJhpt3lZ7C17y:vThn+xGu/CBhtS
Score

7^/10

discovery aspackv2
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Crcak/rmt.dta
- Size
  
  1.7MB
- MD5
  
  67c07febfdd804b68e9e3fb1b4f05da5
- SHA1
  
  ad4d97b965e98423270955bce7a882146015bb2c
- SHA256
  
  9cd21041c3925f8b540030e0d8a21b444f6da13880f4b7e507fce2ae26919116
- SHA512
  
  5f99c8c5ed41664f2fe64921734b6d871080fb6c2b3eab3ea7d4605a08b837806bfcce56db3583e39fce476c457c0a0f50e5f723b2784050db0eaacc5e8a2430
- SSDEEP
  
  12288:a8f7onsEkV9rVfTa74ATENjWBUzixQDSljsfAOM8e7I1ZKy0NWGApM7gE6:rcn89JfTm4qZBUNDGjsflM8e0t0HPn6
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  trsetup.exe
- Size
  
  4.5MB
- MD5
  
  6116215b9fbf9c9822696913c17f27f2
- SHA1
  
  5712c5ffaa6905d893dbc00512ec70e47c8d6fdd
- SHA256
  
  40dadd322216188014b84471a19679a81e2fd61bd8bba7232d3301a806f3c184
- SHA512
  
  aceddc5577fc18855d12560f70f2cc611fd2f86ac65bf76292ab30ede66d7428d6325ab086ec9beb549d587f969754315e0384d2c8cbc19af277056d3bd00022
- SSDEEP
  
  98304:UHbFwsXp/YZAQ64LsunH/FD5k7eTkm8rLa9DCn+wWTwdAQWZWvUWH5n5:Zs5Aed4LsuH/FDIeTv84Y+wWgVcWH5n5
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

aspackv2discovery

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8