dacls

Sharing

Copy URL

Twitter E-mail

General

Target

81f8f0526740b55fe484c42126cd8396_JaffaCakes118
Size

6.2MB
Sample

240801-2cgwpatfkh
MD5

81f8f0526740b55fe484c42126cd8396
SHA1

fe83d95afce63e935dbe22aef40a164cee34f4e5
SHA256

899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
SHA512

751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a
SSDEEP

196608:py41rDVac5C/ohoS4AOPqIsuaB8jA5yqTZb:py4xD4HBASqIsBF

Score

10^/10

Malware Config

Targets

- Target
  
  81f8f0526740b55fe484c42126cd8396_JaffaCakes118
- Size
  
  6.2MB
- MD5
  
  81f8f0526740b55fe484c42126cd8396
- SHA1
  
  fe83d95afce63e935dbe22aef40a164cee34f4e5
- SHA256
  
  899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
- SHA512
  
  751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a
- SSDEEP
  
  196608:py41rDVac5C/ohoS4AOPqIsuaB8jA5yqTZb:py4xD4HBASqIsBF
Score

1^/10
behavioral1
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftCore.dylib
- Size
  
  6.2MB
- MD5
  
  8ec9bac4da143c05a7c0d21700746017
- SHA1
  
  0094ea5a200cbfc6cdc2bae7be601b83068fe3ab
- SHA256
  
  7f37b956954e61b4dd4f61bec4c85ebdc95aac9628a9a553fe970d53b7bfa124
- SHA512
  
  51a277ebd98adaf6e5489afb66cfe64f814f27652f8232d91b9217de42cff6b9a9e6d203f90b1b12d48b22caf08ab6abe5646d3a8db8f37d3195049c125291a5
- SSDEEP
  
  98304:7gpE3ltAx2iIgRvDSTdzM4qwgwAUuiJ7AglPhvffkESUyGsr:6olt7iI61wgwAm7Ag
Score

1^/10
behavioral2
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftCoreFoundation.dylib
- Size
  
  40KB
- MD5
  
  e3eb4e9173e1d9a66c656a7384f07ab1
- SHA1
  
  bdec1c5c8273327fc07a5689ad2321ba182eae6d
- SHA256
  
  ae58fba52683c5aa79f5bc7d9f7c10a90a8189e5abe141308961ac1e992c2f95
- SHA512
  
  8ed3c32c3e51359ae563bbdb2d9b20c0e6a015ca44226bea4c09c408ad6b9577bb1ce8a98a1fd882395762d5729f9c9d208e60ed10249dea650051ec93386c0b
- SSDEEP
  
  96:xYpziNzFQ8EyM2ySuZEs6rSTpCoXkA1qTgj:SzAzqiMDWrSTN1Qg
Score

1^/10
behavioral3
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftCoreGraphics.dylib
- Size
  
  185KB
- MD5
  
  5f86e7009e2cf637d03bdf2b35fc32f7
- SHA1
  
  2fa41936d3c4cc5d3399a22275065fff5af836dc
- SHA256
  
  fe454ea06d89259cc637c37e90c9d933bd73718145bbca8b5f952a4e8e8e5908
- SHA512
  
  49e65156e1c07013438330b41c712559c4cec52945fe2264b67df90b5e3018ee5287580fa021995268b696c6230986867245da3238562041455c51845a22d98e
- SSDEEP
  
  3072:ua1kZDjzHXI9TH85JojH4bLQfWXO6sI9Zr6vzEOMbOa:v1kJvHXD5LDAy
Score

1^/10
behavioral4
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftDarwin.dylib
- Size
  
  96KB
- MD5
  
  5e0454f1425a883a4fad621cda6a7050
- SHA1
  
  078d28b86dfcc596d91a72571c7651bb9101c7a4
- SHA256
  
  8c3a0c48eba049fe7f543a1c9d68879192cf29abb8a925e2818bf2415d2b4f41
- SHA512
  
  56e85780ff9de191a63d098f741046959c6ed80aaa95098078be26375622b871bc1b71542dda674820b2617cd4b9bd39f284f97a7cf5128d19e93c47258755e6
- SSDEEP
  
  3072:7cicIA1+T36lxD8DBnVK4rywrcXARZTFW6D5BNTEiQvg8Mw/F3OFga0u6kXIohe8:7cs1elxD8DBnVK4rywrcXARZTFW6D5BH
Score

1^/10
behavioral5
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftDispatch.dylib
- Size
  
  320KB
- MD5
  
  3f95a643d873562df52a7b87319232fe
- SHA1
  
  42d5d42d7d7907ce27735c3cccc357320fd130f3
- SHA256
  
  02cfca7fc8d10695b4440d48f9e16616a5bc6d2c99548bfdf0449e505776e3a2
- SHA512
  
  13f120b49854750b07ec72de94cebd9f0c7ee01157269d8f23755cf0fa86e54659dbedff0ed4223d892696fb8d20752f572b8b5949cf5bdd95bd221b87ad85b3
- SSDEEP
  
  3072:po5uaLj93SCgAQ6DSEcKeeGkAgHujrJWbBZ7ohXs1bQAK8:+5R9iqOEcKbAgHMWbBZ7oS1b3l
Score

1^/10
behavioral6
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftFoundation.dylib
- Size
  
  3.0MB
- MD5
  
  b2d33e2012fe2c85e4f654074bcd65c7
- SHA1
  
  d6aac252cef3fa4b191003674cfec1cce2f58340
- SHA256
  
  e318591e2dcaf9856967030462eea765758743fd1ed3b9f6aa7581f59115cb6e
- SHA512
  
  609893723675205b8e37ffcc36aa9e252a54da188cf643956cccd4144b1ca76bff269adbb9e4e40a34a0ad078a08fb842056ecdbed9c3890021e24ab981b33fa
- SSDEEP
  
  49152:jwCROS1cNS83nxZXwcK9+EHdD7/26iN4LQy5gWwUGnnWEe+mgVL00cBPOtaFlIHw:ECd1cNn4p/X0fVYtBGt1GK3
Score

1^/10
behavioral7
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftIOKit.dylib
- Size
  
  44KB
- MD5
  
  7e1eddd2a97007ebc6c2bf6a207621e1
- SHA1
  
  7e991c77dd6ebcf5122c2cebceee3791d0143087
- SHA256
  
  e2162b92610070f8c12bacf8687c392f974837725eaa875bf0b35ca80aacc692
- SHA512
  
  bd3e21a775f868ce12f715a12540f1c08900f06f99a403fc9965350ef61c56313cf2292d2a19bdaf6b1caca7b2cde2b26d9155b70d35727412285dd829a3ee7f
- SSDEEP
  
  192:NXg5Xy+68AFA6zfdgfaWWEyggBpQB2fHeO:NXL+C9eIv
Score

1^/10
behavioral8
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Frameworks/libswiftObjectiveC.dylib
- Size
  
  60KB
- MD5
  
  ddde4931b181b94862f4a6ce683cd96f
- SHA1
  
  04a61b1b5fa6eabbf9f69e9fc8b043e6d87baa26
- SHA256
  
  55f1fed27c76ce88c35ee851ea1cae619bf2f70fdc220113378469f33850aa37
- SHA512
  
  46cd9dc5c22227fcb64dd0ff4e8894402118d37c4d5d84de97062d9d28180e60e48b99eacabfd624e8318665afd6c57fc6f62df11267f4b56433d66a166e0f0f
- SSDEEP
  
  768:ZkO0K3OeaZz1WICjm6PP9hDBPNBPRNPm4ecfKwoZvtmE:etCV
Score

1^/10
behavioral9
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP
- Size
  
  700KB
- MD5
  
  02670c82d74d0362a5fafdf3f42904ef
- SHA1
  
  a909cdb57132b9a928467540e2031b0d25fed39d
- SHA256
  
  90fbc26c65e4aa285a3f7ee6ff8a3a4318a8961ebca71d47f51ef0b4b7829fd0
- SHA512
  
  21fb953e06ed088493424f68de0c2bc03f2f0844319281dacf47fa0e69e18d51c24154f8522e20bb758946239bb6923aaacdc5c250127b0bd6cf74363bea594a
- SSDEEP
  
  12288:rNRvDxr7edSRIOaQlv5zOrBu4PBP6v8Dy6aB6LyjaMoa+6LyjaMY:hRv1raYwZP6uy
Score

10^/10

dacls evasion execution miner
- Dacls
  Dacls family.
  miner dacls
- File Permission
  Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
  evasion
behavioral10
- Target
  
  TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib
- Size
  
  657KB
- MD5
  
  f05437d510287448325bac98a1378de1
- SHA1
  
  fa3deb60b8a2eaa29a7dccf14bee6adae81f442f
- SHA256
  
  846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6
- SHA512
  
  466999585e7b09e729def6e13c719b656ba7ee9ca43ea32c8fb3a6177de81a75caf9bd5eb0c0ac172c2b7fea3c1aa57d10349ff98aac472fe2ffafde8cd30165
- SSDEEP
  
  12288:z1EzSBGD7KAve8xCH0yjCxCZG0MCmBRrNyU/WvK4o7ZXnkSA/RnJ2zOA:zAxCZTMCOL/qKVXnkl/Wzv
Score

4^/10

evasion
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Unix Shell

T1059.004

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

File Permission

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11