6ad1835f4a03f110b2094ede277a362ccb36bef8613bffb0a07380e3a666f18c | Triage

Sharing

General

Target

8f0e523e2b297a72d3873a0530a20724_JaffaCakes118
Size

2.7MB
Sample

240812-rnb5gavcnp
MD5

8f0e523e2b297a72d3873a0530a20724
SHA1

6cb7614032892b7c14274603c8855883c8d69e49
SHA256

6ad1835f4a03f110b2094ede277a362ccb36bef8613bffb0a07380e3a666f18c
SHA512

3c26af3e07822ca694b973f481433365b4ccc238e80a332864998c7840aff0e4f1ae15a93d1e38ac0b37fed79104437968e1b8bdcc1c8cc260c73875b5f2309a
SSDEEP

49152:G54CeMBvAryNfY/CflVu7LvV+RMXCkJU50hewj7v13P35HhwPKx:G54CeMBvAyNfY/KlU7TNJp5j9JHSix

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  8f0e523e2b297a72d3873a0530a20724_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  8f0e523e2b297a72d3873a0530a20724
- SHA1
  
  6cb7614032892b7c14274603c8855883c8d69e49
- SHA256
  
  6ad1835f4a03f110b2094ede277a362ccb36bef8613bffb0a07380e3a666f18c
- SHA512
  
  3c26af3e07822ca694b973f481433365b4ccc238e80a332864998c7840aff0e4f1ae15a93d1e38ac0b37fed79104437968e1b8bdcc1c8cc260c73875b5f2309a
- SSDEEP
  
  49152:G54CeMBvAryNfY/CflVu7LvV+RMXCkJU50hewj7v13P35HhwPKx:G54CeMBvAyNfY/KlU7TNJp5j9JHSix
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $APPDATA/Immunos/help.rtf
- Size
  
  35KB
- MD5
  
  81014ff0855380de6f47759478543e09
- SHA1
  
  c00e75326364fca1f97c9b7d270cb3b3698a4665
- SHA256
  
  3d68d5ab7045b5be4d29aad5c152fec6bd1173841968425f5b3329b9a6163dff
- SHA512
  
  0fabc202d10bc7ffdfbe5e3f82106f94b3e4035b71368ef9c22055122db237e59d5891115192aeffe2e80efc17604d39fdd89690ecebd905e4c64b23c2fe2e3a
- SSDEEP
  
  384:1fIcqb7PzybdKkuEgCNnGbTO6RE/i6rGs2AYARv6ZNYGO:1faEgCNnGb5hAkDO
Score

4^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SimpleFC.dll
- Size
  
  175KB
- MD5
  
  d38543fc9ae37d188a23e06ee11d3504
- SHA1
  
  174fe778f66db4a527fddf21b1c23e1bc1ceceeb
- SHA256
  
  72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e
- SHA512
  
  43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b
- SSDEEP
  
  3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  134b93f8bd1f82cd2f1b06c878580703
- SHA1
  
  29cdbce7a2caf1f7e4d2a139c42336d490074665
- SHA256
  
  45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4
- SHA512
  
  f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692
- SSDEEP
  
  384:EBQCxl9oGPZsw1v6yBIgktbBYeTeXMK5HQ/0lR+Tya4LV0Ac9khYLMkIX0+GBxgU:goGFghBZTeXMK6cVa4L
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  CustomControls.dll
- Size
  
  38KB
- MD5
  
  00198aebb4d2d55f277302efbf31f8af
- SHA1
  
  e09b59dc6fab1a1d07fe860b4826231c53b3fb5d
- SHA256
  
  5f8a16f47df8cbf45d22e3efdd63e3eda4cefc40ec5bdfcf40c8aacd9978a852
- SHA512
  
  bed82f07b5107cde94fd849274f9f9509c8d3042745bb7393e99eb6b5eb6c63b483f3d53bfd28940673cfc785274e6ae472008eae10b89642e5ede1f0e711bcc
- SSDEEP
  
  384:lClIBJTqq3Lr9LPSJKs6raqOWjfoURw0XQ66UTwQgIIdY64eTjLOVcKTLHYybEWH:lCsH5SYdEDQImkuHVEQOjlPER
Score

1^/10
behavioral11 behavioral12
- Target
  
  Immunos.exe
- Size
  
  482KB
- MD5
  
  6df39f5c2653ac3d2705f5b05f3be5c5
- SHA1
  
  be7fc46ceace5d92e62443c60cb83215ae981511
- SHA256
  
  7582012542ef9bdc64d0ce1885e56411daec403cdbf086ba913f9c7722f78ca8
- SHA512
  
  8ae4245c9f4c3ece22602783d9006342d196a01240805bcf632fdc48c284f2804f8d33055dffa052801c0834d37ae6acb1cd047d42c3aed5e419e80ce326c409
- SSDEEP
  
  6144:SJaVkrbZLHa+87aJOn3n8pmPqBl/+NpPIoDMchZh69rBl/+NpPIoDMc:SkVib1Va38Fl4VIspOl4VIM
Score

1^/10
behavioral13 behavioral14
- Target
  
  engine/clambc.exe
- Size
  
  120KB
- MD5
  
  f1a5f942aa1c0578edeb86a36b4687fa
- SHA1
  
  94327b182343fa656f8935dafedc29500ed295c8
- SHA256
  
  77aed78a04e669c68f0571e8676db3c43b0210d7d13e7ee0fe340993ccabae48
- SHA512
  
  3b37f4fefa07e9bf40f737bd8dadfe3b6ee607b6c9da1aa2bc0e811f9d569d17b155c62773befb219dbda069b8d56f75c4c0c57d329cff3ec697c99206090b81
- SSDEEP
  
  1536:GzxahRBx+YeLm0C3tDhqlqtDMkD2myT0OC:LhRrwLm7dDhqQIUyT0O
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  engine/clamconf.exe
- Size
  
  121KB
- MD5
  
  982dcf138d8f43a6575fa2f443000123
- SHA1
  
  e86e7c2d2dfe6341f4eb799897b062f33a7a6e29
- SHA256
  
  d253d612e09b8f3c30ad73a846c4e9af4b9885e7053d7b79856671803969a8b8
- SHA512
  
  fdd9ce76b36a7a5255f201a588d8f5787401fd1a97c95460f2541f9846e22d9ef0cd24d5abfd02dd571c7607d7b7b1993d119b1ec237066d7951d4b314ded9ad
- SSDEEP
  
  1536:4dTeWjyx7cRBx+YeLm0C3tDhqlqtDMkD2myT0Ae:Waeyx7cRrwLm7dDhqQIUyT0A
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  engine/clamd.exe
- Size
  
  169KB
- MD5
  
  df3cd40ecf8d95fcd7c433f537431a88
- SHA1
  
  c97c527d732b9d966752ff486cf1374c3ede8e88
- SHA256
  
  feda71470424972eefd6036019fe1e00c253be24e8ed4a9445bf506f3c83b1cf
- SHA512
  
  a15b8ee48730c75b9409dbd6afdc9d8ebc6ede9f8e64ed16466d4b30975225ef5cec9f1727742694f41c1dbc6215ec46cd84277eb7ed0959da1a1afcc9b8d455
- SSDEEP
  
  3072:7T/0RBNdaqnoOkG2Z6vs7GIpRrwLm7dDhqQIUyT0B2Q:nKbbnDB2Z6vs7GIpRMqTbP0Q
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  engine/clamdscan.exe
- Size
  
  134KB
- MD5
  
  1060028f7fa500746af45f44ac947737
- SHA1
  
  6a4d69e06d73bc6e45831fadae0fa3a0c16f5e1b
- SHA256
  
  dd3d5ff62423d8ae3c8f71cca8e688e5ecda98ad4b8c537acf04351187431afd
- SHA512
  
  f9b9bb233b8a0bf018f8531aad852806686393c63b186a7e4124794a981f77ef086b3de55ae8ace30444bfbba60d1da54fe8ff3ad983faad100cc0e419611118
- SSDEEP
  
  1536:Gx6iqnW2RBx+YeLm0C3tDhqlqtDMkD2myT0Qova:Gx6iqhRrwLm7dDhqQIUyT0QoS
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  engine/clamscan.exe
- Size
  
  139KB
- MD5
  
  2a0c976745f3d627d1da9e27bf17ab4d
- SHA1
  
  610742bb3529a2f6f026b375ec681587bb321d22
- SHA256
  
  9e7dedbef490408113e6aeb3f756638a36059090cf0457b7470c09e818d0181a
- SHA512
  
  24c08a87cca77cb75b51649527fa703f5d40f8123f1040a66c2f2f125bf9c7eb4a99fb6dd775a3c1ecaa563eb6525231544a4d975c32fd9d11c0de4267d6b194
- SSDEEP
  
  1536:zREKeGllPu5VRBx+YeLm0C3tDhqlqtDMkD2myT0oR+:zmKNlU5VRrwLm7dDhqQIUyT0ok
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  engine/freshclam.exe
- Size
  
  187KB
- MD5
  
  f226a6bd7d10a903a4f95f104383e982
- SHA1
  
  458b3b5d0f5c8cf41094d9338d98c65f32f8f421
- SHA256
  
  b0c421799374660718f035236aebaf85b8457f9280b76f0d8699d6ea75aacbec
- SHA512
  
  6b5e3f216dc9f8fb831c6074bc016062d35917656301b604d0c89a6b79213e668f008d376cb75ab827cb3ddb35ffd51bbc2a36755d3b1bfbf8bf96daef20ff52
- SSDEEP
  
  3072:ALhsVL9tVlz+IdE1UkRgtOltEA8CchW7vtRrwLm7dDhqQIUyT04GE:A9K9tVlaIQXRgtOlCA8Cch+vtRMqTbPo
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  engine/libclamav.dll
- Size
  
  4.7MB
- MD5
  
  53ad8f9d2097c2759c35cb00ef674572
- SHA1
  
  120694236ab9063c81cda95be0e0032c880c34d5
- SHA256
  
  017c8d47eacd4dc1014f292cd72cad278239b7175758e0409e310e8c870f70be
- SHA512
  
  7b5c7b647598937d913656421c84dea845a51ef8e0f228377be33251951651a91b1cf6f34cf0d3d24faba3f18ffc72a083bbedefa114a3d5716e8bc4a9ba5e9e
- SSDEEP
  
  98304:WUVQ27YeCRVXBqEtL+4mMi/dMjE3IZqEeHmcB9WzaiskhPduT:FQ2AbonVYpqEeHmcXOEkhPdu
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  engine/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  engine/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32