9488612bad3b065bc46eae538433918d8021192fddbb59393c7cbb53826a5e6c | Triage

Sharing

General

Target

a02946b8eeb32e6cc502f8a227f02928_JaffaCakes118
Size

1.2MB
Sample

240816-19vnda1bld
MD5

a02946b8eeb32e6cc502f8a227f02928
SHA1

25549a6783b33045273b74d0ec311dccad99c8ae
SHA256

9488612bad3b065bc46eae538433918d8021192fddbb59393c7cbb53826a5e6c
SHA512

16a703d6cc9d6c27cf0bd4a562c5680824c1a334a149805a46d50268aad5566cf077aeef48001dd07ddc5f6b0059d6b20aa658eb96d04076276029cb020117d3
SSDEEP

24576:h0jhFpKs5nwxx/qh0jWwd8czRQ/0MSiroK7Nnd8GJL1m93ES/vtKTRwJP:ShbKSGhK28URQ/GiUK7Ae8Vt/vtK1wJP

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  a02946b8eeb32e6cc502f8a227f02928_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  a02946b8eeb32e6cc502f8a227f02928
- SHA1
  
  25549a6783b33045273b74d0ec311dccad99c8ae
- SHA256
  
  9488612bad3b065bc46eae538433918d8021192fddbb59393c7cbb53826a5e6c
- SHA512
  
  16a703d6cc9d6c27cf0bd4a562c5680824c1a334a149805a46d50268aad5566cf077aeef48001dd07ddc5f6b0059d6b20aa658eb96d04076276029cb020117d3
- SSDEEP
  
  24576:h0jhFpKs5nwxx/qh0jWwd8czRQ/0MSiroK7Nnd8GJL1m93ES/vtKTRwJP:ShbKSGhK28URQ/GiUK7Ae8Vt/vtK1wJP
Score

7^/10

discovery
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $R2/Thunder.exe
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $R2/UserData/Profiles/Program/toolbox.bak
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $R2/XLUser.dll
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $R3/Thunder.bak
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $R3/XLUser.bak
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/drivers/etc/hosts
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SYSDIR/drivers/etc/hosts.bak
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  C:/Users/Public/Thunder Network/Thunder$1/Profiles/Program/toolbox.bak
- Size
  
  14KB
- MD5
  
  84e61af1288ddf3b1735dbd54e3821e3
- SHA1
  
  1bd5eb94bdc3e8e0b480bd72015da0b56e33bb0a
- SHA256
  
  4e335398690821e72195a3471a78c43c6f768a81115dcb56cd9dca4c6f75e075
- SHA512
  
  01dbf4ccd77003c31d6217cfc11c82508c726012a3039fe366b901e874d60a023ccb569cfba01f7e2789fb996634d272cfdd8ec99e41a40f970f5a9da56b02fa
- SSDEEP
  
  384:a6N2sy5ymIJcraqmIjvy3lfzFAqCfHypzkWi:hwsy5fS3kyxpAffHyo
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18