5d71e559b666bbc4a02a392c00efd236944eea7286c8be0b89193fce303f77c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a06a57f23106ad15b7b886d8676da8f9_JaffaCakes118
Size

9.1MB
Sample

240816-3s86jsyamr
MD5

a06a57f23106ad15b7b886d8676da8f9
SHA1

4ca063d3e15272f4afe1b15b254ac5d574fa9ebd
SHA256

5d71e559b666bbc4a02a392c00efd236944eea7286c8be0b89193fce303f77c1
SHA512

b6f3185ef4b18fe9442e1253dab3082d7df0da4b8ca91d7497b461e225a917c80dc3a488b7725d6f7589e96689f853771417febeef21a325e739c64cfff653c7
SSDEEP

196608:NQXnp74uygCQP6+aUkcwMclyy0ySfQ2nhi6Yf3M8CTgjRzCdwNHH44oHgb9FUDQD:inNOgCdiYh0XoI46Yf3M8CTgNmdwHbJD

Score

5^/10

discovery

Malware Config

Targets

- Target
  
  浩方电竞平台5.6.0/Ads/default/Join.html
- Size
  
  517B
- MD5
  
  d6bffa586323a2047d4d07eeaf279cac
- SHA1
  
  c2c592c06e3fd96c2fb2562b18bc43eb160ce821
- SHA256
  
  53eec359ddbc5574be6734803abbeff4fe54390469cbd2c45ef5f866e0050efc
- SHA512
  
  83d4d87b3b9b726b23f38501cd7c30391de05b54e4c20f1e95cfe7024efbee259ba06995135f1c6b3150cbb8c9a581db7fb5197be75db8a848ec83eae3963ff6
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  浩方电竞平台5.6.0/Ads/default/Leave.html
- Size
  
  516B
- MD5
  
  f4ddf30882b8a45d7de838765d929fc4
- SHA1
  
  8da1221a39ac153f6045e4984962e4e2e3213a8e
- SHA256
  
  cd6a093da1509532864222ee73148830a4376d975d60d7d14bbfa810e5818402
- SHA512
  
  eac8ba75006279938167d4342cd127cebc2a64d5340764eff607655793b14e2c849b06a70e0113f3e4a20c16050b210670c14a552396af92607d13d9236616f2
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  浩方电竞平台5.6.0/Ads/default/Quit.html
- Size
  
  516B
- MD5
  
  ac01e7fb95530e79ba67c41546e63e27
- SHA1
  
  ddbfecdb9b541350eba6ac9b0fd698321d018e70
- SHA256
  
  e5b3a9aaccd99e4f79569a3430647b293a24eae4013cd4721b0df49ff310e20d
- SHA512
  
  a41722477706ecd8c2377536e86345d5cbcca55cf0a83997fc1b2c088c58d5c4aa8205d11ccc24cf0ee040f805b752eba63fdba9a23be85acaf1712f28d960df
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  浩方电竞平台5.6.0/Ads/default/Setting.html
- Size
  
  518B
- MD5
  
  a7872bd711643998726d7cd0d0ad3f63
- SHA1
  
  241627f7a42e6b29795613216d7ea3f1e0f959e7
- SHA256
  
  7cf3763293be5d3208ea231e4cb949670f034ca85ff6688fa7d0ad38d13bc971
- SHA512
  
  6cc2c1c810f04da50fe2f18982a6b51f9dc3f7f232014a40470e4720fdb7ae8510cd8bc6bfb2b8c439d8dabe366897c4f87fe09ac3ad38289884536cde564249
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  浩方电竞平台5.6.0/AdsManager.dll
- Size
  
  128KB
- MD5
  
  fd052a1c828343e645f96bbe82bebed3
- SHA1
  
  54526b8a61763f6b4f31d62bc3f1eb9bd7389cc5
- SHA256
  
  0bf9eafe958745b21b024f4554406584af6ade51cc83da3827666f4c0ceed47c
- SHA512
  
  18394fbaa03b168bf3a7f3763a73b082382e50419875c24924033586b9d3fda8d6b9fb277da0b1f866a6467079397ae913b27ae6c01fe3cd33ee5b3d77b02b7d
- SSDEEP
  
  3072:NGXkziNjrutI3MIB8ZSvcH2/SaGwbIh+ez/kygmKVfUp/Rvq7uMeudvozO0h:AXEpzMNVfUp/XudQOo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  浩方电竞平台5.6.0/AgentBmp.dll
- Size
  
  228KB
- MD5
  
  e120e69dd324b899cab14dc7682a2542
- SHA1
  
  e679abfbd9baa35b066c279e80121d889f6f3aaa
- SHA256
  
  663f72cbd4bffdeff45b153cd1d520e639d0e1630d7c873f6967f8d5d0e9170e
- SHA512
  
  26f116b7e49f9fc8688303db540be2cc339a8015d8bac354acb87a30fb3a7baf640824e041622723c894a95ff56b2520aee1a5d0197d1a16e698bc1fda08f151
- SSDEEP
  
  3072:/oIgwh2iW7NPfr6SQF0bkFeq9FXRt+fWgbs1wvjFYdOAc5oY7VWRODtolFNS/gQ2:NF4NPDaRtsrSwLF8OAVO4S/g
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  浩方电竞平台5.6.0/BFLiveUpdate.exe
- Size
  
  782KB
- MD5
  
  a7da302c59deaf85629e44d389bd2e18
- SHA1
  
  48588eaa52d9d72b874a468f69118038f283685d
- SHA256
  
  45b94ecc36fab65f4424f6aa16747809ce2f465e21345b0f777e907cbc75e2b7
- SHA512
  
  0a7aaa3249c2c8796243ff92c3f78c693a01f0b0b086cd14b984262691452724b3f1bbb81170562bf4ec8b22b464276deab721419c18fcf7a9c68299a6cda834
- SSDEEP
  
  12288:EfKgO2BQ6wIBQAlJ+aux+aCWSAs+IVZOmFo1bC2d+fXnyeITgtJOsrXTstJM7ZQs:E1+IaCWSAZqOmFgmnyeITMOsrTYJop
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  浩方电竞平台5.6.0/CA3Socket.dll
- Size
  
  396KB
- MD5
  
  2ab8512dcf7863118fcd839eccd9f675
- SHA1
  
  97ff1e6944c714297602afa9e93389ace7f53cd1
- SHA256
  
  41b433644901162b9de297a7b3c40c247c96692f0f37afd38979c0514bb5d320
- SHA512
  
  14560c7582ba2e37d4834a3fbddd27dec3071f9a64b507f881ecc0a12df17337b9af8c76fddc04e0629fac12772714f876daadb604bd394fa42a68763173cfd5
- SSDEEP
  
  6144:oJ+QiY3VBOLgXzsw3rUimCEsn68XWXke/5d:oJ+SVUgX4z664q/5d
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  浩方电竞平台5.6.0/CASocket.dll
- Size
  
  384KB
- MD5
  
  e770b5bad41dc43c7a7a4be63a5376f8
- SHA1
  
  db5c4e4efec5b66ada4baa13820b5dab87311d7b
- SHA256
  
  7732acbc7e2567dc3c263d9f6a4422d62e5d2d450c2c178d7ef1b66587006f57
- SHA512
  
  ab650df29ea7891b7ada1c9363d9073759e4cb972b01d51a4990f0aaca9eb7ce0ef13f706a86b24be50ebe63ffa69dc8ee504532828ad165851d0cf63abfd7f4
- SSDEEP
  
  3072:kw0jC7A/non5cbhd+kDX72s01Aful0g2oO3LUlmpkgW2Ocm5zRn61edBvdaM2tm3:WjXC5mHnDX6A2leUlmprsn68XWXkeTL
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  浩方电竞平台5.6.0/CS15.dll
- Size
  
  216KB
- MD5
  
  69907ceffab66c302575276920777342
- SHA1
  
  931be72ccb138b5536624416e4cb21dc8dc45c61
- SHA256
  
  f1b10a1ff9337b460f9ae18fb8e956fed4b085a69600fad02f1c016a65dc0cf6
- SHA512
  
  6cfb6ae9e6490e0e59777ed52c732bca20b916a7a0a87e23eaf825e8d97b61007e35071f5fd91bda4ed6c39f9faad513439bd53621aa1c7d839f62fc8f4496fd
- SSDEEP
  
  3072:+y988TccsIzgdZQF4emLnNsyOKbJu5rkCqCtZKAoE3zHiS437:3UGgd+KF7Nsy3uuoHE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  浩方电竞平台5.6.0/ChannelManager.dll
- Size
  
  84KB
- MD5
  
  18e79f810810abfec4acfd1429c5eff7
- SHA1
  
  2caad215ec87cf693e5c6838276a05f37b639e63
- SHA256
  
  e15e8320382508a269343c30c71171ad77945d43a3e03ee48a7d35da34617a2c
- SHA512
  
  9aeb6fb71d6385e3b51210bd6123d3d551c6378ff54b07522afd980218b242aa17b68b7df90c5a7b850582c2283f8e370c99d73e8bfda00f00c5743f8711c331
- SSDEEP
  
  1536:cAf9osf9ukMvCyTnLLh+esyZfO3qxet3fUp/PZZ6yJLDn31a4Ha1Fod0t+:cBsfkkMvCyzh+eNO3qxet3fUp/RZ6Enx
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  浩方电竞平台5.6.0/ComCtrlLib.dll
- Size
  
  376KB
- MD5
  
  d8b0bc42adadf3dda050ffbf54c4d992
- SHA1
  
  a44b0d3fba25a3b3d4519aae57ab98c85d3d6819
- SHA256
  
  c64733ddc69abe1c2743d887abb14fdca0d1fb364e89c8d6b186b49ca298dcd0
- SHA512
  
  226138a4dd0abc7f37141c2a1da29045a980fc7b3b3851ac0e4d8b301573748f973e31378c9152b175998c7d5798dfd20487be0fde67dd66d7215195c9051532
- SSDEEP
  
  6144:gu/kmJZ7OZl2/yFx2QetlgbVwoK8uRLr5siLjKGoYZe27q26fSoFIr+V:LkmtUJOlupuHsi6GLZlW26T
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  浩方电竞平台5.6.0/DPSocket.dll
- Size
  
  220KB
- MD5
  
  8349dc7c7e6f32ae15f54ff4679d5ff1
- SHA1
  
  8ba3d05fb791cf9e72d3849dee4e63abbec14d13
- SHA256
  
  47caaff478fe8bed0019f898393edd8a3b21e8dc793a535ad1a33af447b1e404
- SHA512
  
  052f8747f2f0dead15dd8b96304e22674d501f2eb421ae9a7f19f4c9c08579a23d077c05caf1f0f270a7a6c253e56c350a48fce8cff4a6d873b6b5b45e419266
- SSDEEP
  
  3072:gBP344enZ92co0hH/EcrAqMlhgbwlvdg/jzXvI2BJU3TKoE3zSx5Sw4L:gBALGcFfEc8quhgbwo/I2Bm6SxB4L
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  浩方电竞平台5.6.0/ETCtrl.dll
- Size
  
  48KB
- MD5
  
  2b8444b1d299b53315dbd86cec254c66
- SHA1
  
  a9b5586c07e7d9bf64f3d55a182b655a921fadb5
- SHA256
  
  13645d3b6fe6e1b8fed39ffe40753850d1a6e08616c235b219ee56e79028f83c
- SHA512
  
  015bf55b33ff89ee6bddb6b7b0b9053e3c518592e47fcd0146fc1c16ae4d3b4ae6ac1045324c3ce0657e7492c1df8dc34c291a70fd8c4b6813be1e327e227266
- SSDEEP
  
  768:m6edVFHtqGu1PgsLU5pstB2sNwR307No4v2fCDkib:m6edVFHMGePgsWpsz2sNw90BfhDkib
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  浩方电竞平台5.6.0/ErrorReport.dll
- Size
  
  76KB
- MD5
  
  071ae1ce631a479aa1f6ad1fbd0414db
- SHA1
  
  11a3e0792358a40c4b4c41f3442c708126c9d5f6
- SHA256
  
  f116359a628a9b9b4b578d9801d09e38400c434cd9dc5e49164d449d81063f32
- SHA512
  
  df6dda259e84ed5e8cb160d5073a1a6a4382329972c7db32960bc2e6a6cc2c16b5b60c33a887dd06cd8e2759a27c14575195b90f7ddbeb139c9968cd7d2a4c1e
- SSDEEP
  
  1536:6Vs9iBN2AraUm1dda4Ltrk113Dcd5HKATOS5jiK:6Iqgfa82QCAF5jiK
Score

5^/10

discovery
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  浩方电竞平台5.6.0/ErrorReport.exe
- Size
  
  460KB
- MD5
  
  1ebc26de36198cc5d5638a51053135f5
- SHA1
  
  113f3852f672a42ea01e9199cac1e8470a986a73
- SHA256
  
  f8a78b417d0ba88a9700fd2757c5dcc3097ad383dfb02b33b2076efa28d2ca36
- SHA512
  
  090a5e1ce8dec76afc25f67eabdb5969a4189685db82a63703c2aad06c394c69f9183e94deceaa44e340b858f520f12d4eab979ddc52ebb2ce3cd060f7fe5ec3
- SSDEEP
  
  6144:C4RiV0PpqkPth6LVl8TJZLJVGDK3rqa14WoqE/0PbigG1xl7yCECqGV/Ghc2JxCU:/Rixl8TzLJ5V14WG0PbQb7jqGV/GhKg
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32