e9d67a2e057ca30600aa7c21e7026844238265755fc03f78a4fb78f7d0e48883 | Triage

Sharing

General

Target

9ff13035510edafddf1fb04f55b48184_JaffaCakes118
Size

6.1MB
Sample

240816-zy5tja1aqn
MD5

9ff13035510edafddf1fb04f55b48184
SHA1

1aaf743606b7096274926cc38f2bd8cf97314d0e
SHA256

e9d67a2e057ca30600aa7c21e7026844238265755fc03f78a4fb78f7d0e48883
SHA512

206ebbe2a667d694b170a19e0f4cb89ad3f85df027c6694716432538d1a0b881b81f4ed19afb227a3bfb2c1cd45cbd9637dd12c0a1324a19e62f2afcab18647d
SSDEEP

196608:nCdSSGO7SHT8R8s8I1d2fjHptgoQWBfjizJty:nCdSSGO7SzXs8ed2fDpCjojidty

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  9ff13035510edafddf1fb04f55b48184_JaffaCakes118
- Size
  
  6.1MB
- MD5
  
  9ff13035510edafddf1fb04f55b48184
- SHA1
  
  1aaf743606b7096274926cc38f2bd8cf97314d0e
- SHA256
  
  e9d67a2e057ca30600aa7c21e7026844238265755fc03f78a4fb78f7d0e48883
- SHA512
  
  206ebbe2a667d694b170a19e0f4cb89ad3f85df027c6694716432538d1a0b881b81f4ed19afb227a3bfb2c1cd45cbd9637dd12c0a1324a19e62f2afcab18647d
- SSDEEP
  
  196608:nCdSSGO7SHT8R8s8I1d2fjHptgoQWBfjizJty:nCdSSGO7SzXs8ed2fDpCjojidty
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  b3ebe1cb6bdd529302c121dd4e2e0d00
- SHA1
  
  305f022e7e3ef0ae6cdc5f18bd6adc3032f64304
- SHA256
  
  5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2
- SHA512
  
  6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a
- SSDEEP
  
  384:7Klm7i+c3QW6ckPhyDEaLnu2bbBBIXwZ:mqi8BcyhEhLjbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $SYSDIR/MSVCP60.DLL
- Size
  
  392KB
- MD5
  
  6050bcc1b23f3df7a1876cbdcbac8232
- SHA1
  
  8770ec0910b7cc9a0461a40dfb495ee7f5b4267b
- SHA256
  
  2b6b93c2d66969eb00258e2b5ad6172decebada096e3b1b077a3380c80e4a072
- SHA512
  
  84bd1695304c3098bb82bdf06cc5a756f3e7c4e6c7a22e9dd266d49619a34ba7baa833b167d49954d3aaa1860adac195d9b19f1252f09cc9657eccbecc5934f9
- SSDEEP
  
  6144:gqUZYxtIwVzqzV5pr28De/zG4H6fydNQ3fq3OoxHkCmv6f1lH:Jlxt1Vzqf128a/1H6K+fq3OoxHkCJfr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/MSVCRT.DLL
- Size
  
  288KB
- MD5
  
  055b02d711cdedb8c5997274c4e99cb8
- SHA1
  
  5c816eeb6e4d5f1c11e9f56c992ee7d452e7c0f9
- SHA256
  
  d7cea69a98579d928e534070f5293e80ed7df38baf611b20717ef55aa1344a18
- SHA512
  
  4774431fe768e424f46c833236a41d68f05d98ed14353b04428a5d190dbe213bb56087a5e5cca5cd98598f2c1611fddfed3a7a79bbd362bc02e586cc367907c0
- SSDEEP
  
  6144:yk54RkH8RKDou3LlG/3Roe0Ro4zJsdF9gjFMgiFjNr7mcl2oZhogKLOmJxZR92l3:R4RtIR3BG/3We0RVJsdFFUzchogKLOmc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $SYSDIR/Mfc42Loc.dll
- Size
  
  56KB
- MD5
  
  787b0bcb9a4a2f59b875f6fa1e10c407
- SHA1
  
  513d2d6c29be43d61d72c22841ea5be90fd6b44a
- SHA256
  
  6e26722bc8c2fba7f1297fa77ba7f8344123939a2f7e79feea1bf61bff5f604c
- SHA512
  
  59dc0462ce06048e9f158caf495ea8b2d6658468f6199e98f4548c5b1f3b2d988a453d5a979b29d36012098603e879bf7a2a73662233f67dafa8fd18bc4802b0
- SSDEEP
  
  768:OVH4uHWJymvyT7TSGBFCDC7hedUPeVqLcYJ:qH4uHWwmvc7TSGBFMEhedUPLcYJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  $SYSDIR/Nsdgs32.dll
- Size
  
  58KB
- MD5
  
  e8f2cbf9993ebf2356beed9aba8b8846
- SHA1
  
  91f3e92ab36530f1224bb2e221caa0cfd0da95c0
- SHA256
  
  81aeb38646c8059ef3f923f13689338f09aef291fe98218192334d6a66d07c78
- SHA512
  
  4c5780d6a5aa68bd20a706e48b56a83055a495cfc73e66a680c8f945535c6b47d72e74647b3d7eb8195b5cb1bea6cb791808d366368dd71b26bf4c1fb9bb7ae7
- SSDEEP
  
  768:RcFlqTwEGi1Kp/qXb1kWwStMtVzO24YKXxqk978CX4q8/gkYWeeO5FDinYO4R0eL:ilqTwEMqRLWP4YKX/JK/B4DaYZRe9G
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/OCIW32.DLL
- Size
  
  18KB
- MD5
  
  aae87f90e9bfeeb2bd0365d4327efe67
- SHA1
  
  b397b3197bdbb29f7dead567c4f687ed9f36d824
- SHA256
  
  6254a9370e176f23c286c7331c8e9e7f484616e11c8ae440383fe6eb6e313476
- SHA512
  
  1fd95553028db1ad199bb067d79c3227a9d77f5eb7497dbc399c02683a802ea67e2647645ad59c94095e9bf67b809711c144f11019a8a2d075da2c7e259681e3
- SSDEEP
  
  192:AsCtbbvSsGkGGsmsBLLLL8dJpet/WAlsYdDqKlr7A7pZ7FzM3WfgJJXTqt:6DSPGOBLLLLOp2sSqKlH8pVFLAJj
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SYSDIR/desinst_rural.exe
- Size
  
  76KB
- MD5
  
  def2c0a4792cc5ef0215950fc1643c56
- SHA1
  
  994bf0c93774cdad39f0ba1c6f917fd5ac01f6a5
- SHA256
  
  dc2898bbc1836e658163e1fc5eb937a7f3234e68cf7fe84dd03e3d418c5adc8f
- SHA512
  
  545356418d3e1fc04edf189420575aa205b78ae0986652d2d981e8511e497f1e45159a446d6075a0b80de489e2e04ea7e65a5195dd4d3da1546f0152902bab43
- SSDEEP
  
  1536:tUqBWUSFNrdN90DukJbu6RmpcMUHgSo0M++tQmT/xTH2xt7:yGW3B+DukJbuJhUA3t1DxTH8
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  b3ebe1cb6bdd529302c121dd4e2e0d00
- SHA1
  
  305f022e7e3ef0ae6cdc5f18bd6adc3032f64304
- SHA256
  
  5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2
- SHA512
  
  6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a
- SSDEEP
  
  384:7Klm7i+c3QW6ckPhyDEaLnu2bbBBIXwZ:mqi8BcyhEhLjbbTI
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $SYSDIR/mfc42.dll
- Size
  
  972KB
- MD5
  
  9a669455354edd8128d5b73710313512
- SHA1
  
  07da2332e8b3861fe3b9a43b60399e9f51c44276
- SHA256
  
  cf9e2c0c46e0735a9285b0c009aeaff0606195687c00401e89e89411775fffd1
- SHA512
  
  6a159b9204f411aab5be1f33a2cd119414c7f2a49195cdd471de9362e401ed4e90d7d9c50d19d2ea4e96beb26d1c49e52867d221d9c2a11b5ece22a5eba8cadc
- SSDEEP
  
  12288:KP0q841gnJnxgmY8ydtXygOgG4oziSTbbV0POmDFZ8fr/8lJanR8ai8Ii8:8Q46v+XyCoiSTbQOmR2TSJa3l8
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $SYSDIR/zlib.dll
- Size
  
  68KB
- MD5
  
  babfd98a4ecd496b9f6a093338063c9c
- SHA1
  
  05372090fd0f15a06c8b3f27beeeb60759a72522
- SHA256
  
  eeec6f4c5d0dcfac04a2979dd5728a47c67a35761759a5180d52d5124a5f8194
- SHA512
  
  3e474d0af6097ce7f747f632bd7d7b0eea0d333d38a0c32742df677784ec25fda11a764f8c0883d465c9634400f574a6a71be87203e0f1dc892e6b0943b7c0e5
- SSDEEP
  
  768:yRagNMRy7pA2cp+k8AVfgibjlR1L+zwWMyKO+zlSXuriOxPj6:yRkRmpITVfgin1iz91C8zA
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $_2_/1.htm
- Size
  
  1KB
- MD5
  
  721f65473090e85a9fb291dd2947bdd0
- SHA1
  
  9dc9586ffdf5825db92644933c6ea3189b78877d
- SHA256
  
  b79aa08e19c830a17371c2efe9a6a40406ac53bfbb8146eb7eac93ad2e848bf5
- SHA512
  
  75228525d165049e416ab974c53fe4cb11cd8d5e186f87bed549b90aeedb2c405072e2c3a9b6fdb6e86484ad2a8dcd499edecbb08d9a65f6cd53cd38316c7df2
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $_2_/10.htm
- Size
  
  1KB
- MD5
  
  191b29ec1c9a79439a57400509df17a9
- SHA1
  
  43c0bff0fb8b42ee74a3e9b4d7fb69ad16fefa12
- SHA256
  
  46a90b6857aaa681454d7bdabe932d72e7c345e5160feb35e1a3e8b64f27ffea
- SHA512
  
  ccb7ea15884da1ebefbf3c2213db8db812f66421ef47243c4db27ebe52690ea38f568427834a7a629f24a7eb8b97e685d15fa17b020b8b5dc69358b9426ad28a
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $_2_/100.htm
- Size
  
  1KB
- MD5
  
  007852f7a1c7f9e6d96c80e4c58b99e2
- SHA1
  
  e901817edf99a397b7d851733489fcdff34d4a6d
- SHA256
  
  d80e85189f0a2b21790419bfa2fb6e2a5dc2451a1411537ce8df01d2006433c0
- SHA512
  
  b4dface2c8577ee5b32ae323910e5cb75722364f787d608f9ca84c515985ec003095d07906a78780145469977687058a7459ae34bae0c1497fc1cb5b01e51cd7
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $_2_/101.htm
- Size
  
  1KB
- MD5
  
  389373313b9084bbcdea1b66efa62074
- SHA1
  
  e42a86b53dfc65c46699216ca6ed5d119edfcb1b
- SHA256
  
  d8bd1f2162bfbf25c4eb2181c184b0d24ad48e5bc66c632cfc9005e4b3907abd
- SHA512
  
  2d61cca2bf1d495ab8644bbb8773858296a99c602f1da2447a7397cc18365ca3c5ff44e818f95ca28ee7a63383ad915b11f18e68282bdec76b0fc4793ae52f07
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $_2_/102.htm
- Size
  
  1KB
- MD5
  
  b8cb062dd7f8f714f032d926df2bc922
- SHA1
  
  cfd52e056e32c1cadf1f56f59d5c29945d16a42a
- SHA256
  
  11df7abbbff859eb6a889beca74a260d781b26a8f187fb0307afe786295aee03
- SHA512
  
  e324da062d368c974a55e9e35ec360012c015cef23086bedb1e28bfcf12ee94cd411e361dc13d400d3172cf5458c3ce16d2c423fad66cd9d45b4d896153f9607
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32