2147322197323cd5aea9bdfe92ca6da4e071dc196880a7bf531d2e53a12515dc | Triage

Sharing

General

Target

a3e0068898eff645b0ecb95bf27d11e5_JaffaCakes118
Size

4.1MB
Sample

240817-yegrxsshpc
MD5

a3e0068898eff645b0ecb95bf27d11e5
SHA1

6faf215479a7975fd3364108eb55cd4d7ac9821d
SHA256

2147322197323cd5aea9bdfe92ca6da4e071dc196880a7bf531d2e53a12515dc
SHA512

cf5ecc82773464782ec9ab46ae57ff766bff978e8855be296d92f08de6cc2b21e778f8ea63d951ef9afbecf46bc9ae316f565dda450ca3878960cc908c437135
SSDEEP

98304:tFEYiMuYUDTCwC1NvNwxmQk5CcoRygb2OzSCInzWT8SfI0U1uqNh:YYnUDjC1EcH0lb2OzSl8l6kkh

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  r-install-cn.exe
- Size
  
  4.1MB
- MD5
  
  6357b6962e157eb43e4a44a04409c7c8
- SHA1
  
  5ebf57c95dc67e00aac9282ce60b37f0629fcd1c
- SHA256
  
  2d662d9ec78329ffad5945e26885f7732abca240a3ee0dda8be173f956b32146
- SHA512
  
  ccc90d7d4218b8063d8fac797aa3c1019fcb95e2bbd7d856a43108bba80fff18c0ade7ffd58dbf89acffb91c37149a953c9e555e0e9398329abda6aaa35ff535
- SSDEEP
  
  98304:8E1Z3V4XKz6jbQDRocqYq6EFIfMV7Mj1X6lTVivkyQt:8EyKzMQDiRhrFIfMVYd6lBivkyk
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Icons/proto_AIM.dll
- Size
  
  15KB
- MD5
  
  3b4379768350e66fd9789ed37a8582cc
- SHA1
  
  0d1df7ced826b539295404c0222bc959daac0e8a
- SHA256
  
  78d5d291ec49f584de38929aa38faad9da7ad65b87e360fe49f14f649047b504
- SHA512
  
  9de9a8a3131793d7fcb724c93e6e465c937f697b7ac9b7224a7e634939badcf319bb12f4c13e48ce0511dbf25ebc5e2274003023b97f7f0456ac4cacd9b47e3d
- SSDEEP
  
  96:/R3j/rVkapa9SkeoLDjnztTYK2/t1OeT/UkzVfiFz+apNrpr+y+6+y+1Y+7V+z6O:ZTeaqS1oLDX6/2eTb2EBPuvjEgYSLWNs
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Icons/proto_GG.dll
- Size
  
  23KB
- MD5
  
  d5d8f6a2a55a8a07b516170c171dece6
- SHA1
  
  774fb19617bbb15be1eabb548a9a88757fac65fe
- SHA256
  
  ad938f25a6c082353469c5300b8f11b41e7b4db4a6082033cdcd6e1ee0b6233a
- SHA512
  
  9a1362b1481fcacbdbde058420f482d4fff93c79717be54d5ca7bfc2656d7f7dddd59b9a4c12986b8ccbec34c4192e23d923c12c2c45bdbe9da11f49f806c8c1
- SSDEEP
  
  192:JAncskYqxer+ikuQTwa9BYvqcVnLDmt/OTJBIPb2vwpSNIgrKYgmSbSRT1W3gbP4:wknhQlDmtmBIPM8SNlrKYPSbA7ky4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Icons/proto_GOOGLE.dll
- Size
  
  18KB
- MD5
  
  14c823104eda87f0b9516b75b6b5dbf2
- SHA1
  
  77d34283de94c10c146250c18318abc87f32bd87
- SHA256
  
  a54a6e7026c21fd784c884c0c43adab2fc29db4601862c0f1c399394fa0ba6c8
- SHA512
  
  ee79a2c2c55351f6b3ed02ee5eff8acf34c74b131b1618b35630558671ae08c06ca24de8f53700f6cce7d9e88c0d39213cbe7ead103b7ba650cba131247948d3
- SSDEEP
  
  192:UYhoQGby/4TNud5miVk0EJOtOty3hCT2yVZLRtT:U5by/4TYaiVkRJOtOtohIVZNF
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Icons/proto_ICQ.dll
- Size
  
  21KB
- MD5
  
  5407dd2db09a2c069d74ae0e10db4dc4
- SHA1
  
  3b50c1201c470fb51b5228cbb28875f26dd174f6
- SHA256
  
  702c94363e0cbfeffcb4dad100fba29917377da5a780a419aa75ea39776b6dcc
- SHA512
  
  154cc0858052dced7432a8d4673bcc74b2f32d852e7ae304377ad17a3244a8e5dadf9ef1cb95b10500b615061d3e854b118d5774bb72fec465a3ad9ffb40eb62
- SSDEEP
  
  384:g7+KbnVo7MMvQsaWttwtG0H1eTZIMPqvvCzRY8WNs:gSoVr27ttwtG0H1eTZIMPqv0RlT
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Icons/proto_IRC.dll
- Size
  
  15KB
- MD5
  
  33973c18c2abadf5ae9739a816905544
- SHA1
  
  b4b8ec247c96eb560bf4736e9252c73c974e904b
- SHA256
  
  aad4ee4c4a82d0abb0d0c651db6068050f87fabead22af1da3a4b8764c6064c4
- SHA512
  
  75e514cb0021b2d1275858e7fa663be371345100309481f549093f05c1cdfd235cc2ebe22e242b6601346d58abd11c02cfb5cdec5ec918ddcd3452b8ebeca036
- SSDEEP
  
  96:Qs3kicl+ZpRNkCelEDjnTF1na2loeT/UkzVfiFz+apNrpr+y+6+y+1Y+7V+z6DQI:hUrqRHeGDn3+eTb2EBPuvEEgYSLWNs
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Icons/proto_MSN.dll
- Size
  
  15KB
- MD5
  
  644298acbf46bdd37f8a066ff806f1ca
- SHA1
  
  d14c44114b38ea8ab3502025fab8bc77d7c4df00
- SHA256
  
  6bc5b63916639c4a420d49ee733d26326d1138edc10c5d759c9d27ac40aa5a08
- SHA512
  
  9ea4e0ef2fa920f828406951d710eb21973ef2ca514d78127876575b1a4641e8c5d36fb68f79b98cba88abba89ffc94aff4d2f2566d2fcce5b745b66722f9dc2
- SSDEEP
  
  384:4clJmdXOrLqoJ+R6CY75BGATeZMPq1IL:hTmdXOPqoJ+R6CY1BGATeZMPq1IL
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Icons/proto_SKYPE.dll
- Size
  
  15KB
- MD5
  
  f996487a1450bead59e17b6f16cfc73d
- SHA1
  
  4e19b8b057e1c001accce6fd8bb0dea86ff5ad48
- SHA256
  
  e6af9a8d66755cdcdd7601f06008e313a6b1562c95a9f9c90407f937d0768c07
- SHA512
  
  a1da4915bdbea3a1e09da302611de48fbdca2aaefaf2c48de19febc508984edd30e640950cdc85017c5bf4b6a9736477994fb72e70da23e8ec84995f8cdbd01b
- SSDEEP
  
  96:nE3LH6bPLGpNnkW8Djn3dGPA5vC3WWWWWWs5WWWWW2WWWWWsKchAaP3/vWWWWlWt:E7+PSbnV8D7c45l30ekoY
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Icons/proto_YAHOO.dll
- Size
  
  15KB
- MD5
  
  f435d8857edcff107167d5060f409b8d
- SHA1
  
  41694a9c35aa86ef9e6defd44df4532affb04c41
- SHA256
  
  50ef867cbe13b23c1a8c595b000576853e7c0e55f84f4bea04e50bf9add40bf9
- SHA512
  
  50674967269ae78b22c44d202165c77f3c851380e931c901f064911963981ebe9e5f559d147c677a1221f0be2fa4b1ba2131e70a26afc4aafc21011b7fb1153c
- SSDEEP
  
  192:eCI0gB4djI8pgB4O/DK5gB4OygB4VcESVv2u8GTeZMPq17:4S0m5ou7GTeZMPq17
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Icons/tabsrmm_icons.dll
- Size
  
  224KB
- MD5
  
  3bc6dbf4d663c9156abdf3849f771c53
- SHA1
  
  b9bba5bb76b2b89c3b2e5aea2380eafc7c0679ea
- SHA256
  
  a3306cf94d35bca4563dfd8edb2bc378c72b62d4887087cd6d139a302c3ccad8
- SHA512
  
  846b5e4b3668f836e8b6b6144d76d0b00ab94bafff38c5373a8fcabec5a606dfb699465739b19712dffb77e7e430c50140ea15d258d224d6950c53a6e550339e
- SSDEEP
  
  1536:YNQgSSR40mn9jGJ1eHhK43I/FBBbPBBbPZEYRmW5kRNZ6TyJFuJ1B3i:ivRNmn9KEo4WbPzbPZEKT3By
Score

1^/10
behavioral19 behavioral20
- Target
  
  MessageWave.exe
- Size
  
  430KB
- MD5
  
  b22ad232f930e27bdb8d72d5a47637af
- SHA1
  
  be694da64e99d275c69a64370d0e54726c149181
- SHA256
  
  fd36f63b768281d692292c2af345490ae7968e913d024f309fafa14b4b5ced07
- SHA512
  
  7f16ca08aa0f965fc0df8062b5927c44a66ec3bb87e005ac9527e23c2a1e55bfb785417b5e233dd883513738f1fb23a1b63031aa11447edec28add3b691b47bc
- SSDEEP
  
  12288:wWV6AxA10SHWBF+ugYTfeSL/npmGHEgrVa:FxjgY6i/negr4
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Plugins/Plugins_niu/AIM.dll
- Size
  
  119KB
- MD5
  
  02fdd0a557e16beb874be9fdd053b835
- SHA1
  
  ba0ae8e6cdfeb6fa128502076ab50a74d60d2f32
- SHA256
  
  298452e2894d47eb350d7bf1824fc6c757e6b4af9aa2ce316503445c779f1caa
- SHA512
  
  18278bf8ca3cd3c7c79500c11fd0de92dd6dfdac2fee3ee91e0cceac20fc6961288eaa9eeba7c066c9a1e11bd66704047ce4b10ee8f74f34da8fd4673336250a
- SSDEEP
  
  3072:WdwtKX6ZT+PA49c5WaVSjXT2w5n+0FShJeOrssj8MW/jKaYKvbiQ0JKQoN0:zwqtSjKeOKvvQoa
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Plugins/Plugins_niu/ICQ.dll
- Size
  
  255KB
- MD5
  
  784a028f3a4dcd21f6ab0e1946837d8f
- SHA1
  
  3f25d04b7cee632283031e8f0d9991389e794fb7
- SHA256
  
  abbf9b22741f759f4872da124f448ef7f28f07932794d99f4a416efda366c6b1
- SHA512
  
  2ed45ea56e9ee23bc126bfa71fb05bd51a8013f0ecbe378b2e469b1bf39c86e2874957a269c32557ddc92cd1335ee508532c0470356473aa193929222f96f912
- SSDEEP
  
  6144:L1zOK5OoKKp//ueTS3mfjsuvUCrGNSFYv:lz5XFTSWD8CrGNkYv
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Plugins/Plugins_niu/SBridge.dll
- Size
  
  88KB
- MD5
  
  c14f3e53e971d32a9f043d887f0c1fd8
- SHA1
  
  51b4dcc8d8c98e25a3c6d49cb4dea09f9f29a817
- SHA256
  
  f0aabf8b99fad99c71444b2ac6ac88eef4747bfde011c25dac962b2abe62af3c
- SHA512
  
  c93bc051c11e32f9d2010dbfb5a10e212bc7810e25e010f4a879ccd3656bbbfbc8c29e3b699508cbce8fce63e2f0906c6241f91574eee02c7b64a12b127155f4
- SSDEEP
  
  1536:lP0MugmWxzBjvMIYt4pVv67W3cTBX/+X/XzPXg+4g4i:l9ughNpYt4z3cTBmvrkg4i
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Plugins/Plugins_niu/UninstallW.exe
- Size
  
  212KB
- MD5
  
  593adf2a228ab09c4c5bedf195dd88f8
- SHA1
  
  4338defb86871ce90959f7b4694857cc3746d625
- SHA256
  
  38c2523683b6bfbf63bd7b4cab0235e72b5b3f28c8da854404087b6ba553a64d
- SHA512
  
  6c1f79b786970efe9cc223935b24a69e30daf1a8ddde6ec81bd1f240ab5b0615743549ede478ae9ac931123d3b866da5b4bbf0c8ca2dcd1b1b4ad37d253b0e07
- SSDEEP
  
  6144:Xs6uTJP+pw7P1D3X3/1lg/Fgw5MV5DD0M0UV8ei:XaTJP6w7NTXv6Flp3e
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Plugins/Plugins_niu/VoIPCall.dll
- Size
  
  48KB
- MD5
  
  9049f052d9ffb59b88b1c269d2e04339
- SHA1
  
  380f394f586e66920b476624021c45340460f8b0
- SHA256
  
  e77c022ce379cac4bf8a76b7c061a927ea3eea6b31d92fb1ffeb89e972149c3d
- SHA512
  
  8013f9b95d841dc88f69dba75f5d1c5b450890faa894dfb38fd56baa2dc74c7faf331f24e2acad437722bc8c2975d01a12adf3d9f90b362e1b33431b64f76267
- SSDEEP
  
  768:r8NYMZkZVE/oePYkLQgLX3bGqtJBHUG8DiU73v9:r8CMZwEgePYkLrLX3bGsIDtF
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32