430336a21f44aeebb4c6f8da5536c5b5b149265b2a6371ac0dfcb410f528ed26 | Triage

Sharing

General

Target

ab7e613128f038d49785e235b7cd7694_JaffaCakes118
Size

8.0MB
Sample

240819-sgj26s1crf
MD5

ab7e613128f038d49785e235b7cd7694
SHA1

50c2d91a0077362676603c65d08157116943314a
SHA256

430336a21f44aeebb4c6f8da5536c5b5b149265b2a6371ac0dfcb410f528ed26
SHA512

295fed7b64e1958b0a6cbee74038d686f880186345c737708aef8d91033e2fc22105eff5ebb0d5ef55bda2bb7479a91719a2b8b010f8b556326894eeebe9a079
SSDEEP

196608:FifC1OBIHfLMQRo05kttRregji4tre2poNU8SPDffYZl1SmQN:yD6Hfrh+Ti4reLNYHN

Score

4^/10

discovery execution link pdf

Malware Config

Targets

- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.0 Q&A.pdf
- Size
  
  1.0MB
- MD5
  
  a33c8e259b75ad3ef23be2f42733ee46
- SHA1
  
  cc108f5be9d57c2854c5f2e1855e3216e1a80799
- SHA256
  
  063125f4d3546fe17a2f67f0f5bf363684a23e55d18d9e31e85bdec26124be36
- SHA512
  
  456533ba58d6433eadf6e88914bb9732347d274069a6054ebc2afa2a12cbfb79ff8763da888510963986035dea8d113641f2b2710bbe1097796b5b3e581fa9b1
- SSDEEP
  
  24576:g8WHufpuJY4Gv/+9jy75hxG1oQfkQV6I+gxtzoHp1LUG:g8WH6yIG9jy7bYoQMQsIbrza7
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.0.pdf
- Size
  
  837KB
- MD5
  
  3feaf8a3f57f6a2022f5994ae7d60958
- SHA1
  
  b27f63b36db970754520e2c4bcf192c33239c40b
- SHA256
  
  6d3c57386fe8f21b247442b34d18104af066633d606813c7cc7beea563f7752f
- SHA512
  
  2fce4511e9d1370161dac52bc2f8d60b8d7ff202e389f9cd4113582c5d94a6ee7f9de4131b008ea0a4dbc29d9763a0beeff9790aeb4def3aa193e7312af5748c
- SSDEEP
  
  12288:93WlZ3lwXMrAfJkZ0cxP7Zrl+lVk37QtvsWmbDBP9GwglrKN5PJ6fnU9GQJE6:93WLlw21RUk7QtvW1GwxNtQnUlj
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.0ȫֲ.pdf
- Size
  
  2.1MB
- MD5
  
  afb3c914ac20d3abdfc5a385b5551077
- SHA1
  
  d001c1a4417c8d41da136eabdab9a679ba6ecfd2
- SHA256
  
  0d71dc87f8ef2095338fd9f5384494fd5f14b2db9563c41dcbd3b6713b0cb2d7
- SHA512
  
  3fdbf69a29ed8b805ae31afdcccc21600846b25c4d4d61ccda2eaa32cf630d773abd5b1d677c59f23cb51757e143e1fa1f19db743b3ab5a0cb46c61d0138de69
- SSDEEP
  
  49152:0WWuFeyK1lOoa9x7yPsuVe+DixTScsDLmoSsBCOkkr:0WhkWoa96O+DOTSDeoVCdq
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.1 RBACʾʾ.pdf
- Size
  
  802KB
- MD5
  
  01ac93e480151a1cebb158e5078f2804
- SHA1
  
  ff4e9993446ae1b6655c73026b19dbae323d504b
- SHA256
  
  e8be449eef9b3928dbf3f27eb35de1469d16b4d53f84608fac3f460ef9959bbd
- SHA512
  
  dce8b3632c8267b36620fed8b3da4339728358479a7e22c7c5749049e94a74eead19006f7ebcc3fc761b5edfa28e6ea3dd8da0db36ccaa007d0f352a8451b7a7
- SSDEEP
  
  24576:QM7WRx69z43RaB5gd5kR/z7zhJkl4R4MpVTzZVc:T7W+9z4hE5gTmXtJkl4aMpVTbc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.1 RBACʹü.pdf
- Size
  
  936KB
- MD5
  
  da1574ae2ac21c606740e39fab5d3949
- SHA1
  
  7e01e3c005fc781524cffff6f169099dcd43a3d4
- SHA256
  
  f095a5b7f6f970454301d171915a256e0d13534087a0ecd95d45f014dddd1c1d
- SHA512
  
  301d3c63a0e7da802406f6175f998e56cf156e6cb7e003ab4437634f88caf425e3b0b54a22406d0aeb6c9e58bb56c8261dcf0bce0d219f839a5ffc6dfc77ee43
- SSDEEP
  
  24576:hq6WtllBiAKJ2W/Y/YJY2T5VplumAa+sWZFupKAuLn69AI/bIo9auVe:g6W5Bdk2gNT5VpcmX+sWZFceLn69SsaH
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.1 ʾʹ˵.pdf
- Size
  
  276KB
- MD5
  
  a33e62593a36164de60b446e9e07521d
- SHA1
  
  e1f59d3f12eb3bcb1f44bd24ffa94f23acb4d50c
- SHA256
  
  62016c2f56d7a6e7328306d75f056fe256a726ba80d77ae2f0c80bd129f312af
- SHA512
  
  7d3f160cb1c12e49fc14907af002165bd7353bed5ed2a427c16ba237c69bcb10c7bc46d5d7c2ac3016177737b0d5927da2bcac1e9bc8e665eb3138e5e7b6c607
- SSDEEP
  
  6144:kkWwwfsW+3kDt+ClZ1TuGs66ExvcpIIil5jp5qg:kkWlr+3etZZ1yGs66Exvd35jp5t
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  thinkphp_2.1_full/Docs/ThinkPHP 2.1 Զǩʾ˵.pdf
- Size
  
  445KB
- MD5
  
  ff638ca5df663601ff588a3fe064d592
- SHA1
  
  57d365e3b7e65e4bf81904c49b498ba2cb7c9ef4
- SHA256
  
  4577b025edfafeac259f153998095d5b15386f48520c539cecf88c8c5faa42d7
- SHA512
  
  7ad449edb536cf8360e7767f97886ec4c4300d4d9699dacf68da2699687718ee3f09d3016f36a12908efe521e797334957807850cf327852b1b392183f87e4bb
- SSDEEP
  
  12288:AVWlfoUg1199Ngg09lNBnX20n9C/ajdy4ujvOZ:AVWJc5PgZ9lNBX20nSakJvOZ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  thinkphp_2.1_full/Examples/Ajax/Tpl/default/Index/index.html
- Size
  
  4KB
- MD5
  
  ed68c6d2faf655c5583af4788b421d15
- SHA1
  
  e31ace7489c0e300175ef2fd2cf1de98faa7b15b
- SHA256
  
  e0ca6e3c7abb4a24bbb38f79a238993dcc0550d056ecd779fb65a686305bddb0
- SHA512
  
  3ade808d242790d34d089c9f41a22bfb728ed8856561e7106c69cb0506f33edc2dad26280505114a18449358a71787339aa897283770c871e692b2f687f8cf9c
- SSDEEP
  
  48:IJpm33xr8pa8p/kwfsZVEM1mXkU/FlhfqZl3wYnUSIjdf7HWuUTnb/aR5:zMdFfs4xXkUGqUUpdf7WuUTnbi/
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  thinkphp_2.1_full/Examples/Blog/Lib/Action/PublicAction.class.php
- Size
  
  14KB
- MD5
  
  a4f11a7de7e66f5fd1ebdd65dc3cf667
- SHA1
  
  63d8df566bb793d7743bc9bb355729b8e60cbf84
- SHA256
  
  6b143cb5f083428a4fcbe887f3bcb2047e80490036409b98f2fe5b214cd3d970
- SHA512
  
  dfb0fd75b3a1e7aa699f465b6fe7c104cbe6840cb8ff7538b1e977312b2cb4b9c3188c2c3d4b10ea32e518bb850da16d5148c419e1a3047d87bb89f078816d14
- SSDEEP
  
  192:Y8cdrLoPYtk/V4IiFJkNYTwSUSXVKO9tiTiXZGAVAHEw:EdCOSYsnAVKLiM
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/add.html
- Size
  
  9KB
- MD5
  
  f8ee4f1b6e2d34c78de460eda6863178
- SHA1
  
  4ad1c608bccbb23fa8f11037ae9c7979ec72f2d8
- SHA256
  
  0090a0b263fa570e616fb21f7f964f609c667768e7bfee872414852b1e1ad17e
- SHA512
  
  8ff6732b9efc30d56868d7f8ae5d41fe0c949982f8d0f092047fe25dc673ce6b0704aea36d34167da1896d2d637844fbd8b605886b5f85ed2a4af10069a5be2c
- SSDEEP
  
  96:ynK4w440D4kz4RDsF4JLy3LL1hNt32RXWvKJKo6GPL/o2UBFNNIJOGXY:ynvrEV9LJGj5v5vNaXY
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/archive.html
- Size
  
  2KB
- MD5
  
  f85eb0118c272bee7d1934baf23a57bb
- SHA1
  
  915abad731a90cf6de055611e1e2616efd93747b
- SHA256
  
  5d6500d73ce3675f339030a44f1aecec211fff32f1057bff5c0d9cf44ba702c9
- SHA512
  
  c43de1e89c75185dc4ae66a900b00ed58aa97f584a3eba1de76033a485215a3a456270c0609b338b65491b0b8040ae397f205507d06ae7f9c73bbcab776fc0f3
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/category.html
- Size
  
  2KB
- MD5
  
  0e0bb9a2b805058314db514edd443a57
- SHA1
  
  e50c7d98992f549a61f5aadf602f3538798bfd30
- SHA256
  
  3572b5c2b96b24bed6bc9e2e1f6b3f3b4015aad7ae70aadf5659cb3b07b73ea3
- SHA512
  
  fbab7b2706970c98c5e6e4eb8b0bc6704b4cf995f5d1c2df3f3e8f344ba1d3d55b5243c356d0b1ddce1906129b9999925872d2ac3231a8d46f560d676b807493
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/edit.html
- Size
  
  6KB
- MD5
  
  2f62577ff5d0dfbe7fe543730c7b0132
- SHA1
  
  866193a1958747365ecb4ee6d41ea8df25ba1620
- SHA256
  
  879e4fd520d0a4d6f5d24706341e008aaf29aaaa8352f8d42f34569f029c3429
- SHA512
  
  d4e48b2efc0c62b2a017195996b7690b6ef36e8ef31515cab4e125da954606d3fd240043568d28e1e64f9decd0e66c19dfc2074f6fef66e3bb081193a5464d28
- SSDEEP
  
  96:CQPxJRAx97gmoz8Y5RXJABXsQCu2R+nEQsy5AbnbBD3JZUY+f3oWnDU:XgEzzNGBci03ZY3DnDU
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/edit1.html
- Size
  
  5KB
- MD5
  
  cf7d2ba41150099c212bd8ade4476ed4
- SHA1
  
  9a376812e97955fae90b3adf79cc6631dd252bb5
- SHA256
  
  f2f1784397e7708a4b1b8ff7d96c88ec22de150f11e08b1a003248a261e20bfe
- SHA512
  
  9b6143cfa8528c1cf0c16e649276b8fca8286b4f85791de7033ecf23e9959075caca8fe86ccd9cc81186cadaa197c0426bc1602620cc54fe791937c513e5214a
- SSDEEP
  
  96:xJAEKJMnHaQCPaQthZDvBsvJz/0CZ2RYnEQskagdrbxfDD3JC2UDePsev7NDIA0:4847LZVsv1kcd3chuhDZ0
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/index.html
- Size
  
  6KB
- MD5
  
  7cb4d4d627ec7a87ced18e1e070f041f
- SHA1
  
  15e65c5bf2b0ce607cc59615f53d975189e7ba7f
- SHA256
  
  d1f963ee966fa977196d1610d9b44d37aca7db9a9c0b2c0ae10afa24fd997f6e
- SHA512
  
  a4322a1c0ba6e78a14f7a9bd33ab51aa00e7e4ee9e1bf139be22a2cc60475bbc60ca2e68fb1090a7271fe5d9811b30ad76981178e361d33933a41d33bd90133a
- SSDEEP
  
  96:1jp7lA7MekDSMUSSIxl59vIRm59JLujSqeuu4dZuwOASwDKrIXYMFEkvvJWl1JSO:1d+7MekmaxVfujxOWD1vx0
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  thinkphp_2.1_full/Examples/Blog/Tpl/default/Blog/show.html
- Size
  
  6KB
- MD5
  
  c1059f6c6cb879aa0f3d0a70b0d0bed3
- SHA1
  
  380fa5be1b7c2245792c3de54c27b39be6b9ccb5
- SHA256
  
  83221d3fb7d9697ea371aed6243cdfb2d5241cd2e6f5abda0c454669aaae3b3a
- SHA512
  
  6418e748528d690d84b0d2cf3b258be7e245d109e81566c1ef6e6c6541d9fa28dfc0a3ac4927cd40ca8b5b027a81ad6b4876346fc0197f836d7caf8c3f372a17
- SSDEEP
  
  96:IxFG49ncgjJCMn9WIudibWqGICMF8kvvJWl118sQ:0olgf9WIlQOvGQ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32