91b58b58645401d748ffbca177d56f705ddd981b79ff1758c7666590beaa228e | Triage

Sharing

General

Target

ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118
Size

4.2MB
Sample

240819-y7pcgatglf
MD5

ac7491531e15debeebb17a0fa830e3a5
SHA1

a81d261b50d41525cc5c751fb3e5074df7754962
SHA256

91b58b58645401d748ffbca177d56f705ddd981b79ff1758c7666590beaa228e
SHA512

51fa2115994302af955ff06b441a803e440e3cadd95386ab523e47c59e13099b242efd64a8105f9e875efb726cd32da0f056f8c335d18fd3c18a4c060c4869c3
SSDEEP

98304:RDe9IQTL3ErasIKsVwb369Qsw/XmlTfuE6JJzz62QAfQ2S:RYIM3E2sI3+b369QswelTmpjz2jArS

Score

7^/10

discovery evasion trojan upx

Malware Config

Targets

- Target
  
  ac7491531e15debeebb17a0fa830e3a5_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  ac7491531e15debeebb17a0fa830e3a5
- SHA1
  
  a81d261b50d41525cc5c751fb3e5074df7754962
- SHA256
  
  91b58b58645401d748ffbca177d56f705ddd981b79ff1758c7666590beaa228e
- SHA512
  
  51fa2115994302af955ff06b441a803e440e3cadd95386ab523e47c59e13099b242efd64a8105f9e875efb726cd32da0f056f8c335d18fd3c18a4c060c4869c3
- SSDEEP
  
  98304:RDe9IQTL3ErasIKsVwb369Qsw/XmlTfuE6JJzz62QAfQ2S:RYIM3E2sI3+b369QswelTmpjz2jArS
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsSCM.dll
- Size
  
  5KB
- MD5
  
  62efa7b730eb0523a026ea4325403b77
- SHA1
  
  806ed3bd677ccf5d9817c9b464015e347f2c8f3c
- SHA256
  
  0b96456e8cf6b3e582388d3e530c73ce9121974381d51e5a21cd945c75fd2a38
- SHA512
  
  748237582e1c25655cf512ec6b1a2f9ad59b3a0da2c3cada535f202dcc66e068ab3bb3be34016f944a4a4fae71a16aea12f9725fe9f679b3fd1073639e31033b
- SSDEEP
  
  96:tqlcg4xFj0Gm+dqJ8tMQluPF/KSEmkpY0Qe1pe:tqlcg43jZRA4Jlpp5Q6e
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $_3_/CrashRpt.dll.tmp
- Size
  
  175KB
- MD5
  
  e074a031d0fec2aec9cbc2867c767fdb
- SHA1
  
  65d1704f6c2cf8795b2bc886b49e8a4bc8ac0020
- SHA256
  
  12a6e5239caf7249d7c7e6445c94e5f055298c78443ade594654dfb7a57f3d14
- SHA512
  
  3ee8a53796b801c163b27cf34937467f4773711c489e0d809783e647a10be632170a30233053a8c1f0401da4e2d0d23edd2815224ad83a0a4b3cc682c1fb73f8
- SSDEEP
  
  3072:oz5Up2vNRcT6+LOxFJjWyaFAFB8sm6AEkhTBfRwwF5PUVZ:oNG21RcTjixnG2b8s8EkhTBJXXU
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $_3_/EQCommUI.dll.tmp
- Size
  
  42KB
- MD5
  
  c936b2283718130e942cc205ac05127c
- SHA1
  
  41bb25a743d1525ea30a0b9a53b039068f0c60be
- SHA256
  
  5fdc8e6ffe993719ad02a72b03d3bac2a8a5b58fb53f0aa01b0fb8499b16e087
- SHA512
  
  d2940a76f32137814222d57cd4a732f04c1d1019a215fab7ebedf4fc41583c711a8d60bb42f75e97fe0106a7c5d912f240bd64fb72ff08bd539b854fad20da58
- SSDEEP
  
  768:euGtP1/eNhRYEl6YhLlClh01GzoMRQlQB:7G5mXYAhLxGJRQlQB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $_3_/EQSandBox.exe.tmp
- Size
  
  275KB
- MD5
  
  833db4e520615774ecf74ed2a66e4231
- SHA1
  
  15f5a95f51d35f745e7197057ffcdc2dd2c746bc
- SHA256
  
  fb4ddb856d79c923dd64e70b62457e9f9c66946e4581f8d04b85fedae8636f84
- SHA512
  
  5f4216efc6104fc05aa891d19aa424f5fdad02f8418752d7945c58bbf4f8bc542f77c613d0c85d8c7533e6d1bb20c49fb2125ea1c9d6a9d5d8aa1c6fd68e0bd0
- SSDEEP
  
  6144:slWZDPn0nHe7tSZoJSqKuVZ+21bHvjaY7/1oISz81JbBaDuviCAQP3J:wusnvZocqRT/n79oISz0fCuvrPP3J
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  $_3_/EQSandBoxUI.dll.tmp
- Size
  
  684KB
- MD5
  
  b1c729eb3d8846f624fcbfccbf196cd1
- SHA1
  
  a515da339ab04d6f444d197be6501066b7d1ca5d
- SHA256
  
  57e93f59fefd3a8dee8a265b8efa81ca4270ffb7c9550407ef37f02b726e24b6
- SHA512
  
  8c44e004ccdf68c7887836c1a686378187fba71333251347e4e1852e7a454c7bd2541cc6f581518c2fb5db7e81afd758be71ebf7471f69e478d69701719a18f0
- SSDEEP
  
  12288:RNzU8QHPhECBMp2txYsak6c46G9JJSio7EdfaKu9Rv0ar5006PK7Ttl+jd/Xf+5B:TQv+uMMtxtdio7EdfaZ9Rv0ar5006PK3
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $_3_/EQService.exe.tmp
- Size
  
  1.5MB
- MD5
  
  d4c15a3695bfa88d858a4e047457b20d
- SHA1
  
  bfc7507aa363c6ddd630ff44ed46143fbd8318b8
- SHA256
  
  3a29b6da9bd92b40986723fc90030f67c7a039c7ec35d0351d306e66771ed771
- SHA512
  
  f5bfc843ee10d53f7b4f22c32a83c8c361752c88cb1505933b8406cbdc2c77d6cd154746758aad1f0ec4da09314927e63d9cbfc5e8e38bfb964eb2d5503f94c1
- SSDEEP
  
  49152:PxYeZuYhIvt0tfulwfOIIKGdIxBZHaRS2Wk84Mu+oBFH+/NpaHrugpmpcpyHUHuq:PKeZuYhIvt0tf9fEdIxBR+KOJ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $_3_/EQShellUI.dll.tmp
- Size
  
  887KB
- MD5
  
  34565747f024ea74131bd5dfff032f0c
- SHA1
  
  d57b74e6e8c601f1e5b16db31ab4e02358ee65cc
- SHA256
  
  d95cf1b324c353aa239883e6b9164dd7dbc320d87b3970cf3e0e024f776f7cb9
- SHA512
  
  a60287c30e65960c8b90510d307dc3279de2c7373e1b6b37c85e8c259e69ba68a58c62a0757b50f7c5e8175df7c2dd566cc862e2fbf2c893400dbf2f2e8124f9
- SSDEEP
  
  24576:S1IAtAy4VV9OpN1PZtxgVZZsuGgoPgJmPcCGU2mQmcVN9hNiwYv0dy5006PK7Etv:pSAHtqZtxgVZZsuGgoPgJmP9MHJYv0dR
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $_3_/EQSysSecure.exe.tmp
- Size
  
  2.4MB
- MD5
  
  9f8d811900820f300ae1a37281d52ab8
- SHA1
  
  3328b977f93a444fc6945752e5cf5b1d430e057a
- SHA256
  
  fa67a929636e2a76f2754bf4747d4de3da7416d6d7ccf30538685c5caf9b1fdc
- SHA512
  
  cc4cf22692f4c05a37378346379d5c41b70e49dc7d7ea3032d88ec796d1ea1d80d1e101cb510347f8d7a7d4be59553e9b9b30b7295b9d4d531f12ff1cce857ee
- SSDEEP
  
  49152:x6Q+SIJW2qMPzlgKEJI0UGQwS+uB5aamD5nryb1UlZEVtRgyx:vdocMhgM0LQ5+CEa6nmKrE6
Score

7^/10

discovery evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21 behavioral22
- Target
  
  $_3_/EQUpdate.exe.tmp
- Size
  
  92KB
- MD5
  
  654cee1e0497742a2f8da58974bd4aea
- SHA1
  
  0cd4562a3be48c48f70c720f288e384393ed87e0
- SHA256
  
  1d3ace249f01f40da812c429d4cb7aeb05bbb1d126c900437c350628d4aeb73a
- SHA512
  
  a1bcce760a581eaba497dc3f121df65bee285ea882064247199b57c6ea1346810baa9ec9fb920f4afbf5c0e6b81f930c73ecb67bcb3573d69e97c84cc24ab576
- SSDEEP
  
  1536:ZPbOMLisr3Pvwk69+SRQbOD9g2AntPkZIuxS2mDN07+5MhgHWDcyhfACohwY+dgq:b3PH69+SdqCIuxS2WNfMaipACohjq
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  $_3_/dbghelp.dll.tmp
- Size
  
  625KB
- MD5
  
  28d3e1f32742ca36974120b49e2b9dc2
- SHA1
  
  e41bae05eb8dbee819ac1f0c597b8184aeddd5f7
- SHA256
  
  0b89fe61039a347f13939c3c3e01cf7feccd62ee556b9e5c84f3d7a223fc5391
- SHA512
  
  a27bad061bc9d420713d452e72b9ccebafb1baf589138652bb06dc0a582c92820d1aaa4683975f4d5100f17833811edce9ecba645fce13e018e38aba1bc25ef7
- SSDEEP
  
  12288:M0BSfTnCPjjcLctBHcKPEGCR38w4HPWpeFAdiGxoYtAG:M0BynWjjcLqB8KPEGCR38w4HPWW6oYt7
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $_3_/lang/$_3_/uninst.exe
- Size
  
  53KB
- MD5
  
  5e10579833b961c744d22bba1f4bfd48
- SHA1
  
  99eb27719ab9e7d77ab23a69cd50d024136b1ac3
- SHA256
  
  f7291904d1b405d92afebecf1592554170feca1796d48d8ecf136cb4d243917e
- SHA512
  
  3cfcc83a328b34c9ca81ba9450046cb6bcbc9bbd11b469db5d7cb35323a42a56d41875c6a8f6d4d2d31c6a44bab7e5cc2086fa9a8056465db89d1dcad785c47c
- SSDEEP
  
  768:UMEFP4CyxRyQR4Dk1b+/JwwXVPYwitff/ff6FS6sekJfxGsz35A+TO5njpJGe0Y4:ePJc2WCMNv0kJfQ45AoO1rGe0YvQ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/nsSCM.dll
- Size
  
  5KB
- MD5
  
  62efa7b730eb0523a026ea4325403b77
- SHA1
  
  806ed3bd677ccf5d9817c9b464015e347f2c8f3c
- SHA256
  
  0b96456e8cf6b3e582388d3e530c73ce9121974381d51e5a21cd945c75fd2a38
- SHA512
  
  748237582e1c25655cf512ec6b1a2f9ad59b3a0da2c3cada535f202dcc66e068ab3bb3be34016f944a4a4fae71a16aea12f9725fe9f679b3fd1073639e31033b
- SSDEEP
  
  96:tqlcg4xFj0Gm+dqJ8tMQluPF/KSEmkpY0Qe1pe:tqlcg43jZRA4Jlpp5Q6e
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoveryevasiontrojan

behavioral22

discoveryevasiontrojan

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30