d7ab3ed3394039b183ebf141e2f92fd6a224c0f45f06364ff4d3ec333f358f0b | Triage

Sharing

General

Target

b1e81a5bfa2da6e41bbf696c46a90623_JaffaCakes118
Size

1.1MB
Sample

240821-dscd5sxekc
MD5

b1e81a5bfa2da6e41bbf696c46a90623
SHA1

090b545ced82451ba55cdc13d50ddb5b1d72ea63
SHA256

d7ab3ed3394039b183ebf141e2f92fd6a224c0f45f06364ff4d3ec333f358f0b
SHA512

9e2d966355b07ead5ea59941ae0cd5a4e11d34b2d755e234a5701fe25be88d460e21e500b2265617cb8bba86855b388734ba400289353769877b2224f7d2255b
SSDEEP

24576:ZM2liJ40DqnYqcJPJtvNLoRbdLCrAbWHOBl2NnWxvuGS0NmtgP098:Z3ldWsLKVKdLCrAbWHg4pWoA3098

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  kwsafe/KwSAFE.exe
- Size
  
  209KB
- MD5
  
  1fa47f5b173cee5ef9c3ee1bda0c321e
- SHA1
  
  60ee40236f960affb01d569a32e1b05888bb081a
- SHA256
  
  b21526716068d2a8550780038e2b5ddb843d77890a07ec82ed9ce9dd0be52c64
- SHA512
  
  01f39376269a75510347fcf66ff2585b25d5e6e10e26b7feefa3af66e712a5f50c62bff6d40abee733e1ce965d17a2e443664838268eb7c7a2e36fc1c024224d
- SSDEEP
  
  3072:1nOgbwa//zAzLZ/hQvDRboZghqx3eRAlsHLJvDuA0OnGdyX3Ht0wGiWiKC:RjbwWrANOvFbUgAORAlsHLNsIXyc+C
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  kwsafe/kavifr.dll
- Size
  
  197KB
- MD5
  
  3d013544c93d05d19a33b4d35a99e1a2
- SHA1
  
  42942b12d52f9452fcc6e8824f517fc2e2f67ea0
- SHA256
  
  6cdf3ef39b7c1d22d43406de0eb2429d0dfaabcc92646f79012d89defa8805af
- SHA512
  
  08c0dfec1fee687873ea21d6c92add6c2e5835f53c0c330210f40e9c2ef6b1948ea08a78fc4a080926a392e8ce8e51a3834c6fd27904a2f1c01645dbd7499fb3
- SSDEEP
  
  3072:373qm5vsBhP21Ooxo7sv4YqLIpUJ2aQrWt3843QYNGtUfVSv:37qm50cdxJ4YLrS3HdSv
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  kwsafe/kavpass2.dll
- Size
  
  165KB
- MD5
  
  78e53de2b7d00ca1af1a7bce84d494e5
- SHA1
  
  90270b14c06174c701d030edfc37168708959b00
- SHA256
  
  501e4be039f7e84ed92de26ad11c8fd20fbb97465dd7ded4ce342f8fa0c844fc
- SHA512
  
  005269c8fbd4471bf02218de09381004178c76ce9f4af3227bd8affe3218d45ab93ae07b6c71cb3e459fbfefe13aa91b66a836c745c9ea93fe263118cd4ae51c
- SSDEEP
  
  1536:Vd9A9v63PCD31PvllRks5iy8ROh/yc3LCyzMpPaSxuXECDjsIHf19zEo1Vg2c8qW:bW86HlerUdcRxNC9zE6/GPtMd8FC
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  kwsafe/kswbc.dll
- Size
  
  497KB
- MD5
  
  76d1736f2bd7405598ddaa7146defdd4
- SHA1
  
  838be726d095c704d638fc84cf1d11c0a3a0426c
- SHA256
  
  159797ef8760f327cd64db646f0fa03e0ae4d504b6d4fcfe12da30a70a3c8ddf
- SHA512
  
  63d21847cc5110ee42a77fa4488cb32ac26a762b3fe7547092887bab429db9f48a54fe42a27690ce3c0fa5086b8b0a911cd0800ed3c355e3032a7c58ea932810
- SSDEEP
  
  6144:XStG9a3Ad5xTfoWKKlWb9Z7Fwtg/0lUE8WZwDuEKjqRDAsPpNcgmjvujnbj4:itG9a3AvKKlWbFwtU0OOwD7nDAap204
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  kwsafe/kswebshield.dll
- Size
  
  449KB
- MD5
  
  b7920fd7ce31eca3fc5ad858e0ce541b
- SHA1
  
  f701174c1600b3a133d43a55630141ef519430a0
- SHA256
  
  edc7885e9c6322b38eac89dc433f14a56000df62f7fc13286505292642e1e187
- SHA512
  
  0f53be79d33ef88c8bf09c2365f27d40dfb51242f7b471dc900e318c4daf6cb833aecae6d036411ad5b01e6cb3f2d0748df47fa5535cfe0267643742b7e227ab
- SSDEEP
  
  6144:/d+bO0PAhzqdzExWg3/QoUzjZfgJ17ZBmxa3xMtvQCvYcBuLXdofH:F+SjGdzEcg3Yoagz3StIvyH
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  kwsafe/kuientry.dll
- Size
  
  437KB
- MD5
  
  c1e1d16da40ff7203ddf6fcdf6db54d5
- SHA1
  
  feaa008c2618c05ce6671d653fd91cca34c3f53e
- SHA256
  
  50b9a242e73fc905ff7784289c57baabe7e979a5460ddf3d34f2d214206ba7d6
- SHA512
  
  b9771529f55f117ca7296d21cb57a69282774dafac0a24be70f95287386527befd5f144d80a7f6c747ed80e5402a0ac6c2073768c6d51c9c0f60b16009e9e7b9
- SSDEEP
  
  6144:DN2qZz3R9pppX0nQhTihgIOqu4GPh44sfmm5z/7cOq51/AANo80Vu:Bhz3Rpt0Qh51q8hKtB/7Lq51/Stu
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  kwsafe/kwsinst.exe
- Size
  
  397KB
- MD5
  
  bddcec35a4388569b054100d4103bd08
- SHA1
  
  aed577af4e9d56da92a787ceabf2ffdf54d5be83
- SHA256
  
  df408c05e00771d0ad695aa67be3949a6f30e76e0a4f8c1cd0b3a89c5020f410
- SHA512
  
  b39c2d3d2122480f631b4f3a2b42b32260e526fc818916d5a4a349f8c315b6011b18b25bd224e0eb6439b773ed46ead118e38a28b7c3c4b1e496c43994eeb2b4
- SSDEEP
  
  12288:PdGgXR7K0xngsaekRd4/clSyTN+w2HXvg1W4LWQ0K93:PwekRdxSkNAv0WeZn93
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  kwsafe/kwsmot.dll
- Size
  
  141KB
- MD5
  
  e5f92e3d204ee4a86fe3f14178eee7bd
- SHA1
  
  c4b7ed76f5db65894750585f29a271c5e5873bd5
- SHA256
  
  0c28a930530d404160ff77b937584d4b0c9e6ed66c320758298ccf5977e5f524
- SHA512
  
  8edb203ca463fecaaa1e6c4e9b11ddd2ae34bc5ec944165c488c418100f3dbc956dc2efcef4d010086581421dab91f43511ada5354ddb4d3a673167a12b4c94b
- SSDEEP
  
  3072:2AH+xZVC3VkWLAsmic2/S26WxEIfRt0pyvH0Jr:ExbDWDmRM6oMm0Jr
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  kwsafe/kwsow.dll
- Size
  
  505KB
- MD5
  
  ff3694e7a460aa7718fa76ca7f5c7e8d
- SHA1
  
  a9d6850cba54e0017bf9fd2089bd90ff9ee65f6a
- SHA256
  
  5bb44f72b6518c9b9a07b557373497376dd674d526f43d9f0a65fc3a25c7096d
- SHA512
  
  fb22856e11cba1f5e9d201d898aa7aa2ddde1c10740fc5798d3890bbcc7de0caa9afbac6152eb6ef337facefa02ec5fb36e900c4268610dbef96cffef7515c67
- SSDEEP
  
  3072:O4r2WuFrDwOozVLEPvcrdFreeP47myDOnvisZukwr73/oHc4yPAUnt5dS8mHcOx/:h2hFrDwRzKUhh6SasYnYU9SnPLxKr7f8
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  kwsafe/kwspop.dll
- Size
  
  345KB
- MD5
  
  8d1e0c7e88b91beb8eb7ddacd2cbbb8e
- SHA1
  
  f105cd51dbde71ff850c8ca3d28d2a0d894b8192
- SHA256
  
  ce040b21c34a6d61193c20ddaa40968106a07ea1be63eaf3ca9396b7e0168ee4
- SHA512
  
  5a59d6c5537abcee4eb57b660b23cbd7059726e4d92592ba0fd7e596ac0af8bfe1e0d325f0e0207d52192d610b2cabc876e0d6285cf6b6c87bced4f9156e9e4e
- SSDEEP
  
  6144:uBFAdOzmGlRFgyckQ9E4aRrGjcGo8xg0WQW:UmGlk59E4Yr+GGpW
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  kwsafe/kwssp.dll
- Size
  
  653KB
- MD5
  
  acb1dc8a49fa5909caf6c6f3c840b95a
- SHA1
  
  566c1789cc9454f459cac654da7134702723f64d
- SHA256
  
  4194e3d61ea41ee43a638995057c93b01bf6bb20ca7a8c3128eb914117ae85f9
- SHA512
  
  6de81f1d2b876ca15951e9ba856b5f92f895fe60cc4981ca9bbccdfd27cd9452d5e30d23c6e9aa60afe9e9576245a2c4bea5859c03f4165c1a67dd7b9d2e96c5
- SSDEEP
  
  12288:VPAim5SHctdYH7v2hO+bkS8fQoEpsOQy7eTmwHGXkVHX4Twlyt5Eh+:VAim5SHcrr1wHGXC9lyt5Eh+
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  kwsafe/kwstray.exe
- Size
  
  493KB
- MD5
  
  bb4c7818248c81bafdb8845d7513ee92
- SHA1
  
  167f9f60625ff20e0440294871e38192ddb68a32
- SHA256
  
  5054fcae31a265a1a7244166d2944dd842fa5fa7bd6153454a4f148ddf8bd9d7
- SHA512
  
  f5d9e75a225acd5424eef4f8a6146386ebbb36f480f02a104915e80b207c9a3e458d4de917ba398efa0a7d84d56db288e6751fb05357a2cdf89092d0cdec1b6f
- SSDEEP
  
  6144:3+KV6GsjXkvWkSlDc472hYlnoGbK/jdAdiMoi9KC1:3+KoGsjXkvWLNeheoGEAMO/1
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  kwsafe/kwsui.dll
- Size
  
  457KB
- MD5
  
  483362a7cc8a69a84a564df85ae96ec5
- SHA1
  
  151c577c24e52c04b2fb6bfeecfa879ad1ae9d17
- SHA256
  
  2506ac38a2161453b553ddbb9bb6ae69521331a0629d3cd3466b02928e16ef49
- SHA512
  
  555f2e56c01a74ba96d3230aad3c835ea7f9f4dc80152f119805ab052d2b05c1ef0a9f6024c8aeadb0b8b166679f94cadb328df9468530daf47a64017a6a932b
- SSDEEP
  
  6144:jvEWvgwq6vKZTQYqvNJaVk93lzCoN2w5dgVquJ5z7DBWePn:RDq6vKZTQYzkJlVj5YqWz71n
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  kwsafe/kxestat.dll
- Size
  
  260KB
- MD5
  
  48d0fa094f89e9b5e5e7f9f1152bf554
- SHA1
  
  735acb8ce80acc29714d309a8e47b0be09a1ed0a
- SHA256
  
  52cab7838c7014af600b94d640f4a95b6c9c8f4e18ce29d212b2a02feaf38759
- SHA512
  
  ac9e5a61fcd3837f335d506d8e2f19fffade04f8f60b12fe8e7582a167ac595dca8b5c06d265e670334e6e6ae148b816d8828b2b35b7716b33416fcaf502fa19
- SSDEEP
  
  3072:fZ4x3DGS0OO4r6vIFqg7/UyCr9/D4E/0PB/KTBftay7t6eDmigDB3:f4DL0RsqZr9L4EcPQTBlaykew3
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28