c5987d44c0bc189124f6924e3e2380f606acb42ce4834b35e7ed20cf43b50338 | Triage

Sharing

General

Target

bb446d7d4048c3a3d0024fed62170bce_JaffaCakes118
Size

2.0MB
Sample

240823-lz3hxazeln
MD5

bb446d7d4048c3a3d0024fed62170bce
SHA1

c8d535488a93726405addabef43fbb129fd77e27
SHA256

c5987d44c0bc189124f6924e3e2380f606acb42ce4834b35e7ed20cf43b50338
SHA512

6432aea483a21b30a2ed029fbb0e55ea007e58f77e5c843630b3e3c91b35cd90871e75a7b87c382a3be8ff5bd13b163903194066069b7b39bd17c031ec9011bc
SSDEEP

49152:aQJXsq/tgD5UQ78kfc/vdnyf3KtlEnFFNsji/qZ:rNs0tK5L8kSh4EunNsj/

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  NShutClt.exe
- Size
  
  1.6MB
- MD5
  
  155d6948efaf08ee665d9e788c5f3939
- SHA1
  
  9df8e5818d2be8948be472639e06ddb57dcfa8f7
- SHA256
  
  611ea65dd5783b9db53825ce44e20ae8b96a2411ffdd38325a4b2c4a69bbf7c5
- SHA512
  
  e0c3cd63ba2419cce4937f3ef8c3eb3a7e8a3ba9af6b15bc120d2b479121382252845697224e77145bf4d50367523a4f4b234dad0da4b57c5f364f3216431168
- SSDEEP
  
  24576:pMt7M+GutmHlxeozO2aFcVr+YuajEVmkKxTWtUWO+MZkXOzoWJOfJox+:GrGu4HGo7r+WYb/tzO+GkXVWJoJa+
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  79be350c8381293abb045bbd2a7b5f0a
- SHA1
  
  0b4e6d482cae461e36c2b47661ef586545162e23
- SHA256
  
  3091623495d6e81bc0aa9182a55b0f93d3b2238102a44fd66943e46ed7eeaf51
- SHA512
  
  1d39bc13f2825bb4aee5832bc5c60603b62b3475e0075028a146981764e6796e68fdd752627f37f8bb198dcfce5a62efb6a6283366fc4874a8915008aa0a4c28
- SSDEEP
  
  192:/6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTSK72dwF7dBdcQOz:/6JaVh4I5rpPbTS+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  cb814a4c1dee60973379e6c3c9386777
- SHA1
  
  34cfe1505f1d366f097ec1bc1e45702d545d9fa5
- SHA256
  
  eaaac5d639a5371c27af960463380db9c6aa7c4656fc2523b6743436c72ecc18
- SHA512
  
  be562bb4b4b00bc2343bde83b9c4f5bf7e2938c7af0ee069c2dabe8ad5681676efb05482ec0531faf6c19f7771e8b118ceda7dbc2b28c14d375875d1046ca244
- SSDEEP
  
  96:Z+kBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tOGhEl5VN:Z+0epxPE1r8/FtmCDtdg5v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NShutClt/BaseRun.dll
- Size
  
  21KB
- MD5
  
  baf1f8c93c326d026a4ce7ad67ad90bd
- SHA1
  
  4845f4b38e8968b46741b521df43acb7d539cd48
- SHA256
  
  9e1a449025ed3cd009797ff1283cb71d797bbf636f7ccbe33b294dd8becf207d
- SHA512
  
  1812ae7f76fb2a83678f1cfb6e280f38200cc95de7a102a4b463cadc1683019bb3eafe933b8b92ca67db0d90f86239cc6ef9534f6d3dc5ad345048629dfdac59
- SSDEEP
  
  384:/JXgo8oM9/wOwogRMS4e9kZM456knzknOgONQLjXMopZwLLNOt/4rAMByRLZ:6oIPSsn2PxvXMsZwLhOtwUMByb
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  NShutClt/MsgBlkMgr.dll
- Size
  
  87KB
- MD5
  
  80c6eeeb507aa3c88ee9d75dc3e26a5b
- SHA1
  
  bc5a6c6479b5002f806a4bc322172cc8f36ce24e
- SHA256
  
  bed3fba27a8210d985269cb8aaa83c466783280ecf05be31b56d7a9a51d630cb
- SHA512
  
  6d9f3a5c232b05e0a48ac9e280ab1561fd21b942eb4319b23d44ae0811c0ccf1357a5b1ba8f1fa5eb8638d6c458c420f29794e4c3593f74cb9866f712371d592
- SSDEEP
  
  1536:FsqOiYe+R8Z4nXy+tWX3MXx7UYRN/O0mA5tKAy:FsqOiYZ8MX9WX3uUYDO0758Ay
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  NShutClt/NShutClt.exe
- Size
  
  264KB
- MD5
  
  59b99ab3a4104d36d70647903cf8c4bb
- SHA1
  
  cc5d648ab608108ae676ad22cece6257ce91c2df
- SHA256
  
  2cc654d37ea84e7caef4e9c479779d202432b187327c66d3fce36ddc96e8ddc5
- SHA512
  
  f1b544a448f13e92451cf60cbd6c2e9031dd31958ef3ad220acb54d7b26adfc3061d308fc7ce9fa111016e6f10ad5ee4e7a1c79cdc966f154b159adaf10b2b0a
- SSDEEP
  
  6144:Ue8RSsvMkD+43Zfb1ftQBrgbKbM6HZZpV3OkqW7NNZY8:j2SsvTfJfSGKtHZZLNNZv
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  NShutClt/NShutProc.dll
- Size
  
  43KB
- MD5
  
  c2a29acd297168bde37128c83a73198c
- SHA1
  
  db828b67177184a011fc58ef22bf5d1bb2f84ab4
- SHA256
  
  c0513ad8fb92f7a06ae8929414054cd961bc25a1905bdb5ce2e0342456c2294d
- SHA512
  
  9e85589c19c3a264e793f89668730d599036ff64253ce7d905a8e59013e2a350f8e37c712ed65227bc8b8c8c9cbeb5953e80d4a4683f4316b53280a760044e66
- SSDEEP
  
  768:EyNocmTQefv69eCj2/wZvsolxast7017FUTMRvgDMEz:EyNnen64/wZvnakCxnRvgDMEz
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  NShutClt/NsdDrvMgr.dll
- Size
  
  74KB
- MD5
  
  bc95efdf1bb58114272d8c228b78926b
- SHA1
  
  e098918a10b5cd08effa35c6faf5747e813bec27
- SHA256
  
  619669d94f1f0c76e0fa3b8d34819eff7f665d1c93c6bf74f23aa60090b6d65c
- SHA512
  
  dc070405a8cabd7752cbdcd83df8b0fcd13fdf83fbc81369ad95b030730ec4a9fdb7d56bf8838ded670712edcdd7a163f5a858e298d850431dbe43f6e0333397
- SSDEEP
  
  1536:wHDLjFneGMhmiiywrLSFZzevVcHyGXeHYo6ENIoooy0NOtez6Zm33Rj7Wceb1F:wjLpneGMtHZ9Tpo6EN/vOtbZb1F
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  NShutClt/SysInfoMgr.dll
- Size
  
  80KB
- MD5
  
  0ec3444db0152a1fcb9b3be0cc2a5803
- SHA1
  
  5e63c6e0d734cead68d2c03079fcd85333538029
- SHA256
  
  4b92181d3b6fb4ab66a3446bdc5984e6fbd2542c8af1ef76be9d4e5356fc21f8
- SHA512
  
  c7e2a954e1dfd82794172b282869d007f93773f2fac586f30ac28f6d3bbca788edeed1686c1e9b24b01c8a5ceabf905c8c748a18d771d6dc1bd60f92de61f18d
- SSDEEP
  
  1536:0SfuSiYyvwSNRxkQDxy0/CqFZcfd3yoTsLe3nC61B+l1kl9mZyLNOt2o9y1a:R1EvwSzxkQpZNwKaC61Bskl90QOtry1a
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  NShutClt/Task.dll
- Size
  
  86KB
- MD5
  
  a0c560109ce8e33e1be1c17f9e330333
- SHA1
  
  734b89ae7ff4ac33b80939e4fdd769df69146ec4
- SHA256
  
  96e16cd051ebf252f141b57101f52cae76ec4067030fb6b48dcfc1d06b5ce01c
- SHA512
  
  3ebd4d6b0c6d6847c8bf2487bf871ea93738abad37e6aed0704814bd505daaa00ac1742bbc9f95ada3504c0a4d3bcb2e23e0b359504b338918a04bb622ea239b
- SSDEEP
  
  1536:niptvOx2vcNxLjpY8wZJkHlgn9r5ml5BVt7+rvHr:nigNx0Zqg9du5Bj+rvH
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  NShutClt/YtNShtDnw.sys
- Size
  
  5KB
- MD5
  
  9ad70bad79fe50c05fc3bdb4d03e1c9c
- SHA1
  
  de053e964ef49816414b64cd2a3318aa5a1aac33
- SHA256
  
  eb0c5087567e18fa4d0a80b06f7316234eb39b186838bc6de287b40010adcee3
- SHA512
  
  274aa5fe2ab664943c4aaf138e394a7f4f0a464714a6abbb6c00ffeb4ea599172fbc019b392f83a2b0e894ebb0e1d6de00d6106b80be076168508fe8e7198160
- SSDEEP
  
  48:is2zqLhmTE9iBR6F06B/fyEs4097gxsgbIlJq42THJq420R/0khjm2pVXdFC5J0k:IAqt6FvB/fyR4mg/PPWkxHBYnZqceZyh
Score

1^/10
behavioral21 behavioral22
- Target
  
  NShutClt/YtUpAst.exe
- Size
  
  56KB
- MD5
  
  31c8cb6f4edae5e434f2d41465211055
- SHA1
  
  4de870a99377da7dd3660a427dbdecbfc71b4383
- SHA256
  
  8c61fac71e9b8c702cc52b9c35969b04660e9a92741b9ff240f30d29172787e5
- SHA512
  
  5657b09f7d519c9178e572f81922a797580541919e8c14c49ad38b1b6acf32a571fa11a5657d92b28cb99247e0432ee0a05975779d7c3b34a44c8c538b9d060c
- SSDEEP
  
  768:wuP6IA4aeqk3/1FWSItBdaWszo5u3NSnvQoUBOz+oVUrWggGG4bTn6vw:digaTktMSLzMu3NTomOirPgL4bT6vw
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  NShutClt/import/abase.dll
- Size
  
  4KB
- MD5
  
  b9f10040d6c43f55f294f594cb9c5230
- SHA1
  
  3c616581340266a3f2193f5f2c0ce8dc61e8fdc2
- SHA256
  
  32bb0ec82bfcac1ec4c762ff92fc45d7241be7a432ffb6d65a847da0181f852a
- SHA512
  
  ace45baddc8182ed806796d1bf770fc1d845234b48eb9ba1912cda8d58251db3ef90cf43a0e60afe071c5d6f6446da6920b1a0bfe0e1bbb19cd4453ba12df0e8
- SSDEEP
  
  96:z//PZxjt7jPzmAsJOHR1DQnum0QZTACBH6bnISPmJr0/E0:XBjPzmLJOHR1DmuFiTbBH6mJQr
Score

1^/10
behavioral25 behavioral26
- Target
  
  NShutClt/import/dbase.dll
- Size
  
  1KB
- MD5
  
  9853519d55fe819077d1b78269728d1e
- SHA1
  
  b486f6fa721416b6b5317ecaaefa38747695f64a
- SHA256
  
  cf1025caa53cb333a955c3c19cb1739e9f7233ce5fd5b5f1cf17b10051c8cad4
- SHA512
  
  454a5dbcc7f79231deb2b7e3163258f87ea034a8c9f8569d725d891abe305926ba80da9ed7e2d8bc056c56d4fd43777e760941fd34344e1c6cddc8b950843b6c
Score

1^/10
behavioral27 behavioral28
- Target
  
  NShutClt/mfc90.dll
- Size
  
  1.1MB
- MD5
  
  462ddcc5eb88f34aed991416f8e354b2
- SHA1
  
  6f4dbb36a8e7e594e12a2a9ed4b71af0faa762c1
- SHA256
  
  287bd98054c5d2c4126298ee50a2633edc745bc76a1ce04e980f3ecc577ce943
- SHA512
  
  35d21e545ce6436f5e70851e0665193bb1c696f61161145c92025a090d09e08f28272cbf1e271ff62ff31862544025290e22b15a7acde1aea655560300efe1ec
- SSDEEP
  
  24576:HMh/PZa3TrShmbjRbf/zxUK4BpifCqY5TcB2sQL+XmDOl:HMh/PZa3HTjtFUKwhqY5TcyL+XmE
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  NShutClt/msvcp90.dll
- Size
  
  555KB
- MD5
  
  6de5c66e434a9c1729575763d891c6c2
- SHA1
  
  a230e64e0a5830544a25890f70ce9c9296245945
- SHA256
  
  4f7ed27b532888ce72b96e52952073eab2354160d1156924489054b7fa9b0b1a
- SHA512
  
  27ec83ee49b752a31a9469e17104ed039d74919a103b625a9250ac2d4d8b8601034d8b3e2fa87aadbafbdb89b01c1152943e8f9a470293cc7d62c2eefa389d2c
- SSDEEP
  
  12288:iUmYoJC//83zMHZg7/yToyvYXO84hUgiW6QR7t5C3Ooc8SHkC2eRZRzS:iUmYoO83W0y8yeO8L3Ooc8SHkC2e8
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32