1a7ff8b17d703d84698d653da808832d3d81b946c5ed606f0e3d4676c1bd99d6 | Triage

Sharing

General

Target

c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118
Size

576KB
Sample

240825-mcbx4syfqd
MD5

c085a92187e2c7d5fcdc82ed4668134f
SHA1

38aa9c6fde946645d57c6a4d48f7de005711e8c7
SHA256

1a7ff8b17d703d84698d653da808832d3d81b946c5ed606f0e3d4676c1bd99d6
SHA512

cbcfd3038838d4d63568873f6a6750ef27683a4f9271621a86f66b5feb86c725051dbacff2bdcb00ff664338b0a4165f519f011ef0d71a4302c5ffd222290276
SSDEEP

12288:CCy5tfAtuLEl0EccdMpwq6Fp/V2GjsxuNYtXoXHdbHRZ6U+SLfwyM5:YtotuLERcWMpBk/V2GoIOoXdbxZbfwJ5

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  c085a92187e2c7d5fcdc82ed4668134f_JaffaCakes118
- Size
  
  576KB
- MD5
  
  c085a92187e2c7d5fcdc82ed4668134f
- SHA1
  
  38aa9c6fde946645d57c6a4d48f7de005711e8c7
- SHA256
  
  1a7ff8b17d703d84698d653da808832d3d81b946c5ed606f0e3d4676c1bd99d6
- SHA512
  
  cbcfd3038838d4d63568873f6a6750ef27683a4f9271621a86f66b5feb86c725051dbacff2bdcb00ff664338b0a4165f519f011ef0d71a4302c5ffd222290276
- SSDEEP
  
  12288:CCy5tfAtuLEl0EccdMpwq6Fp/V2GjsxuNYtXoXHdbHRZ6U+SLfwyM5:YtotuLERcWMpBk/V2GoIOoXdbxZbfwJ5
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  107737e3282fefd85684f2fa3df6d1c3
- SHA1
  
  3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f
- SHA256
  
  21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0
- SHA512
  
  439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4
- SSDEEP
  
  192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0ae9c427fe7bbbbf1368c1c6d3933ae7
- SHA1
  
  c8e5131613302531c88512dada29a18886259268
- SHA256
  
  49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
- SHA512
  
  59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
- SSDEEP
  
  96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $R0
- Size
  
  40KB
- MD5
  
  09a21e6c8a44920e08fa2e30501db9dd
- SHA1
  
  c7d02fd58b831a1147aaa87308880b7ce53af29e
- SHA256
  
  ffdb14acce6181dc7519f8cea060596ce71eb0a338d9d8117c28348d8179b544
- SHA512
  
  1589743ea0201ce3e696f82424dd03c03352e536c2dc118a58ef061cd2de9b231d35b8c9cb4a4a478b525a882330562b93ac00fd620597776d7c5eeaf70e67d5
- SSDEEP
  
  384:1TrZ0Mflu6QOqtaOHbrZOx0z0WNus8+sKVW8RsXaR9JBwnVgYb+75f6HTlsbr+3B:1pT1cHbrZO+Tr8+VVxHjJBwnaPI7U
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $R2/NSIS.Library.RegTool.v2.$_10_.exe
- Size
  
  5KB
- MD5
  
  595941ca523e60cbda4c2e4aace8e877
- SHA1
  
  f3b8675db97ab5f691c489206b3549261e45be80
- SHA256
  
  09e5b0c00e91519d5cfff44dcff694fddb4d73035184b23e9edca239eaf17002
- SHA512
  
  f37d42916d7be3d53d74263e6a681d6670f9fdeff4bfe811cca2a742471f9aa53769760040a16a066bbba44f2e1d0271d72557c2296ab64bbbba67681f1dc7f6
- SSDEEP
  
  96:SFw199EdjXxf7FsS7bVs2ddqB4DDZH/6:/19CZfsS7bVbddqaHZH/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/CloudTool.exe
- Size
  
  36KB
- MD5
  
  a40faf9512cdbded5be40e9954a58ad1
- SHA1
  
  94e24873d2e1d9f33e159fb867bbf318540998dc
- SHA256
  
  fb4b443998ccf4c9a16770b8259185e1f587e96227391a2e0526615cf90b9d2f
- SHA512
  
  b84625080250cde14f3b3b7519ffbfdb1a13065d0a12685f192be9e391ac279d699e4c8584f7d36d30e2cabdff280f66e2cc5e112f49b04f1dcde46a9b0d44fe
- SSDEEP
  
  384:tfyS0F7rl+CdG8itsG7TG7S9Mye5ylRcS9Ebl:tfv0F7hJzibBu5s5ubl
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/LongRADrv.sys
- Size
  
  44KB
- MD5
  
  61147e537b3f1e6f165d19f1ea4cf0c1
- SHA1
  
  64be0510997747de088a785864232fd94a116ba9
- SHA256
  
  37b77535f3490309dff5ea5e1e5f4b603e2591e39eef23f0b4c4fa7f1f7c7f87
- SHA512
  
  2ce3db85a233f9f8ef9bafbe92e5e745018dc47e444b3746227c066ec5590c889e9cd081844d777cbe38960aac09b8b3c71b3a6e65d713e6b36683b5f2a75139
- SSDEEP
  
  768:1MnQXsXutS9fQfbXIL9KiUl2g+oj/Gdl1w/9C3kk4n6i:iQXEuIfQfbXE3s+eol1a6r
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/LongRADrv2K.sys
- Size
  
  51KB
- MD5
  
  c65336fbb6271f7325f31a9400460cb9
- SHA1
  
  aed3ebd06d9aa30be1b6d95b063cfe4cebdd6bd5
- SHA256
  
  b55d9302b58d68aa89430b19052d079c0d64891392bedb10b6d30658cf29192f
- SHA512
  
  cb8582ea02c42b43ad737091e51e93c6cc06fa1f04f8ef2e977af15c4712faae28d8768aa3e22041a02ca2beb6bf002beecda0ae118a587cd25bdad846b7bb66
- SSDEEP
  
  768:4UcmyMZqtP4N4YQbzbAA2GT0+fhGQK7MZzEdSbV:2myptq4YQbzsAFT1qgZYdSx
Score

1^/10
behavioral15 behavioral16
- Target
  
  7zxr.dll
- Size
  
  82KB
- MD5
  
  cbc8a718ff581e53d5e40f7859518c85
- SHA1
  
  ada53e9ebb60956699795859317dede6baed5750
- SHA256
  
  26dea35825ab01a6e05bc3405766ebb10ca57ee1cd300d76f9a53adc71b6457d
- SHA512
  
  96308f736d1dfb3bc3241a028f08ca7aa8551bfc7dc7f9190fb319f0f438d05721ef041924a12c47b917c5c29bb35ae286a5f367452237326f0060b2265cc935
- SSDEEP
  
  1536:UybbuP3exTJC1DOSxH/1cW1z/JwVQOld+5zB:hbYsdCtOSxH/Gg/JgtlA5zB
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  LongRADrv.sys
- Size
  
  44KB
- MD5
  
  61147e537b3f1e6f165d19f1ea4cf0c1
- SHA1
  
  64be0510997747de088a785864232fd94a116ba9
- SHA256
  
  37b77535f3490309dff5ea5e1e5f4b603e2591e39eef23f0b4c4fa7f1f7c7f87
- SHA512
  
  2ce3db85a233f9f8ef9bafbe92e5e745018dc47e444b3746227c066ec5590c889e9cd081844d777cbe38960aac09b8b3c71b3a6e65d713e6b36683b5f2a75139
- SSDEEP
  
  768:1MnQXsXutS9fQfbXIL9KiUl2g+oj/Gdl1w/9C3kk4n6i:iQXEuIfQfbXE3s+eol1a6r
Score

1^/10
behavioral19 behavioral20
- Target
  
  LongRADrv2K.sys
- Size
  
  51KB
- MD5
  
  c65336fbb6271f7325f31a9400460cb9
- SHA1
  
  aed3ebd06d9aa30be1b6d95b063cfe4cebdd6bd5
- SHA256
  
  b55d9302b58d68aa89430b19052d079c0d64891392bedb10b6d30658cf29192f
- SHA512
  
  cb8582ea02c42b43ad737091e51e93c6cc06fa1f04f8ef2e977af15c4712faae28d8768aa3e22041a02ca2beb6bf002beecda0ae118a587cd25bdad846b7bb66
- SSDEEP
  
  768:4UcmyMZqtP4N4YQbzbAA2GT0+fhGQK7MZzEdSbV:2myptq4YQbzsAFT1qgZYdSx
Score

1^/10
behavioral21 behavioral22
- Target
  
  LongRAShell.exe
- Size
  
  40KB
- MD5
  
  951e2e4cf2a02124b9c2b07889b69070
- SHA1
  
  5dec986582bff462162191bd0489068ed8b041f5
- SHA256
  
  c49acb045400d9fe1d3dc804a08d446a8ec6fb67bc59d61af26b2e9d71620bbc
- SHA512
  
  60a8dd2c16a86f019f13c74e46540435fdeb33f7a33a837ad4075aa97cf1b2a1ece7ccbe723e2c8b5df2c9543c2c10488169ed4b8707b2114b263e48cb86871e
- SSDEEP
  
  384:WgNMXSnwtVyhItD9aeGAgXR0wiBuCYt29ybugdqqXoDRrTDE+l1nNn7:Ww9wpDUnbh0nDYYXggqIRHw+ldt
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  cloud.exe
- Size
  
  1.6MB
- MD5
  
  c1c2bff6cae3c977bd12aa738e5d94bb
- SHA1
  
  a4879ad33ab64aaa71bd065a11c09c7fd8d7a092
- SHA256
  
  9b496f76a4d48ee00c40327bee48122106ea579a0fe64627757776a7260893af
- SHA512
  
  01be983720d02bae16ee4507a1ecb84dd5127b01b82283763974382fe42736edc026900c2e6725e1a0c0799c39d4b9bc8f8ff3c32316fe0500c87aa6ca984f7b
- SSDEEP
  
  24576:ZCufhQpMvdD23hfXe0Crnol+52JxUTHLjtHGHBa+:o24Ckl+52bijCn
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  mycompress.dll
- Size
  
  52KB
- MD5
  
  c6a64b6b7c1d2045694de5c04cb49b80
- SHA1
  
  9da72bcec3d341f6559cf2d6e48d152dda786092
- SHA256
  
  885de3a81c06289ec9c4c36816b56808b994dd5c14c6cc51df842a8545ed061d
- SHA512
  
  7e8d940c63dbc731824b1fc961f12cb6bdea663e948a84a5c380356766d9ced448c0ce7e5979c77c79330a383756a74c688d42cc1e6f4e4d0d498976ebd5cd6e
- SSDEEP
  
  768:Xhbn2x7fa3UuyYaYTSG5wKGkzwQa6ZtBAayiD1h:X52x7i3baYTSGdGkcCPciBh
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  76KB
- MD5
  
  6f3832b6e799df1eff3412230cb27186
- SHA1
  
  038fab84d662eb5ec0ee2e8876cfc76df0d664bc
- SHA256
  
  baa4d062e62105ee60d54206e7750ab57a52a83e353fedc4a9e3bc12ff33bb30
- SHA512
  
  c0d56863a151136ffd4543a11d4e6a25e0b2f05186aec016afe1febffef1c92155e3a700e678738cae14a86ac3658d644ab96f70c8cff0dccd7fa875aa6de46e
- SSDEEP
  
  1536:Cppal05FyuC/jL052PgFEla4ZJJcCakPohDcA+MnTj1QxJAkLS6pbjD8:Cp8l05FyX0mpa4ZJJc76A+1tLTpjo
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  LongRADrv.sys
- Size
  
  44KB
- MD5
  
  61147e537b3f1e6f165d19f1ea4cf0c1
- SHA1
  
  64be0510997747de088a785864232fd94a116ba9
- SHA256
  
  37b77535f3490309dff5ea5e1e5f4b603e2591e39eef23f0b4c4fa7f1f7c7f87
- SHA512
  
  2ce3db85a233f9f8ef9bafbe92e5e745018dc47e444b3746227c066ec5590c889e9cd081844d777cbe38960aac09b8b3c71b3a6e65d713e6b36683b5f2a75139
- SSDEEP
  
  768:1MnQXsXutS9fQfbXIL9KiUl2g+oj/Gdl1w/9C3kk4n6i:iQXEuIfQfbXE3s+eol1a6r
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32