1a1b3d764d921db37f2d3e0af830209ce8006d62b60518523cc199b19210c937 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8d0c9d6ecf3d30e19df23e4fc38c877_JaffaCakes118
Size

1013KB
Sample

240829-pmnqrs1fkb
MD5

c8d0c9d6ecf3d30e19df23e4fc38c877
SHA1

ebc2656058329f629e176f716acc66e954393dcc
SHA256

1a1b3d764d921db37f2d3e0af830209ce8006d62b60518523cc199b19210c937
SHA512

fc5fa91f6cd9c5a5a7a49852004a08ac9c40351f31b43a9c3662c88e740f235cc73adb9e1ca6fb32acc844863694ed7f5af04b8b56d588417502a9db8aaa28e9
SSDEEP

24576:iFNami7QV9najBwcBt+mYW1B7seCkDNj/nb+JarXVXsrp:iFfFnYBt51B7sdKNj/nbw8Mp

Score

7^/10

defense_evasion discovery evasion trojan

Malware Config

Targets

- Target
  
  readme.url
- Size
  
  328B
- MD5
  
  63ce37659e34f6542d31a4bc64ec19e5
- SHA1
  
  31938110d10a8ebce18ce02d1ebaca0e344a797c
- SHA256
  
  36dcd2cc9ef2a279014b4f85915100f62d36bd0c2cf439638d4ce0e9c18cc2ff
- SHA512
  
  39dc956c870a2bd80786dd215b503e5f22a1259bb858ff37ae601cb11d425afd5304e6472512c99afcb98569f08990e1d03df5e3d392ec484b1a98dd3f7b86e2
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  wuzhipiSetup_zz.exe
- Size
  
  1.3MB
- MD5
  
  b304a660f426411983cb9107e03369f4
- SHA1
  
  55223fe9b364710f924c2a1db301395260bae7d0
- SHA256
  
  f3eb69361c430b41863940b66bb99c204ba8fa5192da66bfa2d7a763293ea007
- SHA512
  
  98774eda0ccc5a7a014d2a97c0879e1aa1a1fe6b97d05c32eba0a2e9898c35407eca72aa565698109e0847b21e3d0ed0052526464e3ec5b91e8bf154ca0b50bb
- SSDEEP
  
  24576:HMGW6i7Ql9nwvB8GDt+gEALJN6eCk1Rj/dn+derXJXsBe:sGvRneDtFLJN6deRj/dnCg4e
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral3 behavioral4
- Target
  
  下载王www.xzking.com.url
- Size
  
  302B
- MD5
  
  f6069f943715d9a180c3d138647cff0f
- SHA1
  
  d11eac1bcc2bd7ec49c3640063c5e378cd3c83fd
- SHA256
  
  5315aa654483ecb41f08131f411397c4c9629c0a01820c1dc1b5fba2ead4eb18
- SHA512
  
  96985ea678c97cff36f6258e0bb08bc1bca10a7f9cc4c6f27941dfed668795caca5bfaacf7939d608f50a234ab2954f98f00a5b1ecdb260adb9851e8cc924b76
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

behavioral3

defense_evasiondiscovery

behavioral4

defense_evasiondiscovery

behavioral5

behavioral6