Overview

overview

3

Static

static

1

so/admin.asp

windows7-x64

3

so/admin.asp

windows10-2004-x64

3

so/baidugoogle.asp

windows7-x64

3

so/baidugoogle.asp

windows10-2004-x64

3

so/big5.asp

windows7-x64

3

so/big5.asp

windows10-2004-x64

3

so/blank.asp

windows7-x64

3

so/blank.asp

windows10-2004-x64

3

so/client.vbs

windows7-x64

1

so/client.vbs

windows10-2004-x64

1

so/config.vbs

windows7-x64

1

so/config.vbs

windows10-2004-x64

1

so/data/zxsoudata.asp

windows7-x64

3

so/data/zxsoudata.asp

windows10-2004-x64

3

so/festival.asp

windows7-x64

3

so/festival.asp

windows10-2004-x64

3

so/frame/middle.html

windows7-x64

3

so/frame/middle.html

windows10-2004-x64

3

so/gbtoutf8.asp

windows7-x64

3

so/gbtoutf8.asp

windows10-2004-x64

3

so/getcode.asp

windows7-x64

3

so/getcode.asp

windows10-2004-x64

3

so/index.asp

windows7-x64

3

so/index.asp

windows10-2004-x64

3

so/js/change.js

windows7-x64

3

so/js/change.js

windows10-2004-x64

3

so/js/getc...pic.js

windows7-x64

3

so/js/getc...pic.js

windows10-2004-x64

3

so/js/hwinput.js

windows7-x64

3

so/js/hwinput.js

windows10-2004-x64

3

so/js/qqinput.js

windows7-x64

3

so/js/qqinput.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    caa389898c9f3b68feb35b509392ada7_JaffaCakes118

  • Size

    143KB

  • Sample

    240830-ma536szglp

  • MD5

    caa389898c9f3b68feb35b509392ada7

  • SHA1

    ecd7c79449ca03ae91433e8bd9deb406f11bc766

  • SHA256

    e3a1b629fab490004ea7807a89a123cf9e2016640174809808920325300022e0

  • SHA512

    c16e419b1dc5c76054a0dc851897133d049a88996ac3d53f1bd121886f50f4e1b4d63ff188fde90d77efca90d412d7002229e7ca577ec2aadbb93887d5dd061d

  • SSDEEP

    3072:aoaBXHm62xw+HrwFXLxd3monOY+tgk4Ju45kUTo/3:aZBXGLPLwRzSOJuGknf

Score
3/10
discoveryexecution

Malware Config

Targets

    • Target

      so/admin.asp

    • Size

      27KB

    • MD5

      2fafe76ba34b51866be127841b38d1f7

    • SHA1

      04b622912d64dcfa7feaf8adc85bb2692cfce132

    • SHA256

      c8b27e6774b176a204b511e941e7ba00f99cf48699b9fe6c400cbd439dce4e4d

    • SHA512

      aabafcbfb7026570e09987a0a79ac71cad9b7a3824844fe96b5ae3b3e13b3992b82b49c53751a75ea5a2c454aeef9c78048ef15426b3e1df1ec8e975985459a7

    • SSDEEP

      768:Pi2IEQSOu2GqDHty+y3Onu8dbQWSw1RoLNfeIvbKR+2midkpDxPywhqa9FKKSnb5:PVIEQSn2GqDHty+y3Onu8dbQWSw1RoLe

    Score
    3/10
    behavioral1behavioral2

    • Target

      so/baidugoogle.asp

    • Size

      545B

    • MD5

      42c70369c2278633155d53fbe1345e28

    • SHA1

      4fbefd3db62c470b4c35e88b211795f7112ee449

    • SHA256

      58834a12fc7cc82655830f0a17c8a24a715fb879088a7b4f49f4c61d40e6a70a

    • SHA512

      0634e4b0d5bcf25a8fb0a87662dedd3c91ab8f0714969e3041828dce60947a54bd45da6759060aab446ebd849a99bb610a245705432c0fcc395fef03fe0fd9f6

    Score
    3/10
    behavioral3behavioral4

    • Target

      so/big5.asp

    • Size

      564B

    • MD5

      baae7a2410649ab40ad888f313783adc

    • SHA1

      361eb0f6602fe649d93ea73b5665ab392f1c166a

    • SHA256

      be2fcce070ba0ab033cc280cc29e498cb9543a2b9bb5901320b5f252a9ab7ea2

    • SHA512

      2bc1d2dcf0aaf5326f91891f3c492bc484bed96d63000d9da9b83b5758b20416ea1e2d2ae6f106e8c9c47801843c8f073211d91f2fc4df5e3614b2ebe5eacbf5

    Score
    3/10
    behavioral5behavioral6

    • Target

      so/blank.asp

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    behavioral7behavioral8

    • Target

      so/client.asp

    • Size

      571B

    • MD5

      f1eebdd1e763b0eca5b4894f479178fb

    • SHA1

      c6ccbe8bcc0dd6ea6ca1c0e7619fb9fa5d5fa6ee

    • SHA256

      91abe769b3699ef390d33fdddaf8ac17af0335138be567995dbcfbfeda808eec

    • SHA512

      ebcbb59d62c76627640a6205f1a0a678b54fe2dd1289fbffa61390a0347321d4ee302103832fd3062db1d0bbd276d206456aa80341f0944d4526ab50caa1a34e

    Score
    1/10
    behavioral10behavioral9

    • Target

      so/config.asp

    • Size

      2KB

    • MD5

      79f16299e18bb85be44ae460ff276ed6

    • SHA1

      f4bfc0e29bfceabd077939decbe9241dea43b484

    • SHA256

      1a459376f2d02971bc5541a75e8fa529e37e21ae0abe94c700d46b9da565a898

    • SHA512

      0d3e0e051d011f6ad4c8e07cf6b9a7d630119404b92ad761218ceef63e0f99a2fa995650e7cb9c78a367c7861ddd245c90fb055e5a16836c396e79fa190017b5

    Score
    1/10
    behavioral11behavioral12

    • Target

      so/data/zxsoudata.asp

    • Size

      276KB

    • MD5

      9a301bc71f90eb1f96773d32eaca9450

    • SHA1

      68948cd00370c27483277b8ece31ab930f15c096

    • SHA256

      bf22c5cd552f1654121082df66437a1400a8b31bc57542f18d239d5885bd1154

    • SHA512

      38e85fe2510b8806661ea329fc08ca52d7740a4fa0680ef52ac43420b77dc2ded857258124b073a255ddf762f4b63319da1a893882c72c18fa9c3be7a8b88bc2

    • SSDEEP

      768:xRBN3NhNiNUVNrNPNjGxOacSzYMwExmAf8u8nTzrW7bEAWiRUvtA:xR5y/EAEAb

    Score
    3/10
    behavioral13behavioral14

    • Target

      so/festival.asp

    • Size

      3KB

    • MD5

      d88378dd261c0e78e83ab8646314cdb8

    • SHA1

      32f53283284cb961033523a5d70107a7d973354b

    • SHA256

      db048b2221666828e9ab79243b441ec3003721dd652482ec14411c1787d87a7a

    • SHA512

      fb402c0b2055a0b2fb8dd4e1a3344e384e0ed85187f6433981895e8cfc846fc4d0c6e4effa2309786726ccd1c13b2dd430ac85a6174db522ae24cc077ee39f0f

    Score
    3/10
    behavioral15behavioral16

    • Target

      so/frame/middle.html

    • Size

      2KB

    • MD5

      d1789d332f784d67dda69d5f131cf17b

    • SHA1

      b06bd184b83a0961f5b158655324f70137ddabe6

    • SHA256

      8d740f6a0ca0adeb6e722e402def698b93af2cd4d2f21cc1106dafdbdd2cbb4f

    • SHA512

      527122a2b777341a9b7b87f0d5bfb9bd50a032f4bbd2e159aaa11d9aec1bfe696d5745efb6f020f738f05c6bfdbe0900e45d6cbf685fe3e49ca1211b4f568eff

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      so/gbtoutf8.asp

    • Size

      555B

    • MD5

      8bf1d049f12041e709bb1373d3f3b836

    • SHA1

      5792da9050df2da13d2e839e7cad751736389574

    • SHA256

      f7f6bf0b3b1426db420ff36e83957b2dd01354a9741519add80638a9efd30df6

    • SHA512

      ba64dbe0fd597dbe12d7fd7a3646431655b251b94612208aee76d2bbbce96a86158e035516ea727effcade91cadfeefa7916dda2fba0c330d69eba2ea3281e74

    Score
    3/10
    behavioral19behavioral20

    • Target

      so/getcode.asp

    • Size

      23KB

    • MD5

      c343f2625809ae6de6fd9e135b395821

    • SHA1

      d406143ea725a19b33e71b70d6be5222b0e8eac4

    • SHA256

      abc9d545da0d19da081a3a6f66571c7b925209e1bcd76903a9583f6e0949bd44

    • SHA512

      7c3e1ec7f6d633b4c026240a7c1b6db5e342beafd9e8335e3a3a76db0a7157c14e2429fa458ab2f5fb8c97c0ead7f93b0e5bb5c746f6fa0afaca6bc27590575d

    • SSDEEP

      384:JS20tWLE1+8PhXmaYClU43Wp8+wHxSdaLRAnKq060HarIcffYiDQzTUyJ5tCK5dN:JS20Y6PhBYClAGLHg0SKq0zwIwDATL9z

    Score
    3/10
    behavioral21behavioral22

    • Target

      so/index.asp

    • Size

      15KB

    • MD5

      5a87d3bf698ed02828604d08bd13a1d2

    • SHA1

      1bdcaa99fbcd94976f796dfa194127b7c3c5f096

    • SHA256

      2071733a57f1f70d23a4fa2bf6a8d78eca8700d43686b4951699d97dab77eb75

    • SHA512

      895a3e4b2eecbd101668400df6e19d91fed64cacdd146cbc52ee2d0c55f3e3c2993696a2bfd61201331ee263129a955edcb580ec15a7286679e52a58072139ae

    • SSDEEP

      192:0MHs2xYLYpxkE17PlRk6xQeLmlo5+0PtFdGkvHVQMFTejW7k:0MM2xyE17PlRk6+Qmlo5+0PtFhHKHjz

    Score
    3/10
    behavioral23behavioral24

    • Target

      so/js/change.js

    • Size

      10KB

    • MD5

      00c51d44031408ac053125d4202d14e4

    • SHA1

      7434823a35eea6e443f9887181344fc6410742fe

    • SHA256

      969605b93933fa290204094290fab9b80f84a82d1f513cf50997aab871c298db

    • SHA512

      f686150667960d38010b0937c9e474f213392b1043fa4df253fb99e13a77f831bd000ee14d6732ed45976bac0600ec07cf734255cb20b01e8fb9f475408871e7

    • SSDEEP

      192:miNkitbHmOU3FtQmIT8tvZiDsf7Qc0OEZctTIFVx+5RUtrnc6ihpuO/Oh:DN7ZnU3Ftrg8s4Qy8Q5IgrpuO/Oh

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      so/js/getcode_showpic.js

    • Size

      2KB

    • MD5

      23077b32994a3f75f93c9d9487d9057f

    • SHA1

      46163aca227aa51a332b2346eacdd5c2f3e42fdf

    • SHA256

      66dc48f50c82b79c050bedebc86a3d4486fae7c46026856e531bb8cfb04875cc

    • SHA512

      db3b4e3a2dd23280adb19bd546a06e603602b26e0b51c5b04f260982b9520ffb96bc39b1cfa0a587095909ad9b9445a2cf2bf1736ef01ecfdee4ddb3f82f86ba

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      so/js/hwinput.js

    • Size

      6KB

    • MD5

      ad16bf8bbdcf90ba9f0f0f9ab5342467

    • SHA1

      6096b364c3f6bab6309d16191b98066bcd807e19

    • SHA256

      58177353d653b01ce7fe1baa18c05ed04ce512c95ac45d2852f6618be826f0cd

    • SHA512

      2c35bdcabd15206b4d62f511056cc010c4d59ab971f2c3a00fdd1db576a6dbe1bb2720e7643095aaa28b22aaa6b195132cf65dbb3424a5dc4af397f2448e8b8b

    • SSDEEP

      96:9PSZZYeJAoCAN141jaqICAMsTlgJPTJmH7owX8IMSfyCw8h:gHfvHC5sy0oBIMSf/L

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      so/js/qqinput.js

    • Size

      230B

    • MD5

      31e079a59993b38ceb7ad5c59d70a1b1

    • SHA1

      ae4bdaf856fcb4eb5f93c9f60f85900b83b31148

    • SHA256

      6d95e97f14ccf5f957e24b4a44aa4daa089a3defd1358c0d183a2626c16fdd5f

    • SHA512

      23153e3369cdd23d3916d60e1e430fb0a264f5e5cb480af7ffaeb8738329fa41ff66cd6a2a556868501b0f5317de440c939e7e83a834417a30b4340b3f3d07b5

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

4
T1059

JavaScript

4
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

10
T1082

Browser Information Discovery

1
T1217

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10