4f800575229b731069024a88ee51d5029d6d692f5cf0b12be2a58f1d2ef570c0 | Triage

Sharing

General

Target

ce4b3b45a7e41e2198e47ee542f498d4_JaffaCakes118
Size

6.0MB
Sample

240906-bec3eaxelp
MD5

ce4b3b45a7e41e2198e47ee542f498d4
SHA1

7524a5a6facd268a289c582d0ecce6f53bcdfb8d
SHA256

4f800575229b731069024a88ee51d5029d6d692f5cf0b12be2a58f1d2ef570c0
SHA512

abea71c0d70f0c2971d8ae0dbd3fcdb6fab387038012eaaf522890699b965c66b5b45e18ef770147f1596425993a132d9a85abaea94af07c97b9deec5159379d
SSDEEP

98304:ZjAt4thTNO/OtuP7tnMC+dMhv9UzjvIxyEO83wdvnvRwwey5MS0R2uhJ4ZWbYQky:ZjAt4vTNOMuZaa94vIxHO83QnpRbgR2I

Score

7^/10

aspackv2 discovery

Malware Config

Targets

- Target
  
  RedVIP5Release_91502088.exe
- Size
  
  6.0MB
- MD5
  
  95343e1de11b559191be2476f3fa2823
- SHA1
  
  7e7279a83e764c73cbdf82c71783eb39c96cf166
- SHA256
  
  ae54713c81688a2970f7179dbd3644c51d81f3306283d9d7f05fb44a09d3187d
- SHA512
  
  9f7b5cfc68fb5e73815d7e8b542782ea7af0dadb1b2631c4d1cd019f1a8acc8eed4fafcc5fdff254b137174118dbaba35387104dc6e397b274e7d1f9c5f26c5c
- SSDEEP
  
  98304:F39fENK1aUP1OtuCr5lthrDLMScRlwjbGSD+rpSvgATQyUHTTQ4GrZIhIhb5nBr5:UNsP1aFBhrDpcfbSDMcFUzTvAZIhIhbR
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  d1017871e5fafca4f1a9ab0c459eb179
- SHA1
  
  84afd186e8523be52b9d7d693f9ada0e1d1758df
- SHA256
  
  fab7253d54818991c18da1a9548a31bbb8970430c1c8423474bb37747d665141
- SHA512
  
  f4efa4112e9c24a6bedd8063685e7f6a115ec87eeb3e0c0a463ef51dfed8a94ec7c3c146a654f39584b02b5333c038c8adff09788c8c299832d17cd71c08667c
- SSDEEP
  
  48:SHIPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJjof2ynh1:d1cWxfzrrh2cFvWwFtSU
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  c6ca47bb4198f483c8b31fd90b779acb
- SHA1
  
  ea9024cb535fd5471f30d27b22318b59cb4d31f6
- SHA256
  
  f90ebff31051802116def3349310f9b0e3dbee0f0236d54f364149e1feb186bc
- SHA512
  
  b761b4ae89ecf15edadb3015fe0d3012048f1480b84ec8d30997c128e210818d0da9c7ec75de9efe8e1e08f84501c314a32c109f4ff1e8adca2cec5a73fab7db
- SSDEEP
  
  96:z1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5FnhElMmV4d:Vep2w5k/FyEttgN
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  DLLCLT.dll
- Size
  
  24KB
- MD5
  
  a378b4bc6152ea81459a52223cf8f2f1
- SHA1
  
  db25e0393496ffef8b1b2ddb18818bc50931d774
- SHA256
  
  29ccea5882a0605705a5576495e8c9585349dbf2904b674413a29bb74bb68a06
- SHA512
  
  845d28ad2968ea8f57ff73bcf2bf00ef269c7bfdf1d227f207f9b40c343d8eadf0d7179df01403d7c6f805106eb061eafd0c218542874090c18cc6d58390ec26
- SSDEEP
  
  384:Qvo3HaB0Y0kAgKrcjqsAyIbmyWAxor6+e9Pfqbn1bZ:QK1sAjmyBx/ha5bZ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  DownLoad/attrib.exe
- Size
  
  11KB
- MD5
  
  6fc563ea5e147fb0aa414d15b7447edd
- SHA1
  
  0084a689c0916298dccbf7ff5e6de4590316bb05
- SHA256
  
  6ec87e2160f3bfa90f58a5320c25ca21527635f78f685b4f3abac556b3d1132d
- SHA512
  
  d223ceddd28b148875d52737c1058fa355786f1e61c89d48e6a792af284f5b6f974344f9349123253b540882433f64537d03b86cd2228a460e0d7c1085f7d21c
- SSDEEP
  
  192:FOdtS/hlZ9wbJkMZQSRzRH1u+oNVbgwc4A3tOMk7umWCtW:F7bZWbJFZRVc5A3tOwmWCtW
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  DownLoad/rar.exe
- Size
  
  305KB
- MD5
  
  f9b754dd4c9f04b3b53995d1f41fdeaa
- SHA1
  
  1512862f0f1224bdbba1f64070aafd39686498b3
- SHA256
  
  0c547b64f395a6a6b3c2583125445323f1786541549263e824993f0b3c99396d
- SHA512
  
  22d4c9a3737c3a2da57daabc8dc10a70040a9c24c610635d68f85f5f67b5cd6120086cafb70da39918dcf72ff324ccfbe4c03434f12cf8a4efdb0300369c02a6
- SSDEEP
  
  6144:H7NC2iPjZpz3e8Zjwobw4CIVJ8IAF6B8FFfl2tIEMq4iA3InBPlSkW8E/CqksKie:H7NC28jZpzuM7tCFfl2kxkW8N
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  McuFlash/Download.exe
- Size
  
  128KB
- MD5
  
  63349ca44f11212fbdd9e29a675d2821
- SHA1
  
  34b3377c3098287f05535d057b3b8c768ba70b76
- SHA256
  
  5858cedeacad2556e65bed29690adb2c72e63e72e116d92f4ecc3b859aec31cd
- SHA512
  
  70074c222f99c11808a62a5c0204253a8d3006717b27abb188aa72c895b22edf39cea4872c330157cd90e45498febe4556eb6dd71cb091d62c2f893edddc5d7f
- SSDEEP
  
  384:98hPb5djVsYsO/MyYpSSuakYtmQTLXSw1ScPdkfdI5D1qwvLTPSdNYh4MVVEq:ChHjVAyY0ckYzfXSKxPdcI5xRb7VC
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  RedVIPControls.dll
- Size
  
  200KB
- MD5
  
  908136c92cf64aff62decd83d72f7c09
- SHA1
  
  63ecf62953119edb33f87258829398ac93a326e8
- SHA256
  
  2e13165e8df481e678acc149227880c4690bb1a0770d010eaf11ceebd10eb054
- SHA512
  
  1f3cac47bc45aaeb1beb704ec4d84552cd7bedae183431ca02069bcbdffca4ec619e087ad9fa5f1a7d6d44df2672eea137dc866ab6b35af7b19ce25579a47aea
- SSDEEP
  
  3072:88Y213Ox06h70aQnT33pY20jX8o+/0EAyy4uVF0wIER2jVrDOtTJznjETvjlgkiD:8e320+0HVYZj75H+iRR2OttHETbykG
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  VIP.exe
- Size
  
  814KB
- MD5
  
  e23aac527fcc2f5856c7435aacbf1cad
- SHA1
  
  867498c41f6b43aabf70eb612ce4d0b4aaa75739
- SHA256
  
  e5afc3b73e6262349dcdd8060810da309324b0ccbdaadefba0cd4847dc7e0d19
- SHA512
  
  bf86e9fa8beb1d4a01d6c9ab799a151571950d89fa3c53570240c6d904515063b687e141037b50da550bf62287c886465f653432689eaa0676262f3f100ae54c
- SSDEEP
  
  12288:ihHsnpEQyLL2Y1sbXbd1g3PnvTcjTknYjladX9rGYSAucdkZR777:iJsnLyebYvvTcvYKYD
Score

4^/10

discovery
behavioral19 behavioral20
- Target
  
  VIPExec.exe
- Size
  
  130KB
- MD5
  
  7730be9cf9ce8fe484d6cbbb25a431f0
- SHA1
  
  b44b62be5f460ef67d9ce544348cdcdb17c64b6a
- SHA256
  
  daeb72dfc4ff17b3a58519b93a5259fce80cb8366b2205924b85553512c302fb
- SHA512
  
  521f5e7c005fa86f15f3394fb47582e6072dfb3becbca3c2308a1b5d9e7c50c6b715821684298de66e4620663ac304ade54ad351532fed6396eba73f92098867
- SSDEEP
  
  3072:pDAhbD6/PB0eZReL+tYLkxnXlL1AH/oqAo0sS3mBNf:pSDuP/yL+lxXlJAH/oqAo0sH
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  VIPUpdate.exe
- Size
  
  127KB
- MD5
  
  84781cee5f1470f88e876f909475ed58
- SHA1
  
  1684de93be24653a5b47e703e38dac9f23d42e46
- SHA256
  
  84b349626de846ac1e03fe1176a4768ccead7764d2352cddb3bb74f3f05d4656
- SHA512
  
  9ac81dd98cd49f64d53b84ba0771bed0a3c340bdbbb22542f0291b8672b311b1d4f69fc02327d4a2f13db747d6ceab688e17605ea9b6da7cf8bb4b7134aa1b5c
- SSDEEP
  
  3072:VeDgT3O5fEioGSYcvRS9XnXcosiMY/OagfVy2eCkeWh:VeDgT3OdEieHvRm4fFVy2eCkew
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  VPADLL.dll
- Size
  
  63KB
- MD5
  
  aa5dca0b2f5193743e49fda756d5ce77
- SHA1
  
  5917418c424ac1e478d610e265b20a226155d18e
- SHA256
  
  e4d1c5b51f8bfaf46e5d70d93fec82a2bec931ffd9038598a8ed9bea58f1fdbe
- SHA512
  
  536ec5aed1565c1bde48cbb004e1982d909c5f18d07ddb3059cafc466e8c8acc9f8ee5e1cef8c088318d3607909e9f11514f097ef4e3c1b97d6e93a2815a2a58
- SSDEEP
  
  1536:/3lTxtcyaeR+dqb2d96DsSS3edaEykaLxIouncC:vlbaeMUbW9izS3eda/XLxEV
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  VPVDLL.dll
- Size
  
  118KB
- MD5
  
  7ab120c33f3ff2595997e4c1f1942ca3
- SHA1
  
  64dfc13f87271f630b9d016e9154910de19aecdf
- SHA256
  
  af268ee9b2ab3a9be14a2105bed32a2b4ddafd96b20a7b63c594bac84c25bd2d
- SHA512
  
  53d44a339de1b77989dd381cc88b0598982fa461e3fd17824b4e5732ff4c1b1d08c4e1ed38e72710f3515d4313d291d2a576422ff2c780826c2bd2e5b2160085
- SSDEEP
  
  3072:lE5hNQCS0uaF/xDu7PfhLMS0VZJOlU8dUfvrh:G5bgaVxOoS0UlU8dUfvr
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  advert/ad_mcu.gif
- Size
  
  297B
- MD5
  
  9dba8fa6e94d7a54a75fbcff06df6757
- SHA1
  
  f4d8aebeb717143fa5bc471de432eb594a10818a
- SHA256
  
  9d62ecc0d9862b36c8353e040c411317663f6793875664c68e26c22f38f95293
- SHA512
  
  95d5c73ce6d4977569dc06370d60dd566448e81c1cef87c2495e8176e72020b45bb3a7b9b25e52f885500b8459b31d11cbe504c1aac6c0e483b238e54d190d45
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  divx.dll
- Size
  
  665KB
- MD5
  
  0a41851ce20b307f73496e329aa0424f
- SHA1
  
  bbefa0a2dd3956f1a781a9089f68909d7a346d39
- SHA256
  
  ae15ddb6f5254b0db7334cdaeb401855842a7bedb86a9be869763e290dc76450
- SHA512
  
  27339ce702fd7a3599dec7e49649a0d3511ca20269af0e6a9a1480c322fa6c515f40b41bd2b36e03a9b0e471fb584c0f270d557ad358a6238f5003ceedcafdc8
- SSDEEP
  
  12288:WuqiPfi8FAWr3r8tkQCAt4V2L9LHjJU+BN/BYjgsMdy0ta:9q4fi8iWzrUCA+oL9HJUC/Bk1MU0ta
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32