276f6452862905ab58e5f7bbcd2f97dde2d2b271aa6c9d44cf59d98a81d98dd5

Sharing

Copy URL

Twitter E-mail

General

Target

d2aea59f1cb34644be15f960acaf0131_JaffaCakes118
Size

4.1MB
Sample

240907-x96tvstbrc
MD5

d2aea59f1cb34644be15f960acaf0131
SHA1

817e1bcf34243559a8de213060711421d0d40e93
SHA256

276f6452862905ab58e5f7bbcd2f97dde2d2b271aa6c9d44cf59d98a81d98dd5
SHA512

9629a56f8673d3b074a8aef6d8ab5cb98a977bac12be1fd65f28739eaaf73f934fc5ecb4bfc8ada36150aa487983acdb06f18a73be15be759545894f42fc3d03
SSDEEP

98304:UBXD2l86shzW4G6GLjawT71Kyl9YmhOrQPnZEjby1EgfMFGTBRmkug:U9ofEuko1HtvQW1EyMFGIs

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  au.exe
- Size
  
  4.1MB
- MD5
  
  fb50ca23df24621edbde4e30ce4981d9
- SHA1
  
  08c350054db878397361257c96bb17e911e96f9f
- SHA256
  
  499fe526f58d8558a8836d1f3f24ea036edc367107f824c8a2745ade54635867
- SHA512
  
  a73837e0ae511b9a24ff39d02f91d98704ffeb4c08dde7643c1fa229a37720902225668737f2d500d2cce026a541cb382e89475682030e4608cf6dc4c099ddd7
- SSDEEP
  
  98304:q8172C7HzW3x1/u/ZBgdjDAY9B8FFlzHnVG5yyD4:p1BzzqiRBrhzHVG5yD
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4e96f412a8cc653053d5d918df6b0836
- SHA1
  
  a3c7d59043feecb1603874b27c23d4166b341f2d
- SHA256
  
  e4a54bfc327986a89165bdef361069810aaa985c3abecd442c786725fabaf977
- SHA512
  
  2fec61b4ad31250bdbdbbfd551d831801790b96902c67200661e8f4f2753378bbf6c0c88b12e1be9173a29597827c1c4809511b6d52666dc3324bd7031c8229d
- SSDEEP
  
  96:IiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8CqRLqtJ1trRhElfL:IiqA7/ZH0uQMtcfCqo/tdgf
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $R0
- Size
  
  288KB
- MD5
  
  4a4f1ed39c1e1d7fa2f31a92b392cfdb
- SHA1
  
  74f9c7d8dc778239052d7bee5ba779573ee5c511
- SHA256
  
  3e0a527edc750ae344a78a6db7800c756754142c529c40baac2188b64c9c8a50
- SHA512
  
  d07200bab33f2f7a6b0f9bcce89f92e2984af6f1553816feb2725f358570e8ac36d7c8fa3749f66cbb49c8dc9393ad87542345193c36c02744ff81836fd62fd2
- SSDEEP
  
  6144:YkoS7QDFgO2H/DNcvXuDjR6MwAlntKaJ3LgkhTSKp7:0FpPuDjR6MPlvTx7
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Data/sqlite3.dll
- Size
  
  456KB
- MD5
  
  f83108362c55f1efe13a6761133320b0
- SHA1
  
  5ee5427d0f21d984b018b923de38127d28b3dbd7
- SHA256
  
  84af691a8b430c66ab6e976e52d9499993ec4e77cabcf98f36b3a829f4673390
- SHA512
  
  2753a45707e3a5f9751397e49120eb0477d103f6948e4ed304753d64980be7ff6e4376ce62325438a79626e8fd5930629b179080fc0f2089d95e40f8d3d30da4
- SSDEEP
  
  6144:TWHzc8i8iTUQLOTILLc0v1Y5ftXv8K+XM53uSzTVlRMAej4MOjhO755pQ11zTBxA:Tc7n0W5ft/8K+OuSzRML4MBc13UV/lGG
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Office2007Blue.dll
- Size
  
  320KB
- MD5
  
  6196c2b3c730dfe4eb2072cbf0126a4c
- SHA1
  
  78a7a4320eaa6cf3c9b5ed3bfc727f8f5ee8b93f
- SHA256
  
  054cc0bc3a8a6e32625d34706268d078de10aff60f33bfe9414b4db73c09f9a5
- SHA512
  
  5721f8886d363b6b68378482be62eee90415c64ca3d34aad944c8c23cec8e75c52e7a1e0f636d7833d3b44e5951fdc239b8d344c9e3775783f350ee34736561d
- SSDEEP
  
  6144:fm5+9PtjKc/JouOPijjEnhF648DWkYTyhPKuvzd4UR+czxwOvNTP0:fTLjEhV8Kk8yvzd4tcFwOF0
Score

1^/10
behavioral13 behavioral14
- Target
  
  au.chm
- Size
  
  130KB
- MD5
  
  10af532ececf06746461cee478048194
- SHA1
  
  30818313412422b840da076c2bfc96f34e91195f
- SHA256
  
  9c7b25bfe19fd898ae95cf29e5f2a06e372ede356282595814a39e65a25bb746
- SHA512
  
  a090991a09ec5ba26811799be1ed03c81bd75092ff68805e4b2591ef676a8f0f4dafd46d52e9f7e849a64c3e66a76ab5ec189e80f73ae68e204b1b1e213c0025
- SSDEEP
  
  3072:YmHNtelgeQ4OtjMBEXATvCe0lgCAXJs7dKOzpu:YmHNMueLoM3jCe0lgVJZOzpu
Score

1^/10
behavioral15 behavioral16
- Target
  
  au.exe
- Size
  
  2.9MB
- MD5
  
  5493c679e69f08d5beff4d80f2d8f3cc
- SHA1
  
  1367121fa80e35fa43cf5d8e29a47e04f952a3e2
- SHA256
  
  3cc6062ddd4605fba0a5238ba1118eaf0a35b808c70ae0dd9a41c69b2f27f3f6
- SHA512
  
  bb6213a2786194aae0aa21609800a2e8273f99917581d4e6fefe5da7b7c2db3bb3ec3bbff8a9a0d219bea32983732e722f9470b97dd88655a9eecfbbe89de698
- SSDEEP
  
  49152:PWTqVTDv7zUUdCWhRrS+/sGXP8cdKIuCHfUo9Rg01MQt:P1N7zZbS+ES8cjuCHfUmR1MQt
Score

7^/10

discovery
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral17 behavioral18
- Target
  
  au32.exe
- Size
  
  82KB
- MD5
  
  d2099ca0d28083fa813da69189329cba
- SHA1
  
  cef67c107793800cda8e5b6e3fd3ed45a5308eee
- SHA256
  
  aa7d44c973c2a582e84ec428acbe665b546aacd2b116cb8e2d9090c01ee841a8
- SHA512
  
  7880ccb39f489171522ed8241156ee045388054298759858e72defdad8f885880bca400f2788f53b46f569906e3ad57e6f62ab89cc07ae2939c30ae05cfc6c31
- SSDEEP
  
  1536:0encGwA465279C7SHoDjZ9JdaXhtbkQ+9:5nco43pWGtkQ+9
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  clearpasticonhistory.vbs
- Size
  
  241B
- MD5
  
  c2f92bd41b97855a68e39ad6bbc3b9e4
- SHA1
  
  8a70c5384bedbcf7be26b5d43ae0e3c276d4ed05
- SHA256
  
  79b3101e208879d26b84113859a46919e4f1d29da417f604f2946e5949bc4db4
- SHA512
  
  12273e97c8b6f0804fe4d6f237aace1456c0ef4c57871d057724c7bcccbca6cb6bec4e4daef37cbb465fdbd097f03c881c2dd00e9a37fe86c159b858297fa9ce
Score

8^/10

persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  createsrpoint.vbs
- Size
  
  283B
- MD5
  
  bb87f875b79156bffee6707ca4dee575
- SHA1
  
  16840d1edeb24c0b38e9a3b9b70d63782fecd87b
- SHA256
  
  31a7831b55d8060c28993aeb1e759b8000c3e65adaae3e593de64b5416e44f55
- SHA512
  
  257a4ad4ee309cc6fa74763c8c08219ddef3d071b825979133f7db10c9cb69b5f56296e111f32f0be31c087dfbc100acf8676f6b1c7c15746452ac7aacb67170
Score

4^/10
behavioral23 behavioral24
- Target
  
  da.exe
- Size
  
  2.0MB
- MD5
  
  be7143bf34efbe05fbc0a7b60ec2122a
- SHA1
  
  a59a28cc57a75955bb436df45ffffdf2294e3744
- SHA256
  
  3b621756da7779bd8de4d1d4453e20a9efbdda6193b57190e55f7e13bff676b5
- SHA512
  
  30b6597a275d500a9f4ed2b689ada8bde99f830ac99f067e31f5ed76ec986c965618db9cb071e9078a517ff1813f62754d4475907e972962b29aa2aaf2d697f4
- SSDEEP
  
  24576:gehysS9MEafB9X3dGAc0L8p2/BJwSMT/G0GGQzDtXqWtXqIfk51qVb6U7K0tTBgi:I9MHZF3d9NbJwUfzBXqV/U7KoTOx0
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  hstdel.exe
- Size
  
  59KB
- MD5
  
  7e02a6f83e21692d1c4436619ca8780e
- SHA1
  
  52f102eb1ef55ff08df5c8e5a22050996da4eb2d
- SHA256
  
  34db7e200b52d79d3295cf45fc121d5ad60a89b9325cb0f276f6ca719e69ab37
- SHA512
  
  50fa68e2c3e1230b5e0f9ce9c170fa8420da133d795d80508e090a5736dfe3073e2107462c453db9e6676c7193311fce3b39d63c0e843f6d2c13355947a44c27
- SSDEEP
  
  768:ybnJQ49E5YHTet/OPAy64L7yCThiUUlgyQdkyA0JeW5Luh:2J/WqzeoAqL7diJQDAk5L
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  rc.chm
- Size
  
  20KB
- MD5
  
  34e6c288acbde4466a3768952d339b30
- SHA1
  
  17ff768a4bf1e572ca520695b4a5c203ff26d213
- SHA256
  
  52c8aefc6f55b50181e677a81045db6ab2f8e95bc701714fa70b4a2c6273f8ba
- SHA512
  
  29c54350ab90ff2852d2ff0d8ffd5515fe1e1c187c283f11dcd28e070e88ea0a7a991d72f88f16ed308b81e80d0f7341610da6b1bbb482789e9691a27a04a707
- SSDEEP
  
  384:tOL4hAOCFRH5STNNMYBeA+dECrdtXO///d:tOLoab+NMYd0XO///d
Score

1^/10
behavioral29 behavioral30
- Target
  
  rc.exe
- Size
  
  347KB
- MD5
  
  121125efcc3a0c036d75c732b21dd4f9
- SHA1
  
  b4406d4e42ee9829077a0b523eaab5ba41fd1f41
- SHA256
  
  baed309c740e201bf019224e17895b867c3812421747e66fd0ed4d3094aa402e
- SHA512
  
  45f0949dc611a4d6fc3d851a1d229ea92318ee1ce87760276297e7cf7bc3a6d321e4c7c3bb8e3b6ea4d902e1d4e5b38d82afa46337f45c70d5781187b70589f9
- SSDEEP
  
  6144:Z3eY6gddKyWfvfSgoCl8wZBbQKNKE2bLU9mNupLL1PaixDGCW1FLk6BXJZEUmB3n:Zu8goCl8w7fNKE2bA9mNupLxTz+e
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks BIOS information in registry

Boot or Logon Autostart Execution: Active Setup

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32