598677934aa045dd4625c64bf280fcec26a0c208190c29092f1bde59310ab6f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4c304bf1a10ea0914365381a1bc0fc9_JaffaCakes118
Size

8.4MB
Sample

240908-tq57favgql
MD5

d4c304bf1a10ea0914365381a1bc0fc9
SHA1

76ff80606dd6e6f745544dd787eba9f5f8a0116e
SHA256

598677934aa045dd4625c64bf280fcec26a0c208190c29092f1bde59310ab6f7
SHA512

c5987f50c1da1581e213166dd8b77cd2907088188cf5ed28583ddece345f6f518b75b429d3f81183b20c1516d7c5ef0f25f2fd4abec7746e8ee0b9d8a64c148f
SSDEEP

196608:mQZAx9Rzu42X5orUgGUeSIblko3/1HCNw3iq:myAY4WkeUevpWw3iq

Score

4^/10

discovery

Malware Config

Targets

- Target
  
  AnyView网络警V4.exe
- Size
  
  5.5MB
- MD5
  
  5ce89c38e917659ba7586207c6db34cb
- SHA1
  
  23e3b8f92662ee2eeb43a872666946b957df32b3
- SHA256
  
  5a6e821c86b4c58a955221d95800310aabb577880d6303dc5fc0f1492a266c16
- SHA512
  
  4c963c7abd07a498816521f265a332877cf7f069de48b7397810ba3778f6a9d7a12b8cedbff0e160153c0db12bd34d96c6dd8a6da1ab682261974b21569ef158
- SSDEEP
  
  98304:5eW3S99CidhONYbc843IKtFTA+6mlu/VqNRoyvkZ1W1DuUhB0zk95+NNFj0:B3295UNb8qFA7/V+jvCW1CNzxNh0
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  IntraView工作站.exe
- Size
  
  1.6MB
- MD5
  
  61ee5caed33e878dc1d05bfedd517296
- SHA1
  
  c4ec86e1a031774ca3a409530175589066889414
- SHA256
  
  24026f40a5974a44b704d2b34d990e49223f581ea11231a6b4403b373f1f7cf8
- SHA512
  
  748cf554bd6a662ff88f06932a0a0143a9d86356de87a020fa87670ddeed50625d12ec2b2ec04061519a06c97bb0f7dce3c211a5132c78db403927eecdd7a2bd
- SSDEEP
  
  49152:W6oTf5z5EMPf7D/nGbRrDYhwEbGrsLzLS9OHI:Wz97rMRrDYhFqrT9+I
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ReadMe.doc
- Size
  
  626KB
- MD5
  
  d61fe80b1321eb85aa3d5f6d80c3354e
- SHA1
  
  506ac7896401e0505444284670d7f0998d8ccd0a
- SHA256
  
  03e5679720bcbf414d8e01ad4904e81f015619960c7fe1fac1859c194b414681
- SHA512
  
  223c8c726f435b2105c10df952e1de30880943d673d5ca34163a7f9111f8f242ca635078c0ff51c9536e417283cfeb0ebeb67f89f30c5096cc51c1ed82092c97
- SSDEEP
  
  6144:aLi3GOhkfR8KWBMx6v0d2JuSlbIDygs37815/sLRZNGqM0qhkfR8KWBMx6v0d2JY:j3BIeb9FWIeb9F7EYL8h9
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral7 behavioral8
- Target
  
  配置和使用说明/《ANYVIEW产品功能与安装简要说明》.doc
- Size
  
  1.1MB
- MD5
  
  ce8c53eeaa23541cf4409a2da01555f4
- SHA1
  
  d10adfb18c32cfc579e65cba349bc62f45fe8080
- SHA256
  
  dc6e65de04da054910466cd304506d7db94e18b065ec74d07026b548c9b7cd7e
- SHA512
  
  001280027dda185c13e6d32447b8cad530825b20dc27e0457c9e7da18ba042e71f3c2950674fd85b09dbfd1adbfca4b1c16fd13d28827cd0b39b22d72ccbe2b9
- SSDEEP
  
  12288:kB03TIeb9FkIeb9F8Ieb9FnEfLyrQIeb9F:kB03wfL
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  配置和使用说明/《AnyView用户指南》.doc
- Size
  
  1.1MB
- MD5
  
  4099cc4f3a8a6465f831308e7bea8d25
- SHA1
  
  369f43af16e88804922ce0ca16e9786a11b98edb
- SHA256
  
  13b5be510735354de7264680207afbcdfe3c7fe8e851cdf9e11d5ae8fff18eb9
- SHA512
  
  d189d97941b431c3b26e3701f42e6a5570d17ba8337e1fb6fcb58a89f5c8f8623779d9f02875ce6ade98871893bd0963e2c94b8660c6acc8aaa23cd798d2da01
- SSDEEP
  
  12288:m6/gwIeb9FcacmrYecacmrYeJENjdinsiU3OZG8MS0YSUvFxfE3WmGeTIeb9F/:m6/qxmkecxmkeSNjdJOZzTZM
Score

4^/10

discovery
behavioral11 behavioral12
- Target
  
  配置和使用说明/《AnyView网关模式详细配置指南》.doc
- Size
  
  1.1MB
- MD5
  
  74df4f142fe8f210d7efbe7340c1ee10
- SHA1
  
  cdf0c0db04bdf7b901c02d72cefd5d8ba210329b
- SHA256
  
  2b8848c7b096c9f51af5e0e23aa79cb4a7fee1a125555b4e3c9f256503a05e73
- SHA512
  
  e641da71e3538fc4911210cf3d214671b986f0a87762ed3a32c3c63e91a625026939f78f08e598255803c0a2a789491368929515f58b4119aab41bb60e8081c7
- SSDEEP
  
  12288:MNIeb9FbIeb9Fe4uHNPOBUAREBfZ4oGxxcPIeb9F:M9ucRC61x
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  配置和使用说明/《anyview常见问题解答》.doc
- Size
  
  786KB
- MD5
  
  420e02fbe36225f959c56a62b88342e9
- SHA1
  
  b3f1ad23ec0d38d68bf6f3a70c8f3a0ae58eba0b
- SHA256
  
  731397cd78d67cc1933cc916d4d8722dc2574b9abc1b6cc4911b38853f44de8f
- SHA512
  
  3a6c9f83740e8aa7c102218b819dd546c759c52d006d5b2d1d15661e7169b571790e2b795f5b3dac130a8c23b3038c4537e763f42f1308a0b48e1f5be5cd2929
- SSDEEP
  
  6144:VG/hkfR8KWBMx6v0d2JuSlbIDygs37815/sLRZNGqM0ChkfR8KWBMx6v0d2JuSlg:V2Ieb9FuIeb9FwIeb9F
Score

4^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16