630b5cd5260bc6449a77177835af0a0523bfe8eba6e0b5447a456c5f8d4685d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5c310bf6c752fee12e7da61c17c15c0_JaffaCakes118
Size

659KB
Sample

240909-gt1pxavcqm
MD5

d5c310bf6c752fee12e7da61c17c15c0
SHA1

078fd1d868ccafc1d702cdb1385154a8e5d93d1a
SHA256

630b5cd5260bc6449a77177835af0a0523bfe8eba6e0b5447a456c5f8d4685d7
SHA512

f5504350b105dadcf88fed9c80d0f2477c5404f4c6751952ce47681328e00462e809952a7c70a8e9d43c72bbbaba0039fd3be33c536acab605fc812625089a85
SSDEEP

12288:5rAPOr+V28WTWevPbiT5FU18LLlSCqgmzbVoR87zgY+0F79OfIN:582rm2tWevPbu5FUiPQz537zh79OfC

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  gametool/lpk.dll
- Size
  
  46KB
- MD5
  
  d678a9bbbeeeacdafcc538171ab5dd8f
- SHA1
  
  fd511a172eb91d35dd71ba37cdfcc6870bb4df22
- SHA256
  
  1ca2927f7e0478c41f94823bb99b74928b36b618ac29a21aeeb95d632089e8d1
- SHA512
  
  eb60111a8d826f3e5aacdb6755de6e9dd952199419c62349f4ac22c896dcccfca8ca4fd3b923de431ce9b5ad1bb5de6e1a62fe71ee681ade6ab39089801f4ca2
- SSDEEP
  
  768:hojY9PKqxdonOp+IKDDCgEeJ9nmJKLVWrVzD5fc5yzOojY9Po:0myqx6nOp+I5kmJKRWbc5yzvmg
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  gametool/下载银行-提供免费绿色软件下载.url
- Size
  
  265B
- MD5
  
  8198b90729a29a180d83f169e44bf4b4
- SHA1
  
  808c7001a47365ed66f763540472f71c8ab8f3c0
- SHA256
  
  0472fb354a075029d538acbdd78064da47a19487e4efcaa513417232036ad656
- SHA512
  
  8191fc06f76f598a0f3022115f9904feabce5ed9e5642557a245e279aecd1e447bf359f17b5237fd52117438dd133a214e53886769f97ef3a5850d4e50bef502
Score

1^/10
behavioral3 behavioral4
- Target
  
  gametool/斗战神药材采矿工具.exe
- Size
  
  1.7MB
- MD5
  
  4edf413113a25b75aa8a5a47692204e1
- SHA1
  
  2121714e142e76bf7e0ff7b23106b8c5b847fdf0
- SHA256
  
  82d28a8b621d2d465195e4bd4ae32965e2a65d882ef084afc099685fad24064b
- SHA512
  
  a78664db4a6d69662ae93bec95e5fc144f5d72765251932a47e03b5481da24aa6162cbaea5d8d3cfab45c422ce322b79f5110b13410504a18f63d36d91fb73fe
- SSDEEP
  
  24576:R51qIrEKiBCoAB3SP2FmGqQ/kTDyD3up0d6wDjQl3h3uDBc0i/AVJpn+YsE98Oz6:R/FxhSzTDJ2RfDB9tn+YVpz6
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6