General

  • Target

    db71d6c43ca3083e834f407b66b009da_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240911-3ws9hazfqc

  • MD5

    db71d6c43ca3083e834f407b66b009da

  • SHA1

    8393ae321e53394c56dfe064c81c9e483155deaa

  • SHA256

    ec7609464f63d8d949b7c1ae6293f1e48d821f6a37e9c9a227744f8d57e93745

  • SHA512

    a655a6acc5e3c1640e9364d5fd7039ea5527f7c3534345a8584ad9aa3030f45a9f2b84e98bf916053b8c7c26849d0d88acd6498078f4f1c1aa94929214af5f0b

  • SSDEEP

    24576:8+iFc1dOqW+yU8wLUjuo/85/OTZfpWiZBNpvvdiMWVOKodtNq4VniGgeymhtwQg/:8+OUoqwrjuQ85/eZRWSzvvdWQdtNqgnu

Score
7/10

Malware Config

Targets

    • Target

      外挂/155绿色软件站.url

    • Size

      219B

    • MD5

      3a1f2a8a3ef08ae269517a69ea918b2c

    • SHA1

      7d2e6719702bc8472e045e010efa6ed3f7df4b5b

    • SHA256

      66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd

    • SHA512

      22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576

    Score
    1/10
    • Target

      外挂/AutoLogin.exe

    • Size

      360KB

    • MD5

      912a6ba595d72ea86562e48276f7258d

    • SHA1

      9a2809a61a4c8a978c196f0a24916a2452567b93

    • SHA256

      f2f1640691f77292dc73064096ed2c6a5a10729187478069d14df3df1d7e8cfd

    • SHA512

      54e824f10b0fea20b80ab16e9c145cf3a6770229b851e0b8fc0fbe239280df8519e95e489fe551ab74e6d66b680e83cf385c214a86c4682cc2a29368b67e1c4c

    • SSDEEP

      6144:0AXjiU4bzxyNQlcMEX049HUnMhehS2B1eQBmup9rlzCUdqabHI:0AX+U4hy6GPX0nMeS2B1eImkDzZqaL

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      外挂/MSWINSCK.OCX

    • Size

      121KB

    • MD5

      e8a2190a9e8ee5e5d2e0b599bbf9dda6

    • SHA1

      4e97bf9519c83835da9db309e61ec87ddf165167

    • SHA256

      80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

    • SHA512

      57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

    • SSDEEP

      3072:9PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sB:9PBUyhsdEI2++M+RlTHYL

    Score
    3/10
    • Target

      外挂/神魔小歪.exe

    • Size

      908KB

    • MD5

      be1158125dd46829c4cc16b878479bb3

    • SHA1

      ec5753674cbca7d9dc597ab23462c2b3b637c086

    • SHA256

      91c679b47080781c9921051fb4dd4e9939017cdccd7588c9026b380fdc857dcb

    • SHA512

      3a04af5244452ed5d47a0c0b13c38959030478b70391a965405913ddfc4e558df44d7c0f53ec3d35c9fbd0fd6d2ad581706e6818d7d3e5f3b814e09c0d333a98

    • SSDEEP

      24576:EaVDwfUEnjzO/aWPfjLPzxLZedu1yoZkT0Iykw:HDwjTWjz7edu1yWkLykw

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      监控台/MSWINSCK.OCX

    • Size

      121KB

    • MD5

      e8a2190a9e8ee5e5d2e0b599bbf9dda6

    • SHA1

      4e97bf9519c83835da9db309e61ec87ddf165167

    • SHA256

      80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

    • SHA512

      57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

    • SSDEEP

      3072:9PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sB:9PBUyhsdEI2++M+RlTHYL

    Score
    3/10
    • Target

      监控台/监控.exe

    • Size

      552KB

    • MD5

      77dd40b2c005e9b3e619a1cac5170e17

    • SHA1

      5be6a26844e576caeb094bfb9a4316ba7a8f607e

    • SHA256

      d1c0f4ddf1262c78ae3566a69d28a719e184d9d55daf0b0c48ce419b3129d5be

    • SHA512

      87894d9b6e0519ed88fa17427a0dcb1a522915913ac033101c8d8d083b97bdfe4c9e83221a4307a9477c0e6069f033990168b1895128097d285110227b5f2463

    • SSDEEP

      3072:FGKoePSqlfJyiX4BjDE8CGe/KQFU5Xg048gIwj4TbSBtrjmmW3GSQpXD+I0cZ1SZ:yQjGe/K/5EHju4qc6mtoztwoB

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks