209bc82f50d5c7f4b8f75057b2793d433b04f7761bd32b2e04969017b0722ceb | Triage

Sharing

General

Target

da1353689f81e52c8108d2c01cd252bc_JaffaCakes118
Size

4.5MB
Sample

240911-ln791svaqg
MD5

da1353689f81e52c8108d2c01cd252bc
SHA1

d7273027b7a99003c54ad1201ee365f14686a463
SHA256

209bc82f50d5c7f4b8f75057b2793d433b04f7761bd32b2e04969017b0722ceb
SHA512

4259be66278d9c1f3007cc9a4ca1d8d9647f0f791155910160aa16182eb1d1c2e02f4d9d7a01ca1164978204b12f0368f29a0c66069e489f6d20f89e4107a7bf
SSDEEP

98304:/HPoIhZ4UkZqhUhds5ioL5tNVq3IADVROHoxoqmTgGeub2se9wi4B:/iMmqioL5HVq9DVQHPqkb5Ez4

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  disk_recovery_wizard_setup.exe
- Size
  
  4.7MB
- MD5
  
  1c7389eb9b616c9847ba8e27f52178f4
- SHA1
  
  3a6737e915718285c55d98e01bfc83d76af0e291
- SHA256
  
  8c916a50d071f5fb987e1e4ab3146fe4d17a1abdaac4ffe5456e8320770b2924
- SHA512
  
  f55fe1ccd041b4062b39ee30870f7b382509a05459e73ee7d6fbafaf1877e6fd849bdeee10c4fd142dd23b73726d6c1614df0c7a3793d1be698c3aa8c1237ad9
- SSDEEP
  
  98304:lOcqtREd3XkX/HdBowv97Cojl76PYMydN7F9S8LBZy7qv1QLN/1Kw:KtOIPb5v9FYYpR9S44bl11
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  3809b1424d53ccb427c88cabab8b5f94
- SHA1
  
  bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e
- SHA256
  
  426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088
- SHA512
  
  626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee
- SSDEEP
  
  192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  8262fbc2a172ff04146e7587649d7091
- SHA1
  
  628be3fede2a79d4b321b12f979711caf77e8a7e
- SHA256
  
  ac53840d019b746ab5dabaa40d7720c9a4487c861b155926454bf8b10bd0963d
- SHA512
  
  8e11f1f1811a424b1ae5ab8e064d5313adc118ee7607f6a6f9b9976647ca6c91496133d5575d4737386a1485f39cf6fd074dbfd619807f42fe148a640186f639
- SSDEEP
  
  96:Z+rBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tXGhEl5VN:Z+FepxPE1r8/FtmCDtWg5v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  BlackShark.k50
- Size
  
  162KB
- MD5
  
  5b518f989aaa855b60f9b1b6cf44211d
- SHA1
  
  108e8acfb35797840a987bb8805f479bbdcfbe88
- SHA256
  
  24a56e451776b0a3024388f52b139f660a244b03e80d2150dbe0ee423127c886
- SHA512
  
  653d5ec317f3abe4e9f0e4516a13f394d1a70d67c5418f44c899e0d17ad1851192fdf25f46f121b2d626095b19bdd67f4f81c6ada42c4afe4ac7b1dd1b446dc4
- SSDEEP
  
  3072:1uWgN4mJzcrpXVvjJm2HOMe0CS81vMXhfaDgK9gtB8x+12kiujvGdI:1uWgN4mJOR/mzMm5kRf1K9Dx+1Liuj
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Disk Recovery Wizard.exe
- Size
  
  3.0MB
- MD5
  
  7098c0e6819f0d5770bd72285f0c230f
- SHA1
  
  dbdfb82c65ca93b8301874138fb42e1b9df3b8ed
- SHA256
  
  0ac96f437e9116f7f97d1bf391cd36856851e4eecf8509121b3131edcad9cb8c
- SHA512
  
  133f51a786244b45564af0403464a73207aff67cb3ba49aff4ac04d4800fe3ef699b8f014ee71c82ac9b7f2d714f409b842ba6b8125dc1c4fc81127cf1f0495b
- SSDEEP
  
  98304:XOcqtREeYtLSckA7qZF0xTSvDlhFYH83ZzP:otOe4GF4hSvDjFYHMB
Score

7^/10

discovery
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral10 behavioral9
- Target
  
  FLUSH.EXE
- Size
  
  2KB
- MD5
  
  caba50530e506369cc771892012e6828
- SHA1
  
  8f97908f5067dd74c8af1ebe1c2a1fe813a1dabc
- SHA256
  
  e5ca3883cffa263373e923633cdc96c7f7d9b60ebcbd37b165777434e6c4c125
- SHA512
  
  b8fbf104000027fa30d2267f0213667b5917cc14c39fb9b50f25e1108f4804030a5b37c75066b348b2d56e385809e4ad3ed6bc334ada5151e02149696b792b05
Score

1^/10
behavioral11 behavioral12
- Target
  
  MIG_29.dll
- Size
  
  400KB
- MD5
  
  304ced1dd8411e8c1d4d7eb7706c5a6b
- SHA1
  
  bade34f523ba0d50b1300fe76f2e587b222e869e
- SHA256
  
  4f53c066c71df8619ca45ec4b1d43b2b3e5b1b0133fc70ea230855364cc4bbdd
- SHA512
  
  3d34021c1759b6bb86f2b959784de64460a5e8406d9dbab41c29fbf1a391c58e76ccd880bd3e9fb39c9e3e8de6d1dd6b7bef455607ff94cdcc40488a48445af6
- SSDEEP
  
  6144:1435tY4LClZKwcewydacLjOLH8/l0QOeFhLVgCGoE/Q+4E8nebuDhEYI9D/vAO1:1YfL8DfrLjOLHzQJ9JGoEIe8HDhEY0
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  PascalStreams.dll
- Size
  
  86KB
- MD5
  
  15aacef96e0673400bddae0c3a97462c
- SHA1
  
  51fdb75bd4a27386b960a19308620868c48cff1d
- SHA256
  
  a767d213f1fa41bddfaad8540f987fbf39516802ace609916f336cb808afd40a
- SHA512
  
  e07b43379ccc42d8d86342db8437d78bfecca4c9e1033d9691557c27480c98bbed081486db34c74e1f1ce2ecf26376aa92ebd5e0b4e32fcdcabc6a49a26963af
- SSDEEP
  
  1536:pjqjoQTOKuovbvTspOaQcNFeSe4Edi3sXxC7gCKKmvXlu3mvj7dHUM9:8obtgvssanNFeS9EM3IxC7gCKdvVHvfb
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  StarBurn.dll
- Size
  
  634KB
- MD5
  
  56c8cd1368ffcf4b1bdfc2e0b5030d70
- SHA1
  
  6186f2983412d0ee5456915550db2012738f9521
- SHA256
  
  07d3b623c763bd1039b35897933159a264bf127b707d335ddf340ee01d09bda4
- SHA512
  
  4e082103d09dbcc29fd2e8c0bd844a4856122e0e1d00a22c151703c06381057d1d6a83e2a1266a3bcd60a1a5d686d4081ae7f2d442b820ba921bfdb10b3699dc
- SSDEEP
  
  12288:s/gzbn9GQYAcfGqrv86eb2VPpnxgzpKY1:Uc32v8lb2nmzf1
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  327KB
- MD5
  
  f8e51b09aea1acb19bc5fd1f6aa34907
- SHA1
  
  241e10a41f215b179f7ccb25a2dc822b6d118dc1
- SHA256
  
  6f4915a3017fc12182e514be8600c9b51c6bfc87de110201ccb94058db7fdc6c
- SHA512
  
  cdf8bfa7a074e202957982c6ec9c59df0012c6ca69927a75e26857bab4594d7025649be923d6ccd26ddb76aed60d54447cd281cdc46520fcdbbc36ea437c1405
- SSDEEP
  
  3072:AhT2137DYmJEt/FnsIkUM3iE9S4OKAk0zSbVuTS5siApDUc++towaYjtsn/7tREj:AhR7VRzqAfigAcqtRE435bH6Qr2
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  3809b1424d53ccb427c88cabab8b5f94
- SHA1
  
  bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e
- SHA256
  
  426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088
- SHA512
  
  626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee
- SSDEEP
  
  192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  WiaDll.dll
- Size
  
  40KB
- MD5
  
  18bb16df754bac73d670b945d721247e
- SHA1
  
  6c327d84e2afa4a6acbaadcabce5dca6410de30d
- SHA256
  
  eb69efd10a60d308d47965771aa66aab8b746f82d627f2d1cc47b162e3290dc6
- SHA512
  
  65ea31b8e989641cfacd249a26035e85564995ac9cfb1d72ce04f499828a76e9d928f3c822caa5d9ff1fe0e8008862d0666dfd73532dab402563dca5132f6981
- SSDEEP
  
  768:Os44cEDZtkBEMOurZaL8A+qmTNSMkFEDksaj:T4/gt+EMOurZaL8/q9qD3aj
Score

4^/10

discovery
behavioral23 behavioral24
- Target
  
  bs_load.di
- Size
  
  466KB
- MD5
  
  15abbe3c15e018da7ef56841af33cb74
- SHA1
  
  7a91dca0f03b175929ded67625d79a5430c3ceff
- SHA256
  
  c0980bfddf43bbd6df2441f2dfa46f98f04b7b4d0f4f079b60abaaa21a1ab3e0
- SHA512
  
  c84e95cca9f8b901fe904937b70c23f7b86dc1037905d8bf0c6f8602a41abf4305bc1eb925447c1b74123d974b2f752eccfdd184ddf6cef6d7eb7194832d2ce1
- SSDEEP
  
  12288:EBQstBghoWlHkXMzIuZFquh4cilkfiEW:8DYhoWlHml3u9iqf
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  bs_wm.di
- Size
  
  64KB
- MD5
  
  1321edc324c693184631b27870745b75
- SHA1
  
  aadda09fe92940aaac81c7733c3b636ea9592f34
- SHA256
  
  c00718b18ed6d0ee5021ff1a35f164676385c5b23f40ae332af6ea7805af3a9a
- SHA512
  
  5ce976ef98ee882f5dc2ae5366e5e08461ffa292b26bc1a24cf2bff52543f4ebd1eeaa3bf07616520d689d7b1afbdde6c3483ce9dfba59eb0ebaca3f170a9a4b
- SSDEEP
  
  1536:sPheLWulsWgcovqchWxhOMyP6mJiSmX9DBZ/B:sQlsW5ov3hEhY6mJiSmX9DBJB
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  contmenu.dll
- Size
  
  124KB
- MD5
  
  e459df19ed02928859602e7ca22faa55
- SHA1
  
  f0f7da70e1b7eb5dcd5e7a5406e49bf495be722c
- SHA256
  
  a920b9f0c4b93c525d2d2ad16c2f26206a5b7972830d548d3607296267e647ec
- SHA512
  
  0c1f67a3099facd28137d1d863d32e6808dfc5cf8f7b55fe677fcf0d3accc3144af829a7dee6a8e9d4ae2f190e63716be55f6ff8f1df2956c858434ead0954ac
- SSDEEP
  
  3072:ESWowO2QnnUpIfM0QCZSOdISNdbxD//gCjSdZzKs6:PwO2SxMzOiW9Sdx
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  gdiplus.dll
- Size
  
  1.6MB
- MD5
  
  d0aaae16ba162dd89d646887f1539855
- SHA1
  
  0a222f319b7712b861ef6adf0c38cc2c5a2790fa
- SHA256
  
  d84e7eb505adee8ea660f48c89705977f5eb33b7299d0bd981624e3ece320223
- SHA512
  
  6d7cf7b3a1dc0560791bc3db4fc836ad0f58b8b531c593d96a37bb77afa3ab7dd6bd4d66a97e37cde3443078eb189609d8d36119198c60ce6b74c1a093000769
- SSDEEP
  
  24576:i0CiGmsJ2LC4jJmNwP+6fBUAK8C0m1DQucWM9nul/SuyZfWPP90bTv6:i0K2L1Pjf2AKWmFcLulMZ9H
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32