2bd0e04437a3ec21f596e4f21f579e6a6f93d033cb7438381f7ea0a2d0495735 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de3e7384233944a5675df02e0ccb7525_JaffaCakes118
Size

16.7MB
Sample

240913-nes5vayhjj
MD5

de3e7384233944a5675df02e0ccb7525
SHA1

47f65c3214e49b45e3942565e985bd72e7bab2f7
SHA256

2bd0e04437a3ec21f596e4f21f579e6a6f93d033cb7438381f7ea0a2d0495735
SHA512

f2514f73203ab32d5298d6be1be24dcf9bfb0e99d9b3c1d55db0b04658fd02790fa62badfba5e9b0c6d4e15387bcfe2a977f7b32eb63ba6ecb0008a0e110fb47
SSDEEP

393216:bbmWlose4y0eHyaqlHc8QUhK24yosun9JLmaoZybz2tOVoarV3:uWlsZVyaY8w14L9JLmS2tOVo4

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  de3e7384233944a5675df02e0ccb7525_JaffaCakes118
- Size
  
  16.7MB
- MD5
  
  de3e7384233944a5675df02e0ccb7525
- SHA1
  
  47f65c3214e49b45e3942565e985bd72e7bab2f7
- SHA256
  
  2bd0e04437a3ec21f596e4f21f579e6a6f93d033cb7438381f7ea0a2d0495735
- SHA512
  
  f2514f73203ab32d5298d6be1be24dcf9bfb0e99d9b3c1d55db0b04658fd02790fa62badfba5e9b0c6d4e15387bcfe2a977f7b32eb63ba6ecb0008a0e110fb47
- SSDEEP
  
  393216:bbmWlose4y0eHyaqlHc8QUhK24yosun9JLmaoZybz2tOVoarV3:uWlsZVyaY8w14L9JLmS2tOVo4
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/EstUrl.dll
- Size
  
  181KB
- MD5
  
  2c5e13287d27b526c01aace7ea92be9e
- SHA1
  
  3b7895f3e3f9dfa9797d2cf04ad7d3d5548210e6
- SHA256
  
  986ea6d67ded7e67cefe739902194751643982293154ba496d4b5076e0df38e4
- SHA512
  
  51702649d7ccdfd90a1b7d06699d0791ed60fa2419013deda826cfbfac57231fb06000d1e8a3bf866459ad8597393cdf95e559f575dc51c236c3205c69bc36b6
- SSDEEP
  
  3072:p6ZhyGy8Xpc/PalncLix4janKxZSvQiPPWS:oMGDlnb4eE+j
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a22f252c71eb36627fdb4cb0ef72eadf
- SHA1
  
  ddd8e4f52ebd6b72d03699dc612100bc8b9f5e19
- SHA256
  
  45f3afdf22da380bee78de92740e1e08050d03c74566ef886856a2266395fd6f
- SHA512
  
  00ff3ad2fcdaba9919b63d1252421f3d4077669f74a1629e816682fb5b460e14e2ededc6b6aefbc980f1133b2b01dfa172bc356aea4a98d966e5da9c423bb595
- SSDEEP
  
  96:DLzRnV/YfgGJ01uBgMkW0Shlif3YhGrPjsF6GjUoZ:DLz5BGJ0KdrifIessGjUo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  b666f31c4c24be1d4d47cfb55dd35f96
- SHA1
  
  fee917ead511a6c14538c72539fa740edc7d82c5
- SHA256
  
  07aefeeea75705edcc3a21ac7dc4b5b837c234c041b725c245b50a73ffabb78a
- SHA512
  
  6dd69a085b6b2a2671ec6545bae27a72151457ccd76c3bc43a4544f4910fd8791251fb08c2f068d54dd91a6093bed50a80afb68875a9ddf29ae43c42a7337bc8
- SSDEEP
  
  192:9zjFtTLkrepielWXsUs5RRvD4feuy9It2h8rGfgv:9PjyGqBfeuyeGYv
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  151KB
- MD5
  
  a27ca0b7decbed62dc940490290925c1
- SHA1
  
  0e65e3bba5745e7ed64a689ae0c4415a15c9e849
- SHA256
  
  60c5c8e25e722f26caf1ae905814d5fed733ccf61b60118fd07f2fff6331ad1c
- SHA512
  
  f2222e0f4515e52c2574454e7b81ef5574419b0b354daad34d40cd67f0478b813324bcefb00c08273a5b13699510aaa4d3e1b6e65e9c7153fd31d30a7479b04a
- SSDEEP
  
  1536:i/cKBfDRLVqoCHeTCMjzLB2gOF8LipwHm6adZ7ECXgdn7Hv1ewRHVsh+BhQ4AGRr:edBVLYeTjjz7Li1A7dVG+BhQ4AGRfOc
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsWeb2.dll
- Size
  
  197KB
- MD5
  
  d8113c015116547827b0cdc4869c244a
- SHA1
  
  82392f5483c6c175b3955cdf39aa87d550266ecc
- SHA256
  
  b7baa631014fbda8fdce67c8b660de8507aaee9b8c572d21746b3078341d3885
- SHA512
  
  907c61006a58dcafa812f03fa08b58814950f66e9019bfcc12eefc59b0f7ab2ddee040e2ab162b7e09c3f47cdc71c914307a6fe7b89e11033edea7131fc2f563
- SSDEEP
  
  3072:js1jmrert4EBLiFM1cKaWHcW8muKCs429ZSQStnB2:jsMaQNugi
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/workerExtension.dll
- Size
  
  549KB
- MD5
  
  e22882c6a4f464b95f0137dafedf18be
- SHA1
  
  11e845fb4d6c56c63814346c854e89b9138b2fac
- SHA256
  
  31c46010d24673fcbfcc0f17dceb5fd72520fc92b6a43ae987e35786a50961f6
- SHA512
  
  d9bc60317c64679f7e95142b10e154be014912aed551abdb871f94b5d14ac3c918b54b281b5f4fb2f00c1761c089ac56e2df8f99ddfb096a9af4a28d1cfdbdb0
- SSDEEP
  
  6144:T9OtxpIHIzSQigjfvod0vjzabFpM3wF7uJj8LV3p/2cW8BZZUWLB2r4FqDJTh6Hs:TIteCTM0vPIF7aU3pOb8BQGB2RWHTo
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/zumlib.dll
- Size
  
  85KB
- MD5
  
  3805c8db069993af61fa1a24b434502d
- SHA1
  
  e836b37ea7ba70b3e6b422ece37996d002dd57fe
- SHA256
  
  62e84b770afcc88c9e99a392e9b073998edfc0a6a7f6edc6fe29e6e69f7f2941
- SHA512
  
  a32c1dc16047a6a08769357b12f6ac6ffe59f0781c109ab82db1d8416f0d03ee77e1d2ed369d90374fbb1776635bed586cc9330d4a2eb0098af9eb0fae20dad0
- SSDEEP
  
  1536:Wh9FwX44vMyxnEmlRYE4k9QybwLGluj+P0ooS:WhDwX4ctXUOQ3LGlW+P07S
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/ESTsoft/ALUpdate/$R6
- Size
  
  98KB
- MD5
  
  b0dd54b9afe10bc50cc964de89f25a39
- SHA1
  
  9669c482f53cc01c5372995489e58a80776b6324
- SHA256
  
  994cf7ec27f2b9c9782a9a7fa17097c97db7769a285ec5ea3418dbd67826a96f
- SHA512
  
  63766fa4ac6ee1ddb0d35ec48daf8030568d4697d94f49700e28f0135f5e0796c5b343814aa152af34d83ac02182fc9552a8d4b4c46532996b0dd93940d39722
- SSDEEP
  
  1536:Y9wWks/K2O6Nb6m2/pjcYBRMMa2VFL5kn1kwORfHRQ+hqw09V:Y9rJ/xOQblYt0gFLaF8xQ+hqLV
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PROGRAMFILES/ESTsoft/Common/ezt.exe
- Size
  
  98KB
- MD5
  
  b0dd54b9afe10bc50cc964de89f25a39
- SHA1
  
  9669c482f53cc01c5372995489e58a80776b6324
- SHA256
  
  994cf7ec27f2b9c9782a9a7fa17097c97db7769a285ec5ea3418dbd67826a96f
- SHA512
  
  63766fa4ac6ee1ddb0d35ec48daf8030568d4697d94f49700e28f0135f5e0796c5b343814aa152af34d83ac02182fc9552a8d4b4c46532996b0dd93940d39722
- SSDEEP
  
  1536:Y9wWks/K2O6Nb6m2/pjcYBRMMa2VFL5kn1kwORfHRQ+hqw09V:Y9rJ/xOQblYt0gFLaF8xQ+hqLV
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $R6
- Size
  
  8.0MB
- MD5
  
  cf1e34fa6bfdf39c91a224086aee41f4
- SHA1
  
  bdc7ea7b764caf325e175ac61f64543da0582a06
- SHA256
  
  0ebf3fc56f2c01a7ab0a7b9512241298e11f46791db3324c57af8a2ffc3fc9c8
- SHA512
  
  60ff2d7dff3a301e1c2dac62afe0b6809fa111ac1a0f172849bd1aec0c972745bbab462e43ccff065a17f72aec26a4d7940a95491c5f15cc97e734da39f47b32
- SSDEEP
  
  196608:pjOnqZLTH1og9oi8S9hcKTdJ2s2hfW6w:pjOqZLTH1og9oi8S9hcKTdnD
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22