Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    debf1a6e4fb720247d2b614b4c6990f1_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240913-x3a4lsvbng

  • MD5

    debf1a6e4fb720247d2b614b4c6990f1

  • SHA1

    9511196501e82e7de0d9d5d2c507b5db7084b746

  • SHA256

    7165fc143a4ac0d0fd3bfffd78430e900f5707ee6de9651820add9ca3ea469bc

  • SHA512

    adc942241e8e52e19937b4cb8fd4de56e3f2af3dad345bce018c7302314897871a02b7d456c70b0796dccb13bc7a6e797d1fb5270b3b6635d58c60afd4f6725c

  • SSDEEP

    49152:a3mWCgCYjyVcX7PNNBpjBlqAwRmhEFiPF2hzDNXzO/0uetGL7:a3mWayTX7lpqAsFiMhnNDI

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      vpnclient/28ip.html

    • Size

      12KB

    • MD5

      c444d4fa82566b610f7b04a51dde4940

    • SHA1

      c8f342b6a9c031966e90de16fc2420830fbd609f

    • SHA256

      06c52b77402f8c62ccf7f5c41e66c602c89cfb56d3a562656b1541d274a35bff

    • SHA512

      3b14b98e3abc2cbc3640184dcfcd6b4d7222de7b9082679931c2778ff5629c0d1e0d06de16821156f48a0f8354d7b78d30f2fe2b10a930446e018aa5318dd01b

    • SSDEEP

      192:VfhLd2I/gvdCAoDtuJTMM8M97rglXZPooFja1TxqgK:Dr/PDtHwoidS

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      vpnclient/gonggao.htm

    • Size

      1KB

    • MD5

      141e20590ae0e47f4921b51dadc3143c

    • SHA1

      91b8a92e95147ba90cca66864b959cc7a0d67ac9

    • SHA256

      09a4ba9dd83c8268063689eaf83a1eb9a667eaa1e2ab80a8676b5957d5cef319

    • SHA512

      2cc063c5f62a4c512a1f2ac3a08a4e090105d70235f841090a1367e3697107883c6d9e675441e7fb692a28f91ebc4308ef546b08f76ad90ae102a97a8f110340

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      vpnclient/ip.html

    • Size

      17KB

    • MD5

      d33e6945bd3f485fb2820eea890311d1

    • SHA1

      464e0933363d78ebc04aea0b6fd4d3eb6b1899ba

    • SHA256

      0a188c825871a0da916c20eb156ae6618149fc4d8ac1f12c6f8f850b31c7407c

    • SHA512

      840c57c5b2c43b3714d65a6f22f3db55e934a66c754e46ae162786038a52c550cfd5c9cd27544ddfe198dd35b1f1fbd980107651bee6fecb37c70992f6646f1a

    • SSDEEP

      192:6qjINZYdqgXdihXOBOSY3SaOyOpeBc9tuJTMM8M97rglXZPooFja1TxwAskOgOyg:6yldihXyo3SaRNc9tHwoidPNOd

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      vpnclient/ssm.html

    • Size

      11KB

    • MD5

      302fee27ca39ed01663fe59ba6c0977b

    • SHA1

      9005bfd0892964adfac2a3916b00ab564d77a182

    • SHA256

      db4c5b22980a984594e7bb7510c33b5d4334fd000f244ed7784d924ca6738983

    • SHA512

      d89f7b7b197ebda1607434cdbba25f188820e88fc8764a8b9a965ad3dbe5fff7bba3decea1d8b3488bff517b2abc6cdb09882a6e2b7ad1d219ca426156434a51

    • SSDEEP

      192:0Vqw69UOVUBUyUu6X6a6F6N6M6a6k626r6e636E676F626yn6p6O6336J6y6F6sn:ClOWiLgZIOx4

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      vpnclient/top.htm

    • Size

      937B

    • MD5

      27c4b46d9c6373085d40d9b311f0f92f

    • SHA1

      376ed543d3e71b3277a6ac2585dcd0e3ddc4da23

    • SHA256

      cc141b2bb1ccabead3aab58cb401133399e0cc9c000471cda724908aa759f669

    • SHA512

      997f14b7ecd0f06540d912598ee24dfeb88d252575890e5197442e03d15f27495520a2a2621306092179f35109cdf7b856709b8156a906c50abb950761ec270f

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      vpnclient/yyvpnip.html

    • Size

      17KB

    • MD5

      d33e6945bd3f485fb2820eea890311d1

    • SHA1

      464e0933363d78ebc04aea0b6fd4d3eb6b1899ba

    • SHA256

      0a188c825871a0da916c20eb156ae6618149fc4d8ac1f12c6f8f850b31c7407c

    • SHA512

      840c57c5b2c43b3714d65a6f22f3db55e934a66c754e46ae162786038a52c550cfd5c9cd27544ddfe198dd35b1f1fbd980107651bee6fecb37c70992f6646f1a

    • SSDEEP

      192:6qjINZYdqgXdihXOBOSY3SaOyOpeBc9tuJTMM8M97rglXZPooFja1TxwAskOgOyg:6yldihXyo3SaRNc9tHwoidPNOd

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      vpnclient2/28vpn.exe

    • Size

      503KB

    • MD5

      5f2553dd29553b7765c990bfcaec0117

    • SHA1

      539577c585b5728d708ead08c4255543ae873503

    • SHA256

      5a46384089f4391d23ed6a1016a8447ac59d135bf2c47c532533e5bf895b29e1

    • SHA512

      5c585240cccf40a1ac248734b7f32eabc58d2f4f78ef275c29aa804d87a8a1bf5286c843590844aecbf4db813220a10cb502ee094f69f4736fb60a33ed2ec534

    • SSDEEP

      12288:O4PIqayttu8fqYG4F2dsJ7tEgYT3jDYF616Fx4eZbKS:OJzAEcqL4FistzUE6wH4x

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      vpnclient2/28vpn_en_5.0.exe

    • Size

      660KB

    • MD5

      20aa6fc8a0583239b43866a28f79e45b

    • SHA1

      024b18daf007f1cfc035c19bef7f52022c308f49

    • SHA256

      f343981c8c254b12e7bc1104d72ddc119bb104510db75795f958b01ca8d51a41

    • SHA512

      7ec5484f9a172a94c620fd56f6f7d598e8dd0a118fbf906b6dfa0ac09e79ae8abeaaee90f7dba1b843160e6259c34042dbd74bd04de0eb4e224b1630fc429461

    • SSDEEP

      12288:IltPST4mIn9n/odH1vUr6SLky2W3lX/ZRduH9gxN2SnXSrnZCVm/W5W7N/B:Il8T4nno1crNLT2ClPZRduC+7ZMk/B

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      vpnclient2/28vpn_zh_5.0.exe

    • Size

      660KB

    • MD5

      2fb63631356b72906b35d22a27189eda

    • SHA1

      dd9875906d4e8748c068ba02cfb53133720ca225

    • SHA256

      82673909541b88f4f89de1cef7be87d4a2a79d74acd846322bbe8a14ed4432b8

    • SHA512

      ef1d98a556fa121773dd1eb0196294d94f61d22c8a6975a2be71cb7eb79c26309635040107c6636874af0aae862d3efabc492687d0f2b511cadf9d813f0ca52a

    • SSDEEP

      12288:sltPST4mIn9n/odH1vUr6SLky2W3lX/ZRduH9d7tnaWaNlCmkfqxZVzpSEHLl:sl8T4nno1crNLT2ClPZRduD74NsEZ+Er

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      vpnclient2/gonggao.htm

    • Size

      1KB

    • MD5

      141e20590ae0e47f4921b51dadc3143c

    • SHA1

      91b8a92e95147ba90cca66864b959cc7a0d67ac9

    • SHA256

      09a4ba9dd83c8268063689eaf83a1eb9a667eaa1e2ab80a8676b5957d5cef319

    • SHA512

      2cc063c5f62a4c512a1f2ac3a08a4e090105d70235f841090a1367e3697107883c6d9e675441e7fb692a28f91ebc4308ef546b08f76ad90ae102a97a8f110340

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      vpnclient2/top.htm

    • Size

      1KB

    • MD5

      fc85605bbdb570ddb2e5c1e93bfc4c3d

    • SHA1

      7c212911305aaa90294ee3e903c420ca03f86760

    • SHA256

      4d9d10a1a63e1b9d053dcdc1dbdb6bcd5b13484f99eab7ce9727c90889ef3b75

    • SHA512

      763d27090455a4118c5a360fc7db0c798ab5f8bad2d0e552bf348eda26d1364e032980801e57d968eea13fe342847118097a14de24e62f0c9e3f894b0e2d4204

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      top.htm

    • Size

      990B

    • MD5

      72defc966eb83b40d830b3bc66354d94

    • SHA1

      c83173bfd34ab77873c01c76446d939fe22d364e

    • SHA256

      64d69ca7b9efa905812324a8d8ea59bdd7f124624e541a6a4ae0a8490e1e381e

    • SHA512

      137d6ae33ae11091ba863a7590a5b3bc8f15012a3a93654f553a138d3b10820d854831307a8a0ddafeecdd84fd8ea88d4e8a52790e8d97b8c4a27086e8d61e9d

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      vpnclient2/vpnclient2.lnk

    • Size

      492B

    • MD5

      8b580b24abb39773c1f176f7c7a700fb

    • SHA1

      765c0c134ca060ddd8a13b0e06610b752385bfcd

    • SHA256

      34ed0d06af02a1f809ce973a819288a7fae41487978bd241eba29be21a379aab

    • SHA512

      c6230280f40ac39cb6725471d6acc57679ce8e43a3e2f0935774d770bcc696b4b95e53bd607b9d62eed17633a3b078eed87424384c2220f9a6f31ec9cf8988a3

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      vpnclient2/复件 (2) top.htm

    • Size

      990B

    • MD5

      72defc966eb83b40d830b3bc66354d94

    • SHA1

      c83173bfd34ab77873c01c76446d939fe22d364e

    • SHA256

      64d69ca7b9efa905812324a8d8ea59bdd7f124624e541a6a4ae0a8490e1e381e

    • SHA512

      137d6ae33ae11091ba863a7590a5b3bc8f15012a3a93654f553a138d3b10820d854831307a8a0ddafeecdd84fd8ea88d4e8a52790e8d97b8c4a27086e8d61e9d

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      vpnclient2/复件 top.htm

    • Size

      933B

    • MD5

      9bfdfcfd6d764554a2976bdb14960314

    • SHA1

      ac5fc558c46edf65f440ba48f2f665bb67d9e6a1

    • SHA256

      ed5203805e858d72f31960c5ad611c624d94976066bd8de72c9ec4bb97e4d69e

    • SHA512

      a8ec7f132742f2fae9320b60bac91a85a224e0b3b8f3ceda2642afddcc4b275543c2c301ef80c7afc2395f77c328eb667a999b511ae91cc6956bb7f03c47cc69

    Score
    3/10
    discovery
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryupx
Score
7/10

behavioral14

discoveryupx
Score
7/10

behavioral15

discoveryupx
Score
7/10

behavioral16

discoveryupx
Score
7/10

behavioral17

discoveryupx
Score
7/10

behavioral18

discoveryupx
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
3/10

behavioral26

Score
6/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10