0db2dec89b2077c4f25a662e7b0e3dd4c8e618fa261e6add5fbaf2cae382b8e5 | Triage

Sharing

General

Target

df9bf86768ee0ae32d7d769b826b828e_JaffaCakes118
Size

1.3MB
Sample

240914-gml8yazejg
MD5

df9bf86768ee0ae32d7d769b826b828e
SHA1

722a4a30c316bf2393b128124278d95f8f228fa2
SHA256

0db2dec89b2077c4f25a662e7b0e3dd4c8e618fa261e6add5fbaf2cae382b8e5
SHA512

450743b4dabb7b909edbb714c3405a0e1ca5a2171fe711d71782cfab477247b8fa444fe4c5703dedaa31409a811fe1023aecd32dedcd6e9ee311f58ebc228890
SSDEEP

24576:YGBUIT1JKFdekJccR3FPpdgEF/oLyPDvzjmZBm3JGmf1m67bO7zg5y:YGBBJ3Mx9F/oL8f2Upka2g5y

Score

4^/10

discovery

Malware Config

Targets

- Target
  
  Notepad++/SciLexer.dll
- Size
  
  372KB
- MD5
  
  8d6c55d2a1d40e904a8e2e62fe582325
- SHA1
  
  141b17a78318f8b8a969ebbc2b25a7d91884dc61
- SHA256
  
  ee1858814a0e5b57b20005eabb10e0ef1a7e1a409002e3e8521ea4c6eb7115e4
- SHA512
  
  5e13ad41a03c9833afeb3b1df6ca02549e4f6433b0fbb9d4617777674e53c425de41d12ec03e13c9caa8c0c82041ba6ed4d56573948f6f1807e4879dc2cca78e
- SSDEEP
  
  6144:sixGyhR4iMRiU4/3dPrLxezGSt2ImwkMqkQ8NlXx/idGRpfLPGryxGYed:si4yhWRdY+lt2bwOIh/GgfLPGryX
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Notepad++/notepad++.exe
- Size
  
  1.1MB
- MD5
  
  afe371c78fe149d8f126d2f03162b431
- SHA1
  
  6e0b1c2c6091731632e5f23752f82813f6c6af8e
- SHA256
  
  26bc1eeed81306666ec5acf83e60cf2658a3a5f758b8dd9a39bdec725e0091fd
- SHA512
  
  5a6fc640d9e2d0cb5fe849df41b9da3b73f371976a93f8cc1dfedc14a056ac4d697f33edb5b46deeec8345d817302857599d965747900b5899330df14e692ebb
- SSDEEP
  
  24576:i0hzmmgsNWW8BJzUN1LeyBTn5ZOZwppGz6ORGP9:iNs18BM5SZwnGzDRG
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Notepad++/nppcm.dll
- Size
  
  24KB
- MD5
  
  f0fefc2f4321b8990d561b64ee6ceb28
- SHA1
  
  d9fbefe99fc1b331aafd729f91798f6f8c0062ae
- SHA256
  
  725c0b9b8725517fb8d200950617e500f575e1734bf35d303207f9c188b82669
- SHA512
  
  fbaebd2aa48cbb87ad5b14604e383465e0efa9ee77782734bb1b06dede0c443c04ba7963528aad045951dd90738153720825aa790d4b991e7ca85e77a662738d
- SSDEEP
  
  192:Pec/QfgAfyAScAhquooJWTBMHY4WA0GWJtZj8mMjH:JAanqt3TBMHY4Dwx27
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Notepad++/plugins/ComparePlugin.dll
- Size
  
  210KB
- MD5
  
  3dddfb3aabfe40ec0ecce6f7cb35291b
- SHA1
  
  4007799219329281829051d7ec50e1521974d39b
- SHA256
  
  c54a0f663c82e680c0644bb4390a3ab0d75002c6e8677a668aa9ee54b144a0a8
- SHA512
  
  3a5c2ce1a1cdd63da9ab527ce990e1fcb18769513fcf37d52fc1a78c9b6bab34ca607b29de236353c98730194d9941e98c8b213360d8f8d0d493f8235cc591eb
- SSDEEP
  
  1536:+f+M2Qz7r34DGxbGpYog2z0Q3Ij3byUVKMZRU5h7cg1d6idLZ2YmoPMyvDfUFyZH:qBqpYoDbBrbP1dlmfA50LpsBBV
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Notepad++/plugins/Config/tidy/W3C-CSSValidator.htm
- Size
  
  193B
- MD5
  
  79cd5595d1fe1f455e1eb7090a1f02f4
- SHA1
  
  fa124ae5503b6a569b55bb1329108cd04028576e
- SHA256
  
  9e9417cee7753c63c53bbd4b6ef94a6d563704d056e5cb4b6d1d474eb70502fb
- SHA512
  
  b973ade56be92f9a501769579a5dbf7b298a0806d7eefa2a7e4dada1d74e4911dfd862bedac963bf939261b55efca14c7853fa3a849f413b16202965dfc20426
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Notepad++/plugins/Config/tidy/W3C-HTMLValidator.htm
- Size
  
  236B
- MD5
  
  d80ff86e9c9bc2a5bbce537380a5589e
- SHA1
  
  530344a41c7be15d669d09339e5fa37b539c7a06
- SHA256
  
  489975bd0de1682a107e8c003976f9fb41d6c0fc49a0fef4ae8cc644a319592b
- SHA512
  
  2442c52113a658939040708504692213787f8deb41dc15ed950e168b4179689e1d8ea1878038fb2a0632bb7027f3aa393a5f23e2621284e7324975552481f27f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Notepad++/plugins/Config/tidy/libTidy.dll
- Size
  
  244KB
- MD5
  
  14bef86fc72331d6483abf9410133f8f
- SHA1
  
  58722272c5dc7fd98772827086e209f2c4486013
- SHA256
  
  21af863961485effcdcef91bae4a9c3ee557ad9f3c9f1aff7e6ea66a7d81c99b
- SHA512
  
  805b3c32841906b1837f9a4b4f4a2f0f8048a842cc9b8dc415d9a8ea76f5da9a815d0a5309a6a0d454ebe0795ea42933c622c92fca2507b238ff0091ff97831f
- SSDEEP
  
  6144:fGI2XwXeBZJpZL4gfkWwSiLW0F8dw27L4:52XwXiJpZkgfWSia
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Notepad++/plugins/FTP_synchronize.dll
- Size
  
  174KB
- MD5
  
  e9e9e8b87c99c06d8cc62138e6f24dd1
- SHA1
  
  9779fbc416540842a57f1875031df647eb6fe770
- SHA256
  
  6ab737fb696f475a4285f3c39d16b92e82e8e27ea54bb02e14cfaaf7b1cf7a7d
- SHA512
  
  15e746017cc57f37062ff8c809ba82af37ec5c3ff45e12f6946dd506d376ff4ee59da2fc1fbd2112aed8b51d394d71f542e93f3ee8854837ee188d70bdfbac1c
- SSDEEP
  
  3072:OydrBTlENhHjQhhuEXu5nMiDcox68bBQezPtkb+:trBTKNhDQhYEEDa8ttt
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Notepad++/plugins/NppExec.dll
- Size
  
  300KB
- MD5
  
  6756d5b439926f25f1fbf21059dcac8e
- SHA1
  
  c5b1a0620d8bbaede004914b37bc2263e37ca5f1
- SHA256
  
  0c81b81bd5f46cb66fb749125482e7303a10d77dedd32b2847326b7dd114e274
- SHA512
  
  fe8f12a7d759b93a532743cc84e9d2e426079bbb4d92f3ea5c1eb237414f2741a005c8570a1d156c81729c725b6116038259e0ffac1941477c5cec476b3cfe36
- SSDEEP
  
  6144:EF8MHhMe5YKS24CeZ4Jy1JiT/zMYX86MmN/haS1:EF8MBaJ/CeZ4JyPiT/VHaS1
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Notepad++/plugins/NppExport.dll
- Size
  
  14KB
- MD5
  
  ad32f0f59e70823de864387f65debcea
- SHA1
  
  99af84474a05b94d6268be88f4e3b18ae25433a0
- SHA256
  
  345e44b000f20124c79e29257daf300a820322ab644406fe3bed59432294a70e
- SHA512
  
  027d2ebb72d927227a11437fe69b3c1edda54428845744327f905c5f79a5ccda014482a77524369efca8b510135e5d7b91e94878666d148b5ce8765a76d2abde
- SSDEEP
  
  192:cwx1DQ/vBbG8hidDrrlTaVi3RVCD41d/N+D1vT6SpEx3XC3LYtdQq:rx18BS8QrrlTaX6lN4bhElXCbYtdQ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Notepad++/plugins/NppNetNote.dll
- Size
  
  72KB
- MD5
  
  34102afa3ec71f14f61898edb69700a2
- SHA1
  
  99bbb336ef9fba87f87a769b7ff3103c069949f6
- SHA256
  
  8653367fc15df2b4ee77591e59fd9fd53f5e681c7d9809b546c23a4c49dc2b24
- SHA512
  
  f74a1421987f201752042a1556899422115e9c20563f606563ed5d40872f0350f6f6af6ed9a0ec0aef0884898d6c28289c5281d37ca452216a5c932cf6321a44
- SSDEEP
  
  1536:FCZ5qgyMtrIfVgMOXaMN7kMCGDNJw31dlXGhgWDGb3I:FCZ5jFIKPCMXU9XGhgWDGb3
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Notepad++/plugins/NppTextFX.dll
- Size
  
  224KB
- MD5
  
  e3447cd9a578d4cbc93a59df68c8095c
- SHA1
  
  c2812fa4a13e6ef62e823a982283dbf29357d726
- SHA256
  
  3fca83f501f93bc0aeb061484fc3d0c3d5a4b4730968cbb65655584a22dd27e1
- SHA512
  
  eb76557796d8bf4a98032460674964f539b7ddafbe1bf2397348bbd32045a0d058a224c923e9476b89fb9d562212f5ea85ada3ae8467f2f3a7de009f9fe9b5b6
- SSDEEP
  
  3072:degEd/3jx+tp8O8k11HLfLN9n2pbs3XQmE3UydVr0j89tuh0d:cldPYtp8O8k1d+xs3AmhiVrLW0
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Notepad++/plugins/SpellChecker.dll
- Size
  
  80KB
- MD5
  
  71716e9431dddba5fe0b2d0d9bdd37cc
- SHA1
  
  9f4990bfdfbea105d14f1288142e5f0d92573719
- SHA256
  
  8011e91a9ba260ef68da0e041f834d0ac7f077c17d252a65854efd7b4d9b438e
- SHA512
  
  74568c4dff6abc881b9d0eb2c3b37328b5e5cf7faf4d0046e52af198006b4572b9a4ea73e0110c3fafba15540a6dca2a76e929a5842053b0f9846b7c0ec7ccd2
- SSDEEP
  
  1536:0oikCWG/5+PZR5PoOFNByH4rw/aRTt+7XKnAKSYZA8We2ic6Xt1/Qt8+k9t:A5+Z5LiiRTt+7XKjRLc6Xt1/Qt8+k9t
Score

4^/10

discovery
behavioral25 behavioral26
- Target
  
  Notepad++/plugins/docMonitor.dll
- Size
  
  52KB
- MD5
  
  8ff600816dfa9c3016c4660c0bae53ee
- SHA1
  
  184a6b4b641f7f1c01213d28bd3b8f250e4d95be
- SHA256
  
  6951152181ecaba356dab08f4320e3d309f5e6cb0b6e895cb1e526a9baedb268
- SHA512
  
  d92f85ba092120b47743473e598af9d1ace77558a6405662458bad2660eedab69342e6a2b1e550eb97f8cef6621a87d2f81d02eb8d64c57b21013505cd67c621
- SSDEEP
  
  768:rzxrvEAjr8ZUGq4MZUQmO46aLAVZ/ptVtuPXP:rtDjQMe04xLQ/BtuP
Score

4^/10

discovery
behavioral27 behavioral28
- Target
  
  Notepad++/plugins/mimeTools.dll
- Size
  
  68KB
- MD5
  
  e88ad75409ea6e7d9122534360d5c3dc
- SHA1
  
  630665e2a4e704509b9d02f6fb8b6918a51d098d
- SHA256
  
  3a9578f60d129e7503b518d923e9e9cf1d5697b3b5c44de18bcbc12e5c6bc0b6
- SHA512
  
  26276da5fe42f7fddf3c59cb87e728ef93a6ee942fb4b991f9a7f82d20f1772a69fb85cb92eb206aaa2843a16105dd7eb6727a90022493e0d3b1ef3024dce0f9
- SSDEEP
  
  768:lNBKt8KCisOzjLhJ6+k6e4G3d4D1pIQkUEPDem3pAb3mBxIO8D+XKDPB0lLX7XTQ:fU62hsP6e4GuhxEiSS321JYB0p7XT
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Notepad++/updater/GUP.exe
- Size
  
  132KB
- MD5
  
  0fad4b26b524b1341834a9a563171d4b
- SHA1
  
  53b3c5c1b88bd003962d8a38ded6141e7cf9758b
- SHA256
  
  dc4563880ab9b32ea6f64bc3ebf0580b2cc98bf5d53f8810480b2025af447b87
- SHA512
  
  6cf4eac2a692613915e89867ce35ad5e2b001f72da1a9c684171a5509dffec772752a05080701246f2ff950fc91bfb0e89ab1cca85d642597e7df53c63e231af
- SSDEEP
  
  1536:UwHGLRMvMlramP7DbA1VSfDQx0bzyEgiytTPu7CUWyhkm27/NOKz2eiKRntR2f:U9LWUhmgDXegGKv0gFKZtR2f
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32