a32b668a91b9c3a6d3cff3b15d556572b948ddfddb24ac7f84a46335e2790f6f | Triage

Sharing

General

Target

e385977e88c6fdbcf129ef2c6f66140d_JaffaCakes118
Size

2.3MB
Sample

240915-2s6vrawflg
MD5

e385977e88c6fdbcf129ef2c6f66140d
SHA1

136dbfcb059e94c05a39630b852d36397c6c25c8
SHA256

a32b668a91b9c3a6d3cff3b15d556572b948ddfddb24ac7f84a46335e2790f6f
SHA512

ed2dd73639fc7bff3f89b9e2db85c76892735a12beefaca6725863b3a4a48370b5ca1c36edd307e9c840ff94ff2224fdbf65142f3bafc904ac39dc71b3805352
SSDEEP

49152:HiCRVsJgkk08gl6mTlD9ayo1vA7Z9V3z7tnmb2qf+lWnrI5gDjp:TRA7k08gl6mc1JAlrz7tn2Oenjp

Score

3^/10

discovery execution

Malware Config

Targets

- Target
  
  api/uc.php
- Size
  
  7KB
- MD5
  
  9a3d663bae526aaf6be69cd41b5e1c88
- SHA1
  
  7391dad5f340bf37ecdf570ad7e3d21a56094cb6
- SHA256
  
  24366064e4b848abd513470ef3a2f046f7c2ca33b71b025424693969c18d0518
- SHA512
  
  bd796c464ddc78ab55b357bac67a2c04d960b17e7ba6574844aa26ed66df9819830e6764772bfee30423084eac0874d3bf8f26c93e9b0f1c7d3f23b39a9941e6
- SSDEEP
  
  192:2rN0Du6uh1LF94Rboi2bB17bCHaGPQ168:2rN0Kd94xoieB1vC6GPQ168
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  api/uc_api_db.php
- Size
  
  3KB
- MD5
  
  cd8dd686e1f9410c40d41812dae8bb47
- SHA1
  
  284c5b73d1bfdbfb556a65a913196faac7b2533e
- SHA256
  
  0e2e3c5d6d43205e9fc5e8474da748716de35280b8f0e55fba36dfbc50f9fb27
- SHA512
  
  88b11e62116d628a35f3acff9f3b7756125b5757c1ac12ef3e90c4f0691770fb168e7ddc66d8077d09ced1de1d34bbb991a31f39a95bb8f88ed4fde4b0c5be4e
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  api/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral5 behavioral6
- Target
  
  iis_rewrite/Rewrite.dll
- Size
  
  136KB
- MD5
  
  afe04864cb12e4a50dbf78cc7a0286b3
- SHA1
  
  8c979cc31ff93269b362545e46a2edef7482b7c4
- SHA256
  
  318fc2f6025aaeed7a236e57b4b6fc86ab218c9dd49bf2d0b027dcccb9a49499
- SHA512
  
  e88f202679e55c779335e587841731903c2bebbc4049dfdf9da8c644a906f15805e8a9da20824145b3629a85a4f4385b5a72a7a77d640d6ef2e85b677cf3001b
- SSDEEP
  
  3072:vODKsHGDzhimd4xW0BUPpj9WImxHWwkuqihyg9:11bj9WIUTVyg
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  iis_rewrite/mtbnotif.dll
- Size
  
  80KB
- MD5
  
  e75014ef4096b22fbd120398424102a5
- SHA1
  
  1fa336d3df933ccd70d5d98430219ff51fec8296
- SHA256
  
  9733873f8b5847bd5f9c5ba133798492313d36a352a975659b305e02a13ca798
- SHA512
  
  0ff5ff78b95ffa8e925e26a45e8aa306f0aa8d5f18e1998b6b2dd24130adfcd10139fe4d2fa431d766943083c0d10c05584e1ce173ffb784920660e1de8a80f4
- SSDEEP
  
  1536:/rOLavn+l7DGSBEJonjPTb0QwNIC/1y0++GrKcSaI9o:TOL2n+5hEW/2yC/1Q+GecSaeo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  imjiqiren.php
- Size
  
  4KB
- MD5
  
  fc5087238032004f3d2fef4a65e14d1d
- SHA1
  
  9058171f635fbaf29785253a43ddfbe7e5cfaa9c
- SHA256
  
  3cc4719fe6f4a84a903c939d08a5d9654ffb75ed3311525791cb077b592d6be6
- SHA512
  
  af6b5fc06807dc96737787931fd180a019fa1b72056a5bf0a2744ad6ef609c7cec4f37c5e8cdb879a99da6e8db31f6555530f7844398246bc2b13002f8e38004
- SSDEEP
  
  96:h/4DqziNRzY2smgeAfjsee/BbPxhsmphkc2pbmx7ne0E:h/4WYzAmgeAfT2bPxh6VUeN
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  include/db/database.db.php
- Size
  
  2KB
- MD5
  
  b05230719231a12338583f299a933570
- SHA1
  
  6312cf4a26c742ac943cfbddd0d1a45fe5f5ddaa
- SHA256
  
  331be2bb3d904ffe2cf143024c31215f2e9d3c369702556c41081c25c7faa610
- SHA512
  
  133d790dc6d1331c645efbf81e6e81bb953185ee89716cc9d6be34b99cae0e348bec4ce0c13e7dc694df792699d005079da16fd934811987343611dd9922f9ff
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  include/db/mysql.db.php
- Size
  
  11KB
- MD5
  
  6379a98704ed309e35783f660e4744c6
- SHA1
  
  10db4f2761f49aebbb7ac7ce4119608a45e27a7e
- SHA256
  
  1c29fca9ff3a0eddd38fd177843d06f7c88621bd365d976f6a342b5a9e4f434f
- SHA512
  
  3b69e7f4f51ba8a43488f8ca57bd38a99f3677ac45d2defd3ff4432cbf2e38a2f03d9b1f1af1f70332fbef3b273f816fe67d38c9f2aaeb6801d38df3f52d3c12
- SSDEEP
  
  192:oI+sxyTRue9d3tMlOfZ/F8aZU2n+KJy4wH+YglzaapX:oIJxGRNilSDrIFwlx
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  include/encoding/chinese.class.php
- Size
  
  6KB
- MD5
  
  13ee4fa4ca8bb1aae032ff9446320737
- SHA1
  
  f67ef3008f8b5f480f4d3352f4afe68d3b74350c
- SHA256
  
  53dae9e97437c96899626f4cd4c0a6d55fc9cbac694823531df41b64d850b4a1
- SHA512
  
  9a8e38ffa1822845ad8e1c84534459dfabaaca460fcd343caa5fa069509548f9c2ee8970473ba4bd72b903e8d515cb8425aac938d624351b0f45c9f67abf8c93
- SSDEEP
  
  192:EFCxTxRdrImn31eGHXvCH0HBd+poeZjS7vEiV/HXvpH0ks79:sCxtrImn31eGHXvCH0H3ioehSzEiV/H0
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  include/encoding/tables/big5-unicode.table
- Size
  
  82KB
- MD5
  
  731e494c7d4cf8833967b87c63915ef2
- SHA1
  
  ff975b2c472d42b2cfde96523c36f552c1c7a303
- SHA256
  
  e40d83353221e45894451f656a54889a100612e5b9a7e5f4157e9c796d176e53
- SHA512
  
  b2d43650af6c6b8166f43b20334fd91fab9d616535c37bd86e521f9a26dd1b620afdbcdb276f3613e39c0cef2e1182f337a3525730aa85ca8b6d86cc1acb97c1
- SSDEEP
  
  1536:H65g+Gl7pIcxH1XkijNOg5ZtAydC2rryXy07/bSkydNmX7nMNVp:a5uL5T5jlC2HSykbV4mrM5
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  include/encoding/tables/gb-unicode.table
- Size
  
  29KB
- MD5
  
  e914c1c998605c629042698c546d9b84
- SHA1
  
  856425900e0e689e413140a9b4c25c33e57800c6
- SHA256
  
  eb941bb4a6f69737cd83913c8ed003d898216d064ff54cc1ebc01978727a051f
- SHA512
  
  4988b90f759fc6d3194c68b6a13f3bcb46802ca348cb1117d48f1dbb20bd750590f683aa418c3040bbb9dfb34bf73c4951b07a9231b7424d9efbd76c28f69d6f
- SSDEEP
  
  768:H6blg+2A0gkB1pIncxH1Tzkezjb5LSg7uW0whZ78:H65g+Gl7pIcxH1XkijNOg5Zg
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  include/encoding/tables/index.htm
- Size
  
  1B
- MD5
  
  7215ee9c7d9dc229d2921a40e899ec5f
- SHA1
  
  b858cb282617fb0956d960215c8e84d1ccf909c6
- SHA256
  
  36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
- SHA512
  
  f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  include/function/global.func.php
- Size
  
  64KB
- MD5
  
  49d89ac126687ae8724520df4be67ef5
- SHA1
  
  b5983c6216d5caa4b94baeb83b675f1c4b3c3919
- SHA256
  
  d0320cdbbfef5dc9364c0eca3537ddf497f5eed3bdf9c486ad2bb05535a747d5
- SHA512
  
  e1ca22e038653dbfcbbc489984cf41d716579c4f5f35edf68e0319e0d268b39892293bba8b45ebbc118e6c979fd8ed4f01ae4f658a77c8adb0e9a8bdfe76cc86
- SSDEEP
  
  1536:Wgp6mp7MbZb8TRab7gc/8KUM2lAw1qnDtz:Bp6mp7gZbj7gK8KUp2ACR
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  include/function/imjiqiren.func.php
- Size
  
  31KB
- MD5
  
  eb3567a53d4b5d70cc3c73522ff93f70
- SHA1
  
  12d80b1271ec5d23c853384b911900782300b550
- SHA256
  
  f62f0e7619cdfd42a78d3138e4c5f8a4a35fae7ef4f690a226e5332d3881e38b
- SHA512
  
  c9043c4c37a20eb60cdaeeafeb313f5b73b292b5b1c73350a6af8c9f24625969984d30e77a9fd4526b8094e673cdfef45a27a8e867c796b970184cecb173cd80
- SSDEEP
  
  768:yZXt5YsM+LCnYXEAPaHgTnV7H2j8/3zPf:yZI/YXEAOgTV7HlPf
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  include/function/imjiqiren_env.func.php
- Size
  
  8KB
- MD5
  
  1b6c4b84f909a824bc0b2e3de1278ebe
- SHA1
  
  a69fe6e6d467f9e5db04b0502a39303874cb9a9a
- SHA256
  
  c4da4d345963ea4605d3c4ed08d60cb7a68f6aa3d1bd87fe08e555c407b3cd3b
- SHA512
  
  06e0286d9ac4fde750894eeb2b75d2eee2c69cd5e63d1e81d958fc0171af27d9cae876fffcd98ff4123a4b40c4f8be08fa1b1b9dc1f7670364d37b570c92dc4c
- SSDEEP
  
  192:hA4WYzAmSJUAy/MTC0vIIp+WISaCupG2Bm22ZeZE8MiBAV:m4vinyEO2IIp+WX7SmEM7V
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  include/function/sina.func.php
- Size
  
  9KB
- MD5
  
  b9669272f0a4c87d02b30aacea1a50f7
- SHA1
  
  8875e908af3d4af4bd8ee0c1d16a7ad863325f7a
- SHA256
  
  0c07ab38ab323563493bde342edf9aa0fac346fe0b1820f410b27c1d8240948f
- SHA512
  
  31da62c981025ee7e9984190a28f3a314f5b8a3f73fb6e21762bbc2aa1ae8ad5774565665ef2f452406531f0d6f431521f95b52ec327bfcd39870dbdd3625fab
- SSDEEP
  
  192:FLf991jD73AOYsLH6b32upqUQc7U6UnZwJfzBOXx9yp6VODq2xhTH1yHmcb3/kk:FLf991f7QOdLaDpbQmULnaJfzBc9m6Vz
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32