Overview

overview

3

Static

static

1

adminbiz/e...fo.ps1

windows7-x64

3

adminbiz/e...fo.ps1

windows10-2004-x64

3

adminbiz/�...��.url

windows7-x64

1

adminbiz/�...��.url

windows10-2004-x64

1

ajax/bizcate.ps1

windows7-x64

3

ajax/bizcate.ps1

windows10-2004-x64

3

api/js_dp.ps1

windows7-x64

3

api/js_dp.ps1

windows10-2004-x64

3

bizadmin/s...fo.ps1

windows7-x64

3

bizadmin/s...fo.ps1

windows10-2004-x64

3

cms/search.ps1

windows7-x64

3

cms/search.ps1

windows10-2004-x64

3

flei/search.ps1

windows7-x64

3

flei/search.ps1

windows10-2004-x64

3

flei/viewflinfo.ps1

windows7-x64

3

flei/viewflinfo.ps1

windows10-2004-x64

3

images/35/XM35com.js

windows7-x64

3

images/35/XM35com.js

windows10-2004-x64

3

images/35/...ter.js

windows7-x64

3

images/35/...ter.js

windows10-2004-x64

3

images/35/core.js

windows7-x64

3

images/35/core.js

windows10-2004-x64

3

images/35/counter.js

windows7-x64

3

images/35/counter.js

windows10-2004-x64

3

images/35/...ype.js

windows7-x64

3

images/35/...ype.js

windows10-2004-x64

images/35/stat.htm

windows7-x64

3

images/35/stat.htm

windows10-2004-x64

3

images/35/...02.htm

windows7-x64

3

images/35/...02.htm

windows10-2004-x64

3

images/index.htm

windows7-x64

3

images/index.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e15d405f66f49e8ada2af3b43db7c245_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240915-a2h2hawepq

  • MD5

    e15d405f66f49e8ada2af3b43db7c245

  • SHA1

    b6e21c18568df39fdaccf645e8158c6a236237be

  • SHA256

    eb0b91454454fb0d10bce34bed3cf745c54a05abdfc60552150d8f5832bf22db

  • SHA512

    b06cf7e09038383567710fef14fde10718d4bd64632515a1da9c6ca5a6e6f44808fcbebc2daf7af0d78a36f42450c0ff2603bc9fff0c87e0e767037dc4fd9a86

  • SSDEEP

    49152:QevQfDkjU+M0vghu8qGx4Sms/Tmra7Vx5AwEGTQmE9bLInlnJn2bk2m1Z79cjlVt:Qevqf0vghuAxdfSo5xEgQm+bLIndOkVG

Score
3/10
discoveryexecution

Malware Config

Targets

    • Target

      adminbiz/editbizinfo.php

    • Size

      2KB

    • MD5

      0b64feade82c4057bc088dd4ce0d4f1f

    • SHA1

      23b68f4a64525116960110a68931a69d83d94678

    • SHA256

      b1de0a0d9a4154fd7fcc02a310cbc7a83f29443a0103942396e06b1ab1339eb8

    • SHA512

      e071db0c181b91e693a9b8dd90540ff57ccc79b4b8c4e114eacc83402a8d2d2a8eabe8812d3c175f48fd9b077e52d3eae6950a50fdd860a835be05609091715c

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      adminbiz/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral3behavioral4

    • Target

      ajax/bizcate.php

    • Size

      1KB

    • MD5

      8af884399472c33011e2daa603f0e585

    • SHA1

      1cc00700bbda2a51b120fe7af88287e72d9a7de2

    • SHA256

      8a91c833e3644502e5f116d1fa3d39d456fbf9b51b17f8a5d478c78c575febc7

    • SHA512

      5a7a9b3d6015c31732e6f36081c9bd59f2766833b63e27fc35e3ddefcd67d89f6d3123856b338c11262b58292df3cce8d08e903fcce106ec31490a73fb40c8d3

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      api/js_dp.php

    • Size

      1KB

    • MD5

      893c69e2f4c46ce4ef85f31723258f86

    • SHA1

      d637a9e29d0d241afdb48e7f722e8732c54552ba

    • SHA256

      39b68ed5d365bb9c07456c303cb915ed2dbc4d5e0fa4ae3a46dee8827e2c4b4c

    • SHA512

      1ce87d1fa9d827bd693476a1404be8f8f4117bb5c1edb36d398f1335fbd84c0a1ee639e703dcee884b33405612f7653efbaa1cf3b674dc6c840b413e1be18125

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      bizadmin/savebizinfo.php

    • Size

      2KB

    • MD5

      fd58037bfa3d1bddf61e903060df4911

    • SHA1

      1248d31f6608ad95dece21aeebf919d350f7a48e

    • SHA256

      82f5df75df4cc9d2bdcadb4c730a86023ea148f14db9bef31f93df7969efd91a

    • SHA512

      381c23b1e5201a5ccc3bf22bbed8308a2878a2f08f8e410aa5af202ee57460f489b033afc9adad51dccffed104c24fca463942b09398138b62bae2b55eaca7b7

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      cms/search.php

    • Size

      6KB

    • MD5

      e2598159f19c3766fc8698d0daef5a6c

    • SHA1

      751bf6cf1559de7cf1d52f4b0a23306a04ae6e79

    • SHA256

      a7d7bb1c2fc702edf99b71576d5f84da9d9541149aa4ac66a44547d168aedb80

    • SHA512

      c4477e5e077edb1318e86bc562f8b1f684e6f5da40cda24a3376dd892f2ad6aafad722a22bae8f138aa97ba9a16d005d40df537c64c73b22e3cf2255ef1b9a97

    • SSDEEP

      96:5WU/CdDhWuU5lq6iP6Dq6mP6jdD4maIFdiNfwI1dxfwt3/9fA3KAAK7H/tuSHPfN:w58aPxPxmOokotoLDHdisP

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      flei/search.php

    • Size

      7KB

    • MD5

      0ce57b18efda0286118ea1a3e4d63744

    • SHA1

      70ec3b70d3e85e0efe7c344d434895b075e9c068

    • SHA256

      286a95d45a16a705b4dceb798edb1b4689271dba4a61900810e05f8670f03ed2

    • SHA512

      e4992f9c4ac94ca5445905db277208190cc54146278b9d25a2a96febb1c4701b7be370170496abc4903812eb16fea0d8aa33d436cd598a25a3f446644cc0bdd9

    • SSDEEP

      96:5WU/CiCGOWuU5ljLlm2/y9wjLlm2/6ArTWUjyzPVGZjyzAGd3/9fA3KAAK7H/tu9:iB8pLlxLlWArqIyyy9oLDHbnsn8ihP

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      flei/viewflinfo.php

    • Size

      3KB

    • MD5

      54ec2f55670926679c14412b67b9ba75

    • SHA1

      056bd6eddc6f2d751f61933fa4a8fb53bf8d5d69

    • SHA256

      ccf292ef595d775e0191686dfe43a247152f5c3a120bea51b4b37a24be52173d

    • SHA512

      5b7cf11f6d888b68c483a5da184b30dee2d2d37c59e43225f953ead5d54721b5a4146b7c22944f1bd17921e0eaf9c137a7bd50e747342dbfed0540475266590f

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      images/35/XM35com.js

    • Size

      1KB

    • MD5

      400f9c61eef5f06331de118370850bf2

    • SHA1

      6b3d2a5baab0b3497f2d436bfd7e37d0e5bbae02

    • SHA256

      9669090163be19ff392f35c7e0e58343de71fccb8a17e3c771691c06e44a5228

    • SHA512

      82223616e10c9b1d74bfedbdb8dddeaa58c83c6251eae9301603f290a7fce0fdb3940e600b564d3b40687cb9d9495786bbf33f292e54ba3abfe822c1cf07e68e

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      images/35/converter.js

    • Size

      5KB

    • MD5

      3697783002cd2299baa6ca6d7569b5a9

    • SHA1

      a8dff78bd67b56916fac5969243285ae00fb3655

    • SHA256

      541ee8723cae47d6b3a410ff31844204e7ed9c52ba651e42f80c88be54ffb5b3

    • SHA512

      3b40a72f825b3f92cbe8acacca3853de568393ed4a020c3d47a5ff2b2dbe37f519caa82bb108b5d4ed5d32e1854ff908646707eb882a361b3b782343b8ce74b5

    • SSDEEP

      96:oPYLiQbzdad2jBgaVDYLicbflWLiIbrAAiDHkGzxIRKLiNbCiFpBSkgcLiObFD2k:xLiQbzdaMBgauLicbfALiIbrA1lLiNb9

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      images/35/core.js

    • Size

      14KB

    • MD5

      74e2b44cb1f9fa976abe3868638ba41f

    • SHA1

      ca849e6209cb8474d04e62a7556125e7a888d601

    • SHA256

      9f13500d2115516f4bd64934c15b079eae3b9504febf76c73be2c6aeb0e25493

    • SHA512

      6e7fe2e01336b36b289758385d64208c40831fb3c58c604d8cd11ff86c038fb6b5fed6386e3a8d998b99542a0c3d468663902db90978e1347bbee08e1fd344dd

    • SSDEEP

      192:makOG8/4xlCCG3c+rCPNNm+dL5S3pjW4PqLICbfxUoSy/LQ7jsM0oaRNULYWFu53:H94XTGHiNNPuptYfKJPPLOQkW6A+X7

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      images/35/counter.js

    • Size

      775B

    • MD5

      e8816b6487184b4f00366e6c5151d9fb

    • SHA1

      df32989bd5b785d2c4a260a22ab4fd22ccdab49d

    • SHA256

      4502e3b169d0b1392eea262369eed9c55e7d17e46fac34c711892cb813335061

    • SHA512

      fbc749c1ea92d61d0b78a055088e34e5c9d17416e4bf61c4685945a32316fb9c6a6451bf32aec87c69c3316a5daaffa4e84ef2c2cdea0f23f6655512c2c956e0

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      images/35/prototype.js

    • Size

      3KB

    • MD5

      7ae77250af1730fcd131d7b3caffce94

    • SHA1

      58c7b1cfd79dd5472f0fbb60ba4cf77afbe45db7

    • SHA256

      d56a410fb4c0777040386bf7a8c7caf2bad4fa4e2afdbd6c80771d619b34d2ba

    • SHA512

      66f0789a96cca690d3239bb5ca22a6506d075a17051dc0341f946363c486ba8d970322e8eca030ce771f0f62c1f1251e6a88a02c509674984129310e8d402559

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      images/35/stat.htm

    • Size

      2KB

    • MD5

      34ed3020cbfa4ae6e35d61272014aa22

    • SHA1

      e4f7a966f5e4c158ee7d2c8ca6c782f94d128c38

    • SHA256

      7710f085a49a8b9b45bb78205efd02e8baadef6ab16f68f55d5d4a1547511aaf

    • SHA512

      0d48f5705fa6be6ed59410f8f5dd7e018506b71ae54e90918020d7f93f66c6ff25b4f4386fb01b0e1cf84048d4e9586420c48bd3b528b144fdc29ce9d5bb907d

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      images/35/stat_002.htm

    • Size

      13B

    • MD5

      135b77d4f8c869307e2bbc0b67514e32

    • SHA1

      e2be50b0a4e72758ef2605b569bb5ad5ded9867e

    • SHA256

      0200f63b01a4cf357181a9bb2a74cfc499a21b1f0d3b220a3d3ec5695fe0f0b9

    • SHA512

      0a7902a3a7217f4676a229e4028b4d15b4e27ca41d09f713c0aedc065ecaf6e03086cbab1a5ce5cfb78ac5d2aed309319478e6e31f059ef1289486e59131c441

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      images/index.htm

    • Size

      1B

    • MD5

      7215ee9c7d9dc229d2921a40e899ec5f

    • SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

    • SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

    • SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

12
T1059

PowerShell

7
T1059.001

JavaScript

5
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

3
T1217

System Location Discovery

3
T1614

System Language Discovery

3
T1614.001

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
1/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10