0c8ec6b3108602dc7ec85538d47c2c26b17ade8cf73022eaf1852654fca3803a | Triage

Sharing

General

Target

e1d3bf81916583947a373de7bd631d8b_JaffaCakes118
Size

29.6MB
Sample

240915-gkkbkaydka
MD5

e1d3bf81916583947a373de7bd631d8b
SHA1

8f855f6f1225c9148163392a1e2abb854488e1b8
SHA256

0c8ec6b3108602dc7ec85538d47c2c26b17ade8cf73022eaf1852654fca3803a
SHA512

d123cc8574ecb73834e8f1a396e39da2ebe63893aefac329339e9c10163fe54216d429ed2de2c3d072a42786a385c5d886cb487d76fdb57b100ed6c99b7b0aa7
SSDEEP

786432:ibG6mDnTH89VnYmgLbXdKocCrWzMjSuqbsOwFCm:+G9DnTH89+mkEuqbCx

Score

6^/10

discovery evasion lateral_movement trojan

Malware Config

Targets

- Target
  
  avgadvisorx.dll
- Size
  
  323KB
- MD5
  
  5378ad5a54c074eba41b7d97fc96d63f
- SHA1
  
  70ee6e685e5f6b5e9f73aff1dbdbafadfb163d85
- SHA256
  
  65a37cd30c0940ad7e3544ca1f14ac29319071b4e86029128927e611106406f2
- SHA512
  
  807f7f9c5b0d6f594916c48665b40aeaebe3c3b1c90f41b5e1087515225512e7d87c7d4e10afed727b36db6598054b303e52832b736e621b01e0b3443771f0f1
- SSDEEP
  
  6144:WEA+sizQyImiTNz4AmGKWgQpI5+JXTRCIQT9Q9BIHCQdkCdErAkz0hoowyISGkSP:WEA+sizlImiTNzpmGKWgQpI5+JXTRCIJ
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  avgapix.dll
- Size
  
  59KB
- MD5
  
  d491c8e2fd102d4e38089d24930c6e08
- SHA1
  
  ad4872fc5f90df0028c040f9185eaf21637cb975
- SHA256
  
  64ab5ec3d25173d1592b491f1dc7f79cb6ef220dc86513d1aa18fc95b52791f4
- SHA512
  
  c98517d7d02871d3ee2d0fdfc5025b2c8b7cf493429d776e5fb20d3a60cd07924c1c300de6e2975f9658ce44811e4a4a436d12699d22e7306ad6ce71aec49fd9
- SSDEEP
  
  1536:Gt8iwM7yo38ba2wvSWWVxthDLqAHshHrwBJiOCbG:Ej7wba2wOVxthDLqAsLw3iOCbG
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  avgceix.dll
- Size
  
  1.4MB
- MD5
  
  7c98765bd283a607fa466c666ac31890
- SHA1
  
  bef1ad8e6f4cf8457d4febf0ab7f925eb3a2d21f
- SHA256
  
  adfea88cfbd4d86c9b2c0bb90af5ad8041deaf82179de38e854b4a17fee94b5b
- SHA512
  
  1a63823dd7833c083d08261eb21de4147ae333bffe5251eabef49d243f0ee2107f36cee52a5799dc30716e2ee93340d4094c733981af871e6a8f82c603498d5d
- SSDEEP
  
  24576:C6j16qEEESCgfD9jmy+DBOA9BoapR4DJ4p:vEBgL9v+DBWDKp
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  avgcfgex.exe
- Size
  
  321KB
- MD5
  
  36142f4057158c4269a94594c68c9381
- SHA1
  
  d66a6d613b49315f64b2b0f9b67da3ab709f4e00
- SHA256
  
  1623b825289eb5a07b963ee9f3986a55b6b86f61b2e48f3f4312ff74aecb0cc5
- SHA512
  
  effbf0a2233f6eee5cde4f6ce16cef07ffdf7b3bb728b6fadcae085f158dfd5443d1baa84fcf208ff6726185b4058acd0cbd20be21303ae41b153378ec92e995
- SSDEEP
  
  6144:sWfFoL1IN96y/LgHiJ4Y+NiO8gLFDPMTJYhr64FgEHi:n6L1yMcioWNtLFPMdV4Fg9
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  avgcfgx.dll
- Size
  
  1005KB
- MD5
  
  b9be755b7c81246c210b8b94b4890eea
- SHA1
  
  cfb13a2b9d10e770a7e9f7959651bd623be34349
- SHA256
  
  cd41da060ed2a07de5228cd40e0c63252d47d891dac8a8a55acdd66eae9c8332
- SHA512
  
  09a4be6619754144cc91ff338a90f1a2ced4b63d9eccc28f96f8360c29bed7e9df7d369df2976d9c6be80fd9fb04ff122a6fc786059cd8200106eb2b46c1729f
- SSDEEP
  
  24576:ewvimJ3Q36WzV1x9IPtYb6n10qmmlaK5qGuQltVRnL:FE6T+b6nGqmDKA0ltVRnL
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  avgcmgr.exe
- Size
  
  616KB
- MD5
  
  c72ce5b8e86f4a0fdb4853747932c771
- SHA1
  
  06dc956843a7f1ed443a7cc6c6ecf7589ffe06f9
- SHA256
  
  acb237852105b72ba5b5429dce59f4efde0ffa936748a15f6e0746c63cea165f
- SHA512
  
  b332ddc34fe8e3cb8f60aa975ec0ac5362f873ba95b3f887e2c54356e54d69ff124ea4009f61a7cd98fbb212549288b8a1b0cb340e66df175db79941ff7fb848
- SSDEEP
  
  12288:Gy/6IPU+rWp3gSnRjDtsYNpBFWkRui/i/Ktqmo+TM6qkslWwRAlrrkmXcf4qzd:16l+rC3gSntOYNhRuki/+qm7Ti0wRAlE
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  avgcommx.dll
- Size
  
  444KB
- MD5
  
  e36562d08ce4fa41a420200e5f9ed424
- SHA1
  
  1cbcac8fe0368a57b04b82e4be43373574a1359e
- SHA256
  
  c425f2829dedd71c06efaaefe9f7a581d6c8b466ccee951ebfd43a9b10836c7c
- SHA512
  
  b35d899d34270210d1836f816ad498175e769acf2db8d749b3c0ec1412051885ec109df4eca579d1ebbeaf85f1e0d7e4da262ae5f4ec067bfcd6ae5d463baa12
- SSDEEP
  
  12288:AukBcuk3tme/5RbAwGtA+e1k8v2/O7XZBsBkSkqNVi5Cz3F1A:AukBcuk3FBGt01k8v2/SXZakSVK5CTFS
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  avgcslx.dll
- Size
  
  880KB
- MD5
  
  e69a7ad873caf58d3a39dd8b0db94724
- SHA1
  
  6ceb691930a593e51016da2a8e7034e91888c807
- SHA256
  
  b6057fa881cd0e94c710b09ac9c89fbc2b750008d7f49d76676436211b65a462
- SHA512
  
  671bf5b2658fee8480de76e04df12ced2995bf9e6fb6ccc60625b737f8686375170425deb4a3aae55a616c8d39f03896ce69ba658ed726bba49e5aa9f36be8a1
- SSDEEP
  
  24576:5Rn+qdsr3Qd9J9N9hgM8IUk9myKw7TyWN6fKiER:2mlKw7THeKiER
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  avgdecider.dll
- Size
  
  400KB
- MD5
  
  a7c48f3d2f119712e779184933698f90
- SHA1
  
  a46ee7006a54437261286d9b6589e4528369fc3d
- SHA256
  
  cf7f7a5b84fe4087216885171ad043a55f2e82ad3c2cdde717955c8153f8d23c
- SHA512
  
  bd90d7d23ed9181406cb3e98d764fb52c66c37c3bf8c8df96cc23f9038b8dc63a8be70595ca6295316356628c33a0169a3ecba4b9b2309c17cea572b604cdeea
- SSDEEP
  
  12288:S1txd9jAVN08i/bXXoMLO8kJ9qggYsSKAFpPli:S1tpAVN08mbHoMLOdHgYsSbFlli
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  avgdiagex.exe
- Size
  
  2.8MB
- MD5
  
  79a60194b00b59777dd7539fb49f0a1e
- SHA1
  
  b2c04a1f13268371ca53c4c752aa2bc4fd8a0de3
- SHA256
  
  b54be97cff2ff0c114e1e3ff846f65e2dd085922f4df4dbb9c5845b2944aa1bb
- SHA512
  
  0bf8119e4b2bf2afdf28b2f682d9f120e5b6da432d3d2df95158b58f341e4fb90fbd7dafffa5a39424a8abee5bb6912411ca34e0e2758caad5610d794f299a81
- SSDEEP
  
  49152:knI3JLy/Q2NEdLdyCCTem+g691KHkxQnTwiJIV4jJlUzvPsU2Eo:kI3JLy/QvdLdsgmHCyom3
Score

6^/10

discovery evasion lateral_movement trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
behavioral19 behavioral20
- Target
  
  avgduix.dll
- Size
  
  2.8MB
- MD5
  
  e064a1eea5451a4669f8570edcd5353b
- SHA1
  
  25c0b450a81a73bccd37cda10582a0b3f0790f17
- SHA256
  
  1e3ab33427f38bab9a1c23f63cba06b0538583ec98feae7485e0c8c68e904717
- SHA512
  
  c1993a11ab304aecb55244c4f8e17c9986ebb545bf014ce198aeda1845271e53e3e794de07d10e683b0750a0da318caeb7241bd1f22e30fd33cb738a25e14044
- SSDEEP
  
  49152:8iBgjXollhXv9E+hD2tuMdyxC3ZRT1UppPPLaVMcHnLpa0HtDFWLz/FM2eT5gCBi:8iBcYh++hD2t1o6ZRT1U3PPLaVMcI0Na
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  avgdumpx.exe
- Size
  
  626KB
- MD5
  
  05031c77d92dad682f0ee4daa9326d0f
- SHA1
  
  00cb4efb539ee703f8da08a692e838f675002874
- SHA256
  
  7ce6be1803c6e8de08dabd4e38e4220c45801fe028d3160ea21a26ca89c0a22c
- SHA512
  
  959710693082dc0e8968ed1897c354b80fccfa3052bf46f3f13addc19ca43c6d5383aee61aacb1112b7021a3893098ac4b1a54cbf5fc05ce91f1e4c656a9ca1d
- SSDEEP
  
  12288:+YcnZJjzUuRc0/2WOdhmRXYvpvlGl0KvN+fzmnxJhEa5p+:+vJkuRc0/2pc4llGl0KvYzSnhEaX+
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  avgidsha.sys
- Size
  
  154KB
- MD5
  
  44f8a5f466891ede5ba5ebbb7f1184e8
- SHA1
  
  8266404e3df15c95578d0f735dc0a7632a245ab3
- SHA256
  
  944ef9a6eae4d58634bdfeebac77a8a02375d8f937dcb989d7b4e96a1ea02466
- SHA512
  
  a5f11356b29dc66add8e3fd36b86b6944c63eb0898d40bdd62167bc5590f7c6c07e24d68b75767dec8870bddd7f21288f6eb4cc4506e2b0de4b1cbbce75103b3
- SSDEEP
  
  3072:z3PJV1CiyIWPxoLCzMUfrpplNUTB7ZAvOeLUZ/N:bPJ21uCzNRNgBtxSUH
Score

1^/10
behavioral25 behavioral26
- Target
  
  avgidshx.sys
- Size
  
  119KB
- MD5
  
  380b62a9db16eb30946694202aa52500
- SHA1
  
  6f7eebd66b45a9db7c591aa924230696ab83e9b3
- SHA256
  
  27dff0d42d5ca121dd90a2988628ecd6da43c42dbf0f9a5a843c823ca74d0c26
- SHA512
  
  183c1f977ffa4637f63d46f3a10ede64ec708f51e20ebce8d7a8262dc8ba3e0c1edf5a8bbe1c00cce7a68db538d8661ffb7c9881904e05d81ea8a331109fa880
- SSDEEP
  
  1536:qeqf5wYLjQBdzkzjLNyt3uvb7PAI9jplRL5pWq4Dde2wMmZ9Hjc6BHIFJG:9hYL8B9OjLg3A/jHtXMwdc6Bo2
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  avgkrnlapix.dll
- Size
  
  2.7MB
- MD5
  
  3d54cc19436185e1efe799014b3ed5e0
- SHA1
  
  39b7bfafaebdc81013e158146207a7199f97ba90
- SHA256
  
  f7323a024d26bb6c6c920b0d32a6c5a315daf9a4f31449690cad0b10bb76f303
- SHA512
  
  9019f34aca54287428fb6a65fdcb0cca25390a4f73b4a8e944617bc469c787b45e63470b6256a369c2510656a5017a8788a6005a79384903d23f37551445aa64
- SSDEEP
  
  49152:QMC+NmVEET51Ltr6+zRPnBJAI0PUBeE94FQIwL1MbUku7x6TUE4qplEDU96N57:QMC+NmVEET5N8+zRfBJAI0PUJ9RIwL1L
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  avglngx.dll
- Size
  
  170KB
- MD5
  
  2fef21eee9934bb10165aa02e530183c
- SHA1
  
  337c388413adac15360f7ed2ce05aad87931dcbc
- SHA256
  
  b7a0e4f9755dda9f3045ad136a46430c1fb509891938310587dcdeff9d6e25f4
- SHA512
  
  afa15b13661a77dee9cb7fc59c4fcecfb1fbf5beb5a90c1fc956f970435f27a0e7f649c70b31e63fd1fcee939dff6cf430c6e25265a18755e52634b6c1b7aec3
- SSDEEP
  
  3072:E9uvL94FOypr/jWzjcNDwO9IboFZaY7Tlei3YZzLLqu5ogiGSWf74K:E9uvZEWzjcNDwOKboFIY7TleKYZLqujF
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

discoveryevasionlateral_movementtrojan

behavioral20

discoveryevasionlateral_movementtrojan

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32