1999761f26da1496ada1465f8cd393b5c0d909f3c36e5b6b0757d66702547002 | Triage

Sharing

General

Target

e539f76d6cf5af0fc46788f3fd99094f_JaffaCakes118
Size

676KB
Sample

240916-vnq56szapa
MD5

e539f76d6cf5af0fc46788f3fd99094f
SHA1

f60cd6fb3b4581ec63e81c8e486ccd20720da2a0
SHA256

1999761f26da1496ada1465f8cd393b5c0d909f3c36e5b6b0757d66702547002
SHA512

60f5859da949c39fc21e25a420b308adb82f31ddbc9824c5046d39e393affc58ffe95021a3dafa3d66161481018eae32dade136cf33b2490d6c0b5868261ae04
SSDEEP

12288:thLq8HjTklCa58R767up/NUI5qVT+OKJWblXByTKumv1W7jvuA7/yQwjanUfdBTl:thLq8HjTklCRR7Xqh+OqWRBSKum4H6TD

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  e539f76d6cf5af0fc46788f3fd99094f_JaffaCakes118
- Size
  
  676KB
- MD5
  
  e539f76d6cf5af0fc46788f3fd99094f
- SHA1
  
  f60cd6fb3b4581ec63e81c8e486ccd20720da2a0
- SHA256
  
  1999761f26da1496ada1465f8cd393b5c0d909f3c36e5b6b0757d66702547002
- SHA512
  
  60f5859da949c39fc21e25a420b308adb82f31ddbc9824c5046d39e393affc58ffe95021a3dafa3d66161481018eae32dade136cf33b2490d6c0b5868261ae04
- SSDEEP
  
  12288:thLq8HjTklCa58R767up/NUI5qVT+OKJWblXByTKumv1W7jvuA7/yQwjanUfdBTl:thLq8HjTklCRR7Xqh+OqWRBSKum4H6TD
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  134b93f8bd1f82cd2f1b06c878580703
- SHA1
  
  29cdbce7a2caf1f7e4d2a139c42336d490074665
- SHA256
  
  45153adf50541316468e2b189a0f8127be9fb29e2f920e7eeaa6aceb438db8c4
- SHA512
  
  f970c38debb6631dab7369e2bc96237f16a8fd328d9d35a2b54cb688e1807f62cc6d63230afe89ce5c3945097ae4466872c72929a9623adde3ee57bddf54b692
- SSDEEP
  
  384:EBQCxl9oGPZsw1v6yBIgktbBYeTeXMK5HQ/0lR+Tya4LV0Ac9khYLMkIX0+GBxgU:goGFghBZTeXMK6cVa4L
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  avsuite.exe
- Size
  
  1.2MB
- MD5
  
  0c3769be424feaaebeea53c2c92728b0
- SHA1
  
  2558406f6093a3bb5fb7e1130725218bddca2c96
- SHA256
  
  bf3731c49d8091dafb9f6dad0615db06fb9f8eec9cd391506886e03ce0074568
- SHA512
  
  527b472db7a46effe3ddd89b2988606b6e976b9b03f6d1375572b711f9578ad5480fca97822269649f907098cd59be087ea33b7ac3ef675ca33784743ecd5f6c
- SSDEEP
  
  24576:MUVi6KHMuZmHBxLxIjC+TOFRq3sT7G8hysS/v1y9cv:TVidHpZmx1/vFHT7Qy9cv
Score

10^/10

discovery evasion trojan
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
behavioral7 behavioral8
- Target
  
  htmlayout.dll
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral10 behavioral9
- Target
  
  uninstall.exe
- Size
  
  41KB
- MD5
  
  61ac81123684bdecc0a022aa360f7ac1
- SHA1
  
  47ee464d9f40b4f3d4854f070273438347746db0
- SHA256
  
  fbf22d92b688320cbd2f0b2b8981edaaf1e828e1de48c31128d15e4847307277
- SHA512
  
  261ef9cf5f2727fa8003c19b70a29bc55b47ee2cb340c436b39970136de5cfdfd17b5100ab8ac806fe32181d940fb448a5d9378dbd6eb70a3425b2b176ef86f8
- SSDEEP
  
  768:6HJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJdJRnSlCjFZnOlb/:6pgpHzb9dZVX9fHMvG0D3XJYlCjW5
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  10KB
- MD5
  
  055f4f9260e07fc83f71877cbb7f4fad
- SHA1
  
  a245131af1a182de99bd74af9ff1fab17977a72f
- SHA256
  
  4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc
- SHA512
  
  a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26
- SSDEEP
  
  192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoveryevasiontrojan

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14