f8e234f83c9a692cb137c9c187e9aa835317c5c20c9ecd901d0d01f2c053ed53 | Triage

Sharing

General

Target

e8136d5c48d0947d263abf2163b3ec4c_JaffaCakes118
Size

6.9MB
Sample

240918-bzefzawbje
MD5

e8136d5c48d0947d263abf2163b3ec4c
SHA1

e3e2aac9d779fc95b7a8cac19e5309199c998987
SHA256

f8e234f83c9a692cb137c9c187e9aa835317c5c20c9ecd901d0d01f2c053ed53
SHA512

af98ae7e61418a152ae5f8b60273c2f6a12f0f7e2e661b20518577fcb766141318541f2fdfeb13693a71cc10d31ac04ed8eb59079d2f9fc95270ba8ec4174d05
SSDEEP

196608:L+xDVb99+5zCSvwqA/99GsLrRT2M0kSG9JDP:6xDVZ94lmxQMTz

Score

6^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  Ditto/AccessToSqlite.dll
- Size
  
  61KB
- MD5
  
  d2116d94d74b5bcf82ab21eab7e458c4
- SHA1
  
  e86f8adc82fe7b448246ad8e22f7ea22d150e0e9
- SHA256
  
  34c14e6da38f2368b864cc2ad4e5c6f0aac0c34bf50bf659cb159f88c1d226d1
- SHA512
  
  67af3dbcdcd5e58c1cb07b3a069f884fc705dcd735952fc382855272a32145ce8412a5c01f7107505ecc4857f21b3a68f6ab5e93c7b8cc7a06088f2b100b0829
- SSDEEP
  
  1536:3PSyl+I7JtSO7nzOOxTctG/Ofi8m/JV9m7W:KylpKO7zOO5ck/Ofi8C0
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Ditto/Addins/DittoUtil.dll
- Size
  
  39KB
- MD5
  
  00c5e61818bff98e4666d1da4839aa57
- SHA1
  
  4bfc443d90eeb94de8fae9dec4bfd033ca5fb440
- SHA256
  
  ad02ca21a224129ba9a4a5c7a32810b1cedd41e740b707a06dcfafb9cac1276c
- SHA512
  
  021aa42102f61d460d98b34bdc958eb83c54f5edf0751d1120c8fdca28cc4d2023f93a5f97f7f541ebdfe9947e8215525cfbcb64cdc4e841b259d8d68f1fe5a2
- SSDEEP
  
  768:jB8qWGdYGckPUH8EQuf6wrCAnAVLN3VUoq4xMoSOfqodCnmi0RY6aFO:jBEGdYGcGUH8EQuf6YhAj3dq4xrSOf8
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Ditto/Addins/MFC100.dll
- Size
  
  4.1MB
- MD5
  
  07bccdcc337d393d7db0b2f8fe200b3f
- SHA1
  
  5a02b227cb0a22a8e7884cd138c3e8568d083d94
- SHA256
  
  bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4
- SHA512
  
  e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639
- SSDEEP
  
  98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Ditto/Addins/mfc100u.dll
- Size
  
  4.2MB
- MD5
  
  f841f32ad816dbf130f10d86fab99b1a
- SHA1
  
  0f8b90814b33275cf39f95e769927497da9460bf
- SHA256
  
  7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e
- SHA512
  
  6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a
- SSDEEP
  
  98304:zge9f+eJ5LbHVlaHqQ1NaXJw9QxCqk23i3ggGe9SfcoLDPiHkKos7FLOAkGkzdnR:zxf5cBudLps7FLOyomFHKnPAw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Ditto/Addins/mfcm100u.dll
- Size
  
  78KB
- MD5
  
  9bf0cb63876ba82b8178ec733f6510c7
- SHA1
  
  bbc2580da25ae39655d6a042761f8a753a9f127f
- SHA256
  
  d9a7c9ecf9c022b2fbfe1efeea5215a7caa2bf95674fa88dd5e35afdb310e80a
- SHA512
  
  d61d38530d40201ab6934cf256728d24e597065fae12a77b36103b5ce3bd19b342b436bf54c56949f11b957c4f93795e059ee4784efd213c22e9e6fb072e24a5
- SSDEEP
  
  1536:+iH8I62fuAyjBi28NaHmOKGefmLQBw93OBOQky9rHUWe:+jI62fxKT8NaHhKGefmLH93OBOQky9o1
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Ditto/Addins/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Ditto/Addins/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Ditto/Ditto.exe
- Size
  
  812KB
- MD5
  
  528c31ac57d7dc707dacd2f1ee28d4c6
- SHA1
  
  1d348897db7b3ce83fa0af007e9ce109760584ae
- SHA256
  
  5b07e7228b8a4543c04cc7758a2b34c494c57e6c5cdabb251241ea2866382d8c
- SHA512
  
  57b4f8408a06caea067c51da7facd38590288cddefb78bd763831abf13a3cf7f74fbd9ad242bc1138a802f59c4db3308ee834020ebdd7e1f0a5e6bdede91d54c
- SSDEEP
  
  24576:t+5OF0SIZEXxqYTO9Y7LQEpFVqKTsAK+uypDE1:t+OFDWE7TV9TE1
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  Ditto/Help/Dutch_DittoConfig.htm
- Size
  
  26KB
- MD5
  
  4104560d07d254553f1a7f9697e4e663
- SHA1
  
  0a9b54ba359d79c03db5c06a527209e1108375b9
- SHA256
  
  03a4b19ed7e1a6ea37e2ffb679dd91bf00488bb8098db31a048e06e3c923d1a2
- SHA512
  
  e13067419670970a8befc83a91501f55fe2b6d31e0618db72b5a9c41cc13a64a6f955ebfc817fa275aaa502e97c69bc715b19fd0b0ce6a08a0e68f0aadaccae1
- SSDEEP
  
  768:ptiErbhbSbbiJQ4iAuioYlbYmSIBaUYSRKnjwCCHtPbchH7tt8jl:ptLvJsbQjBuVeDfBaUYXnjwDHxbchH5o
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Ditto/Help/U3_Install.htm
- Size
  
  4KB
- MD5
  
  19e070c7aa48cc298da8a771f9680d81
- SHA1
  
  4263291a449bffc2b5d43ef2222ea32b5f5d347a
- SHA256
  
  15aa2608493c3638fc031e18c384b1983c2b88610c32964349ed8c6e20398ba6
- SHA512
  
  d39e49e0a387365efb59a20d8c35c4545b12591247e48b501225c205d8f4a656278e78e1a96d7d301eb1492fde262c5ce2417918787b711f0ffc3c4ac5d16162
- SSDEEP
  
  96:4fEdG8ozJFH4sPtkJ5aUJxzsuJFaJ1WYJ1ZSZSnS/S+VwtJscn886tpuTIZfECs1:g16gODFgDzqYgDi8fuT6MwDU
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Ditto/focus.dll
- Size
  
  33KB
- MD5
  
  7925734a9f3b3b8d866e07f85e0dffab
- SHA1
  
  04bbbd54bfb065ecb81295e1838376eb39f60882
- SHA256
  
  6c249c0f6129901314740a1b340bc5886a3064e6375aa3d6ffc4b4c2a98ab028
- SHA512
  
  9f8dc9a02f9b39d3f9071c3296c5bc0978bf38a23689e71095abbc665dfe06717e6d69d122f5b2a8f9df8a4ce76c0d297a0a267482dfc6011168e653e4321bb5
- SSDEEP
  
  384:FHEmySxKPdyAadic88G80bkeKF7UqhUoxlbCWg+1nu6EDH+NWq1/NC7vykk1a:RTLir8l0wecoqhfzMmnTEDf7vyj
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Ditto/mfc100.dll
- Size
  
  4.1MB
- MD5
  
  07bccdcc337d393d7db0b2f8fe200b3f
- SHA1
  
  5a02b227cb0a22a8e7884cd138c3e8568d083d94
- SHA256
  
  bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4
- SHA512
  
  e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639
- SSDEEP
  
  98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Ditto/mfc100u.dll
- Size
  
  4.2MB
- MD5
  
  f841f32ad816dbf130f10d86fab99b1a
- SHA1
  
  0f8b90814b33275cf39f95e769927497da9460bf
- SHA256
  
  7a4cfbce1eb48d4f8988212c2e338d7781b9894ef0f525e871c22bb730a74f3e
- SHA512
  
  6222f16722a61ee6950b6fbcbe46c2b08e2394ce3dd32d34656faf2719e190e66b4e59617c83f117ad3793b1292a107f275087b037cf1b6e4d9819323748079a
- SSDEEP
  
  98304:zge9f+eJ5LbHVlaHqQ1NaXJw9QxCqk23i3ggGe9SfcoLDPiHkKos7FLOAkGkzdnR:zxf5cBudLps7FLOyomFHKnPAw
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Ditto/mfcm100.dll
- Size
  
  78KB
- MD5
  
  09ff12bae0eb3e6e688609095390d34b
- SHA1
  
  49511f73b54e8f702c7ea769331558b8705dfec3
- SHA256
  
  0fef52f0378b75600b828172377dea92f8ce4f9cb2e0dcee5d96300ea6d102dd
- SHA512
  
  d7ea7b78ce34e5dfc3ebfa2268c8349469854d02dc4c3423d517dd3b74ffd283409eeb275676f68f6ddc514d8d05ebd44125ea630064493d10aefa4749974ebc
- SSDEEP
  
  1536:KKfLgly77rSxB8p/KGefmLQBY3pROBCrU95:KYg877rwB8p/KGefmLJ3pROBCrU95
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Ditto/mfcm100u.dll
- Size
  
  78KB
- MD5
  
  9bf0cb63876ba82b8178ec733f6510c7
- SHA1
  
  bbc2580da25ae39655d6a042761f8a753a9f127f
- SHA256
  
  d9a7c9ecf9c022b2fbfe1efeea5215a7caa2bf95674fa88dd5e35afdb310e80a
- SHA512
  
  d61d38530d40201ab6934cf256728d24e597065fae12a77b36103b5ce3bd19b342b436bf54c56949f11b957c4f93795e059ee4784efd213c22e9e6fb072e24a5
- SSDEEP
  
  1536:+iH8I62fuAyjBi28NaHmOKGefmLQBw93OBOQky9rHUWe:+jI62fxKT8NaHhKGefmLH93OBOQky9o1
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Ditto/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

discoveryevasiontrojan

behavioral16

discoveryevasiontrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32