2a9c16ed751ec14359f49d25b2f529185f692355ce608c1946eed89261ae1c20 | Triage

Sharing

General

Target

eaa118ae68eb6aa0faf18e0fce2e0b68_JaffaCakes118
Size

2.9MB
Sample

240919-fme9ysscpp
MD5

eaa118ae68eb6aa0faf18e0fce2e0b68
SHA1

63c0065c84bf6a904ea4a85948be06a8d59c4795
SHA256

2a9c16ed751ec14359f49d25b2f529185f692355ce608c1946eed89261ae1c20
SHA512

2b874d6fc48c1d66fd6150a65a7556b91b6464fa834c1b6dd5a54be4cccdea1a896fbc78cbff923d1ce2dd64a62f77225e43ab52147785128cd8aae9570b0e90
SSDEEP

24576:S5IAOcsOD9gg87AaMJOv+M0K8v++tmtakAESMOwdLy0yMAi6kD9UjFNrTmant4t1:sI/kM9MInR+pUypi6rhxmR6ptkZoRLDu

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  pIRC/Uninstall.exe
- Size
  
  84KB
- MD5
  
  16a371e6aec34378acdd0fbc88db1216
- SHA1
  
  64c84264b4cc8601069dc72540b81425c6d2acf4
- SHA256
  
  3e3d78e25614a79236ef40e5b15bc4aa98c5eaeb9526bce3a8bd3e574f03af93
- SHA512
  
  4d6ca9b0e63c97877f0885fa6e7fd7d73bb7f8a6acbd4e66481f89be5ca70b84965d2acbccfda82eddf305441b2dba539a3fe3f54ea1c63ff9295ddf16f5f5d0
- SSDEEP
  
  1536:6vNPYY01DZMm9hI+fRnIKQYf8HpylO0mjEIFBU/lmnTKUEieSsNa/FvD:wuYy1DVQYAyRBIFG/lXRol
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  pIRC/mirc.exe
- Size
  
  1.9MB
- MD5
  
  8ea0f82b113be67c08e7549823f24f2d
- SHA1
  
  b3751db7f2adb38871a1db78b74cb918be57b451
- SHA256
  
  317f55cc1967c2d04cccdbf7ae7bd13d90b329fb6171423370aa458062243b02
- SHA512
  
  f131a9f01710e738f4994d1ce7842aaefadf2f0f074efb07fc0e67178c5285073961d09a7fb92d9f21cbb3e042ac0c7cb04d8a17f55dce1b804c38399c5edd35
- SSDEEP
  
  24576:ra2DsXeCbUZ7XRlql33ZMLhNLkqJhIG7go8W+D6GSEqMiPX6NSSJ/tcoVL3ltAbp:qX6D2L3gzSlyUmLF9T
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  pIRC/pirc.chm
- Size
  
  22KB
- MD5
  
  7ae9a1d703db4a1e81a587a2a675cd41
- SHA1
  
  3b71785a0774be3404aedaa43f14eb74fc97f5cf
- SHA256
  
  87a8fd2aee684b0a076d75dda4ff3b2797a4c51935d576c4c433095bd1e5c0a1
- SHA512
  
  720c6821aa66ffce4c1c85018ea5aa68fad8293fb17b5f911a98be7595cbacede1842dcda25cc4c6ec73353aea58dbb0fc8d5179f00d02839106a03a6661f1d1
- SSDEEP
  
  384:uF8mdG6T2F4KIRFhXqjfhkOKSvaaMgHUdSoRETTULnPvfq:uF8mYQhXqjfmSvJMgHMwKK
Score

1^/10
behavioral5 behavioral6
- Target
  
  pIRC/sys/aliases.pts
- Size
  
  19KB
- MD5
  
  5b2ec008c44d8e1dbedb628f4b9cd9a0
- SHA1
  
  5c50dc8c86f885ef2980a200645285a6421f5a9c
- SHA256
  
  ca023a6905f5488bb08d6b1e86427c7b80d1c571a56eb40414f7773a2b76b943
- SHA512
  
  ee95cce4640fa2546fe1e58c3a4acb9ddd5ba0d4643a0896f3ba64b84b57118cb9fb311c9a024f5fc2a1a2d0859ba00425a9c423c531b2db555f481494b396d7
- SSDEEP
  
  192:FkTlafFBUqhAdDjMpMJg2E07g2nvqgS2u1g6Zhkg2oAoMgW77OgaKKJgCtNogG88:GT4cKAdDCud
Score

1^/10
behavioral7 behavioral8
- Target
  
  pIRC/sys/aproxy.pts
- Size
  
  5KB
- MD5
  
  cff75707e0988247bcd26446f3c22047
- SHA1
  
  e8f550bea3123d9250fb5444d1b5761f33ed948f
- SHA256
  
  a3c48294117fa3c9282cd9f4e5123fc991bf03011713e62c89a8bdb890fb31bd
- SHA512
  
  3992e3fee735a0820cafe4c9095865ca131c0d591dd408297e0ea53a3861853f2f5cb882087056eb796391e4f2c6275be69153bdbe1b2bc9367ec04bbe3df3fb
- SSDEEP
  
  96:+mAWnP0AWnqL/KVNJVJ4n1ZImjzUAOZBWeokLK5KbvBx5EtXwkt36wtMB7XPh5yw:JYxJQiBWT6K5Kbv/5EZiBF5yg5sHZLb6
Score

1^/10
behavioral10 behavioral9
- Target
  
  pIRC/sys/display.dll
- Size
  
  40KB
- MD5
  
  34f7cadb74b568ffbef4fd0bd66e5fbb
- SHA1
  
  778757101c5277d879a5039e26cd8d70c9a1702a
- SHA256
  
  032d4e7a03b6b3b72425d179c2f9ad0a6deb4e847cffde96df477ca536761f9e
- SHA512
  
  c8f7425f1cbd66301d0afa3df0912c7f517b108ab6209256ea26746df2080d9e37a7a0cffdd9eef8ccd0d3f9769f38bc4389c6cb89f499da062d035b94709c60
- SSDEEP
  
  768:IOAqCeVszCw6M6GXM+R8jlAf3uzwapn/B4/tlTQkx3ETXR:zAqCeVssMiMuNkgAOXR
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  pIRC/sys/ircopmodule.pts
- Size
  
  14KB
- MD5
  
  a1fd1077047f6c4de5ae0c06ad057535
- SHA1
  
  a88e1163d29cdbf967ad6d434c79a450f8ad6ec3
- SHA256
  
  7246dcbe52f85774dedf1696ca5a2112f95e7860e2d4764891b115bed8c74691
- SHA512
  
  b7a7e15e82f85356883d5c6b0315c345647dbb6e64ac9aec16a279a0528f23946b6b0d71cb40b3750a0f5af6db9bfe64369765c5f60a640a259d2ef430b6a44a
- SSDEEP
  
  192:rZUVLOFOnEyih5UU3A/J72fiJ7QRVgbaRPIQTtLTpUy3K:SVLOly5Ey7RJ7QRVgOG
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  pIRC/sys/main2.pts
- Size
  
  3KB
- MD5
  
  9364053e4889b0a8f9a818cb79b990b8
- SHA1
  
  24c4f96c6aaa3287db260b93fab2f5c38ee681ab
- SHA256
  
  e49369c95820c186c1b453a9a910a27313c86d2da9d80a8be610a5c0b9351fab
- SHA512
  
  f23980f89b47aa74e4d029cc859f869f8a92054e396fed6aa2a6cf11a9b0466f50ba99cac3809880284746b88cbab77b241bf46f34943b4c351f0fbedbced7f5
Score

1^/10
behavioral15 behavioral16
- Target
  
  pIRC/sys/modes_restorator.pts
- Size
  
  8KB
- MD5
  
  de658d37a83b1bd7161136a9e03333ba
- SHA1
  
  8c6cc7dde96d4378f768b410f41751ce248f5d1f
- SHA256
  
  93123c4031e433640459054f9be96d802b9c2c9cd2fdc33e622d02bc46e8a82b
- SHA512
  
  8395c3847be2e7d226b5312015b365011f541b8d89edb862411302ee6f04e3ea9250e4c283bc14270b89ed37539b4a2577a7032f3a538105318381be16de560c
- SSDEEP
  
  192:xpL9JIYPEaX7IPQVovib4t9dKWuGca4IXvZTaVg24eM7d44JEV/EVy4tVHpEVVxk:xd9Jl7zZABWG769uIIYZZIO+MJ6aH61P
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  pIRC/sys/options.pts
- Size
  
  56KB
- MD5
  
  9b8898ba42b2d2b2e50d75550f8b08af
- SHA1
  
  e803dddd88dc133c04e49944b29d169ce98656a0
- SHA256
  
  568050b51499a419d9259df2406fecc08965bcc760616c2649496af7da4690ff
- SHA512
  
  5aa32e426bdffba82b34bf8f3164678e7a3c1db79a46c1df2825c426edb1883b4d7538c61464a31819adfb80be8ec65d680bc216c6a4befc71689498aebd0fde
- SSDEEP
  
  768:A/9FnWmvhfhEd0yAG4OCeZRXCeY8ivrhmcyuONlTaSc4aTflYxQzTvU/XZwvEyAK:c+GHzTM/XZy6O+jjcjYILnYSJp
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  pIRC/sys/perform.pts
- Size
  
  5KB
- MD5
  
  3dc6729e84ecf9f052dd1838054acfdc
- SHA1
  
  f7faa679e772814bf56ea26a6e1ff00d2a0f96a0
- SHA256
  
  b58029c9743786b257b8fa70af33b584a79eaf6311391cd8d23a508a918f3cf0
- SHA512
  
  ffb2c42d3996212f9c3ed8928e967fcd092b08a1790846ca90a6b6026925d497c1f32b91acd0488029c8628f14692c9849dfd2189703816ecd0d8e4e30ac9b0e
- SSDEEP
  
  96:5p9JmBM9BsbZsklpGWRdXNcAUFoHSQnEMMRYeQE:5p92jlpT+aS0Pq9z
Score

1^/10
behavioral21 behavioral22
- Target
  
  pIRC/sys/popup_chan.pts
- Size
  
  4KB
- MD5
  
  479211fb2f1835cb67c55178cc91e834
- SHA1
  
  074c70f1cc88dda10519e6e987017d32c29af963
- SHA256
  
  9230aeeaaf816e7211777ec634a6eaad24dc7b33bb7d98b76e25c10d7480ae9b
- SHA512
  
  c235e5b50a45f12cc61ca26050e8daf32d2042f869519aff2e8d8739ac1dbf7ae693462b1f20b8dc79700e7a1c6a471c62c2b090ced3562a3bafa974ceeab0bd
- SSDEEP
  
  48:GdU+UQBe/YYbjyvWFwUvbUQD29CoWYJwqfLvrgq0lLInvWR8ZqB61xLEuz4CAwJh:G0/RMMHy/30SvWRYqB6PXCWvB4mbR4a
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  pIRC/sys/popup_nicklist.pts
- Size
  
  11KB
- MD5
  
  b6d7189ef0b07fdae943f1cec3d7e78a
- SHA1
  
  b72ed1fec813f9d293c54efb36e61a9f43ef5950
- SHA256
  
  7d1317c3398cb77a7d91201c9018e17d589d0423fef9309e6b24555794923218
- SHA512
  
  48f83284efb9014d4e1ac7838eb6c09e5ddf1578ac9f4e3b33d950c4ccd256c658b5fb6b93f8de62fa44c59b21a9027676f31725182c5d787fbdfb467b8f1ea0
- SSDEEP
  
  192:j57tXQlIFCIQc9YC7W7T8WGM76lcd4Cb2bTc2msyGc+G/GCoGzGoGTjGpG5GTG72:j57tX2mQc9YC7W7T8WGM76lcd4Cb2bT0
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  pIRC/sys/scan.pts
- Size
  
  9KB
- MD5
  
  88a4d27a06e581b4e3821265214eaa92
- SHA1
  
  4988587bc4435d0e686f978f4aa25d1afc4c1ef1
- SHA256
  
  eea70d52ee21c5fb294c8fdd7289760c629c90c7a24f34b6134326729d701b56
- SHA512
  
  34b4ad9b061ad3b6a8db40f956b0e685935a4b5fc15c6d65b2a3c3ed64697e1a44c8cb53014d63be81dfc45dade13c675dcd7b10ab4d330fa2bde8168315dd91
- SSDEEP
  
  192:a3gaJvR0NoE8xR0NdoDdDY9ltiC4kvy6yCWe:jaFR0NoE8xR0NdoDdDQltn4qeo
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  pIRC/sys/start.pts
- Size
  
  2KB
- MD5
  
  acf36365fe8c4048e18375e6807a3353
- SHA1
  
  97cfeeb40db2fd0527cb7bc406246ef8e70ba9ad
- SHA256
  
  36c3ef3d4657d303bb858ea1379e925133eb9b755a4cfb8d23a1fccda678511a
- SHA512
  
  94e55307dfca2b976f342214f6be1ab133d2628a50403d8a096f21874d56769730bd7a6189174b361630ebf8f568c229cd047c5d56f7ea8ab0c5dc15aa076961
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30