935225957487df951ded6682343166498c245943bc32c0ed5e5e4b8089943d96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb36e875fb5f8396b7bb1cb6d336d569_JaffaCakes118
Size

3.6MB
Sample

240919-nb3vwavgkh
MD5

eb36e875fb5f8396b7bb1cb6d336d569
SHA1

7982a9cdd1d09c3847bd6ca2e56f30185fdadbdb
SHA256

935225957487df951ded6682343166498c245943bc32c0ed5e5e4b8089943d96
SHA512

add086e6776ba6b62ed9cc9d896d2b3c77fe17a05751a3b8b4c975221de91199d464ad7b0be2916d267cae94d0e0a98fb5d6cfbca407fb6e718b9772568c3ed4
SSDEEP

98304:Tp3emjqV+BLlzpF2EUbgobBO/sKU+5tDTP88:be0lllFMM2O/vH5JTPD

Score

3^/10

discovery execution

Malware Config

Targets

- Target
  
  a/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral1 behavioral2
- Target
  
  admin/ad.php
- Size
  
  5KB
- MD5
  
  050ffee552521246558baffdbcfdbeed
- SHA1
  
  e9e8f7e75f807df90d79919f18f8197b51768fbd
- SHA256
  
  14f1a1a27c409af30145f408dffbd27838bf20f01b5675b0bca24ac11a8d674d
- SHA512
  
  ea9a90c44a13b17c81d0f69fbb275169f902b2cf471c6435c4da0a0515075233022acf742dec2926f376f346a1e6668a85c28a828023fcd8cbffb0ba310d0e01
- SSDEEP
  
  96:dNF7yA+ybEzWjlA/PKFhA3Pp0nNCAHUnd0GSAaKFKx/+vgI9:demDjlA/kwAHUs+KBcgm
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  admin/class/db_sql.php
- Size
  
  1KB
- MD5
  
  43ea242cdd9f32961392f870d2cbe1e8
- SHA1
  
  c5094d4c5a1a44bebe5a8f765d1586eaa236e6e8
- SHA256
  
  6f609127a3084ee7bfdfed5af5545b10069a9e0cc14515196879838a48372826
- SHA512
  
  4b7500116ef6d32c0f8b16d7e6d194c0357986e13ed8f25e9a2d6241534bfaf231653b83a88931d2df00ea57db825c0c3e21d7f88a136530c1eabe3a207d9102
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  admin/class/phpzip.inc.php
- Size
  
  6KB
- MD5
  
  66a51d8bcd8f196a46d99694bff40c59
- SHA1
  
  01909c37b5c4d6c95dbdba8a5c645f2295571e21
- SHA256
  
  44dc3376e334e3fee25638b11d0873e3e77923aa37b1581577b695bcd9c2d999
- SHA512
  
  8aa42b5c679fcf278a53d330f93b5cb43a0a12e9d5d325c05ce4d09d0d0f44c2eb6799ecc4bed3082db7b94a6d236574b425b9db40361a331e02cd82f5c5d67b
- SSDEEP
  
  192:C858X8Wk4b4a9N9cyTua3Yp7s8VuEVnvB1:Qjk4bd9N9rTuaIp7HuknvB1
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  admin/dh_class.php
- Size
  
  3KB
- MD5
  
  d91084643784cd935cf182acc8fd3ccb
- SHA1
  
  037a69cbc4f3e63087d725759374bb6666577f57
- SHA256
  
  013a9817661604c36dd1db8e86fe8e6b8b07b92a2dc0f9f1761da5697eacf394
- SHA512
  
  88b62bcc3205b40ba1cfa56f336f512c29cce8623017aea0233e38b0972d2aa2fee0a71b3be10d3ccfb63db6286e8406a1a6842d477e82bb2b5f0326e75145e4
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  admin/global_function.php
- Size
  
  1KB
- MD5
  
  572ab3907ed3da335a51271b17f0e691
- SHA1
  
  21f73993745891c1674aa8ec505a4571f0b5dc81
- SHA256
  
  a8bac8fb007717c94dedc2260d4390df53818eb82d42d3d136d6158ac7e15238
- SHA512
  
  7d9f5d186499ea11a22c930bab81c5e7159d460da1494971cc61a414cd13af59ab1084e76ed3620a0fcf47e6d98c34a34610357330a391dff3e6d0852440df99
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  admin/index_main.php
- Size
  
  369B
- MD5
  
  cffe8adbe224b63d2a1a107562de7f00
- SHA1
  
  ec92fb454778d3b9a4ee7c9df6cc9e4a8615a1ec
- SHA256
  
  f2f760746263b234e4bc472c760cf86f719d6f3fb5eb07e638c012a08958572e
- SHA512
  
  50c30aa5de2f09c4227811e72ff5c3f9d9acc405f87f6d1cd20b2583127b826f7c2dce75b16d8c21377e1d8b66b2bdadc03b38793b226eab1b7090e5e9702168
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  admin/index_top.php
- Size
  
  516B
- MD5
  
  fe66ae96a792fcfb93bb21736d2dc867
- SHA1
  
  04131b62eb88a16caf0f0bf03b6b2b816f41f424
- SHA256
  
  278ee58bfc5854b0f098d5f33398fa191c7f47f1a1565203ce8fd3bbc6cbc0f4
- SHA512
  
  f36f64ec1bf0066fe4db0705a4e0fc0e40c67c9e8944da4c344d4ac745750fa07b57306a2fd513650a5c74d6776e58227ec9bf157b21c9ba8e40a049e03b0971
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  admin/lang/big5/temp/eChangeDb.php
- Size
  
  2KB
- MD5
  
  8594d864dbe6354674d78c8b461c8802
- SHA1
  
  99ee68a31a9c113975e6dcb5eff91db45437e7d7
- SHA256
  
  05fe47a15c42ec583c970f5b9470cca67edabf852b6ab1c4c5ef9c1b69caa057
- SHA512
  
  77b59b267671699de732401691beeadf19fb8da15fbc0e2fece9d5a0d7802645ef13553e4b5d7d8f931ae01d922cefd5ab85ad6d575de4810659d9e1ef66b530
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  admin/lang/big5/temp/eChangeTable.php
- Size
  
  13KB
- MD5
  
  020545e18a7d1af14fcd356b52bf81e8
- SHA1
  
  656539809e42d65f3d7ed61662489a973395441d
- SHA256
  
  7c8c85d47c79a1ecd0fb814926a99783bde8df5f810b6e68a6b80a79f1d6ae10
- SHA512
  
  aeb49d7f9dd95ad18501ba5af93bfa7ad0c1ace52fb5950fc1e98660a6fa71b9b0793f8438a1c6c781c00ab4da88c0d29412c0fe0a71765bdf592b4d09c12312
- SSDEEP
  
  384:KrlbrNwrlCU7FkZ8yeMN7yx9Q7b7/akVKe9:KhbpwhTyuC
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  admin/lang/big5/temp/eListField.php
- Size
  
  1KB
- MD5
  
  6eed902d1b92fdfda3c28bd4c88de720
- SHA1
  
  da70293fc80b449fab1b78499e72abb8fa0a6fa3
- SHA256
  
  80cf2c069e8da9cc483cdfb38c63a12f6c2e74f9675365f40af1c43beb10a390
- SHA512
  
  e2a08115b9f02385594a3348b4680e18eec5dd09d6dfd2ed293660b01c61de65d7d8cf64ed7f0b794407ba72498d0caadc4f890fc406782a66012c5ec19d4411
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  admin/lang/big5/temp/eListSetbak.php
- Size
  
  2KB
- MD5
  
  720c7e2f930dffb2932f994d3f6e4b02
- SHA1
  
  1ac5823678d511d6b96bc9badcdc36e5216e7cfb
- SHA256
  
  dbdef26017717922be2ddefd0b7ea9b766e255685220df19e529d9813076f8d3
- SHA512
  
  b92a8e1c940edf1bfd460586d97788d5205d24eed7e9d3d61a77caad32a1282cb5e45ad00c2156ed7fa25db768c850bec084999122e418f192dc2e1d258279df
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  admin/lang/big5/temp/message.php
- Size
  
  1KB
- MD5
  
  59daa9cc2cdfb43466faf705e63042ea
- SHA1
  
  b59735d49cc350e9f9d816789cbb07477196889e
- SHA256
  
  fed0c18ce33c1fdbaf959b37303a2429cacd0b7e9ebbd4167b4cc9deb93f230b
- SHA512
  
  fda8073722bf6b6608bcc07fed6e2343e45ebe9809e12f9f9e54167b6118793966b22a3c1b0db0ec644cc847830a230c0d13741e1a65b18a241d0509ed8e1581
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  admin/lang/big5utf8/temp/eChangeDb.php
- Size
  
  2KB
- MD5
  
  d0f825fb15a1990937af6f0c4aecc5f3
- SHA1
  
  ab31b9b8506f38d7647af80f3e09991417d20ba6
- SHA256
  
  7815a5c18a1acd80ae720349fb54eafde60b91482323ef5b59819f2415bff7c1
- SHA512
  
  388aa8d993121a05bf0c1029085bfb99e0fc8520c9f9b38c688e0c137c93b1b0613ee8ab5c4dc24fef7766978d4885daf413e73fec9e5d40a414f4eab20b0817
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  admin/lang/big5utf8/temp/eChangeTable.php
- Size
  
  13KB
- MD5
  
  1ea5ddca98c06aa153fd82db65bdc13e
- SHA1
  
  d5bc0523ece42558ba4b05c9ef6c0ecd9d33c6f6
- SHA256
  
  d8dd7b29f200c121e46ce88dd1a2d4d5eeaa5ac01f80fbd31dd4f39709d7ffcb
- SHA512
  
  2bb3a25b76044cf2f8087e36a4db9ffde456518f6b6695b61222c0fbb22dbc1a3028f48098269569550b49e4ae2e2a4e7298259308742f0924bd142ea4ae3a79
- SSDEEP
  
  384:FrlbrNwrlBIFMFpcZlKX8f7UHIxxAI7D7karVJe9:FhbpwhBftXKUmg
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  admin/lang/big5utf8/temp/eListField.php
- Size
  
  2KB
- MD5
  
  3f06b08d1d948a58dda82dc6499650f1
- SHA1
  
  b5dad7c3a59ae7002452f094e54b278e361ab7b2
- SHA256
  
  cf9ad0c058ac112c0dfd83e889dbd2d66623fd380e4d06f97ee08bd879851781
- SHA512
  
  b8d734d2b753f546058de221b28b3389f015a88a4e2dc6b66be6a4acb2fa7dbaa0613157b9d447d9cd76bb1f1e6f236f446682c89f77829180e08037fcc9af58
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32