0f81b2681475f1014dddda909b1a95b2b83d3f70e502bdc23256016a8d188d4b | Triage

Sharing

General

Target

eb7f4cbc4b668da1cec2fe5e0d40e7bc_JaffaCakes118
Size

2.3MB
Sample

240919-rgcsessdle
MD5

eb7f4cbc4b668da1cec2fe5e0d40e7bc
SHA1

43fc5121d687fc979c0f175a6bbde690a82eb6b1
SHA256

0f81b2681475f1014dddda909b1a95b2b83d3f70e502bdc23256016a8d188d4b
SHA512

2d0bb3350f37d3c4806dd9025fd0731e5df91e9665459e463b8e0a9f484118a8ff2c97144ee0d88a9e954046e4b33052609829094649072544416608c7483de4
SSDEEP

49152:1uYMdCpbRUWagUEhWiVkB0sYg6fZ1RZH18VukT7CGVVG1Aw:1cCl2WaCdkBn6fZ1vCxiGVVG1Aw

Score

3^/10

discovery execution

Malware Config

Targets

- Target
  
  tmblog3/upfile/admin/ThemeXP/theme.js
- Size
  
  3KB
- MD5
  
  c22048bd55502d26439daa100c19ed7a
- SHA1
  
  f014c21c1e8ea261d79b72d5bad04b11b50ce2af
- SHA256
  
  65e84d9ad305afff0f4413e1226dc49fef0f5c41ed0967181280cec3480fac5a
- SHA512
  
  c1cdbbbe38cd12d8559001bd6ecf3fcaa43fe42c6132d9866e9a10a7cd08bd0d0b4e7255e0ad76344248d63cc6bf7bada97aaf1a78effe64f0996e3d0a543326
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  tmblog3/upfile/admin/Tree.js
- Size
  
  12KB
- MD5
  
  f97c12620248d45701cddbcaa239b66a
- SHA1
  
  a1c73e1f45e1599487b73082a2450b53be14b394
- SHA256
  
  ab41b3a4a2b87ce99a3e8c61e813d1f64469ef642a74043b9127d36cd2dbf044
- SHA512
  
  f432047f20065c6a1daea7047b13e9f55d72bb780ef21d4f6e2831803a609865d12d8be3c603166d708392297db51abbd74ff7d707d44582e08decae02ad2574
- SSDEEP
  
  384:koAWVfkSA1RTV1hdnZ7GAbAvaYAAY3qjcIu:koACkSAL7Z79xq4Iu
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  tmblog3/upfile/admin/book.php
- Size
  
  8KB
- MD5
  
  86fcb40fedc5d45a35c2cdb6707f3975
- SHA1
  
  2fa7127d2de18fdc139ed37d931364abbc24908f
- SHA256
  
  8b18d2a814d1c2d2534163af292c5ba15b0428eae02302baa9bbeaea57b43435
- SHA512
  
  6ca77bfed4fa6ae0cd921c2e1575edaf25c8bb821c5eb218f6a5752ffa0a1b303bf204546e1c4080e924b0cef7f69f47650623d3d8d365c9f2a6adafb2abb6f6
- SSDEEP
  
  192:rI9VGdJZLhb1yjOeqPxjDg6epTWzDtkR1En6nb8Hv5kW+jv+3rhVjv530sb:rI94dJ9yjObPxg6epTWzJkR1u6nb8Hv7
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  tmblog3/upfile/admin/images/js/css.js
- Size
  
  1KB
- MD5
  
  93630f3a9fbc91ef79a13fe75bdb1247
- SHA1
  
  003916f04c90fabac8a149333fcee99fe9fc046b
- SHA256
  
  2684439af9e294808ea2897cd0e56937b311cc50409428352ce71653ae5af848
- SHA512
  
  dd5f932123ebe11ce26d8c4a177f7ccabdf98258b023fd6f6a71b670eadf7afc0bf3d914daa3db76fc775e9ef6342629a3b571a6927369398dd2295ec356ab5a
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  tmblog3/upfile/admin/images/js/jqDnR.js
- Size
  
  1KB
- MD5
  
  f27e8646130b36de11f13637a35de1de
- SHA1
  
  889fb572047fc7a379b877a480274e5bdc2028ef
- SHA256
  
  e36afa7d1c33323f7c5e73edb75a133f23307f08b4937b5635bc2915afb2d64c
- SHA512
  
  c7d0483b8c1362454a3bd0801e6db1dedc59c30fbac33e725c0cede0b370ad6a44f0a50331987131413c99860f8011c62a69a01c672b8ad78d899f3493f08e61
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  tmblog3/upfile/admin/images/js/jquery.min.js
- Size
  
  30KB
- MD5
  
  d761de5ac515e4bf518b4006fd44c045
- SHA1
  
  1a21581a40191aac0890e8cd27e870151dc0c089
- SHA256
  
  b9988973261b2f0f26c1809e67717d6f841fde42d7595f65dbe013be929a81e6
- SHA512
  
  df74260d75343b93d5d379362372b9a6f27b284942da449d106d73ba7ad150024dabfd9f9143281828ef598acf1f079a96cc4a1e93059a2d201310a333e19c26
- SSDEEP
  
  768:RKYMj8RfJebm/EZ/pgEUQTXUSeANfgLw62PXm:B3umsZhgETXlTgMrPXm
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  tmblog3/upfile/admin/images/js/menu.js
- Size
  
  4KB
- MD5
  
  9c412b45fe2f77192d269583d16c5adb
- SHA1
  
  218e4be0ea1ed3bbc79bf0eef685f8a394aa45fc
- SHA256
  
  e8ba5389561532900843a4354fcd729b065c008e11083e86b3b4ab74e0bb18ac
- SHA512
  
  b61cc1486ae40a2fd06c04ff517030dd3f969e67062d3c7c00e4ef2815ebd32fa57d3070111733939edaf43f58678b5800e63da78e871383410e8a2394ad3f18
- SSDEEP
  
  48:XgtkZwtFFCJm4IpLIgqEKLtyVMMhAY4DDWQcRb+RNQA7IdQj8VMhAyjT/N3w1rgc:d3bo7hAY4XWfb/95rUmubeZ5hz
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  tmblog3/upfile/admin/info.php
- Size
  
  3KB
- MD5
  
  8257b305cbb722e203281466a53dfdbc
- SHA1
  
  a600839d034b227d9102c117c3774c3e326d942d
- SHA256
  
  1c9b35da8e83511b0d2cc14adde11fc633d3557715b719ca7b9889470719d3b4
- SHA512
  
  209802ee80e6c5f5e80ac1dc4fc55a16023aa956a83b5bee33252211549adb6e57ffacfff9e3d19c3be33a4ea7481edec6fb13871c6127aae9e0879163605bf0
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  tmblog3/upfile/admin/photoa_w.php
- Size
  
  9KB
- MD5
  
  e134a2d3b78b748d1a6f9f08f7326aeb
- SHA1
  
  cecfd3f29fe756b318ba776c0e3ea2870a5a8ac9
- SHA256
  
  f5231a67ed6ab1305bfb2d0697dfa7ac2c7b2230bd56135bd35c64efe8277e6b
- SHA512
  
  9fc7ac33ebe68d19c37f022db79a4337e262817caa09c1568d5df635b2d62476e6406e6a6512afddb6e25c636e095b6c0088a3fb42c059add31b888f5829eb1f
- SSDEEP
  
  192:ZDqS7qN+g+4EI0U/RShItAwZuJNtK/OGUpqc3cVBIqdD0:TEB/mIPZuJNo/OGU9cVBIqdD0
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  tmblog3/upfile/admin/photor.php
- Size
  
  8KB
- MD5
  
  509b30059de273f602d683d94f22d868
- SHA1
  
  4f30d265afc6c7e5f756b6d4f59383256e30d0ca
- SHA256
  
  c5e41bed7bf28c4a45aa4fa3d40ab45ae2e74af5a307126e652f77c7c283486e
- SHA512
  
  b376161d1b9dec1be9a47e8adee1d93b74dbaead508438b7f22cdf60f51172bd33891d73624eea74f68f00b5ab53e3b5e4bd361750264509e749390b8071991c
- SSDEEP
  
  192:rI9VGdJZLhb1yjOX+NqlFGDr6epO5pDtkjr6ap8HKlIW+jv+3rhVjv530sb:rI94dJ9yjOuNqlu6epO5pJkjr6ap8HKD
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  tmblog3/upfile/admin/ret.php
- Size
  
  8KB
- MD5
  
  785e4791cfc084acd73514e2f1c211cb
- SHA1
  
  3b694d8d3ecf6871757c8e725f356fef41afe6c9
- SHA256
  
  e84dafafdf7e8b4fa98cd0ffc9c8a8cf3231d51e32de8a1d29c347923989c135
- SHA512
  
  d4629e31614a94ff11ff1690b9139c6e699b5404b290c785fd35b755cbdec0aa77bda60ffb209ca0a9a598c808268e4b8872406d10cb3d76afb0edd10a01a554
- SSDEEP
  
  192:rI9VGdJZLhb1yjOX+NhlFpDw6epO5pDtkeer6aT8HWSXIW+jv+3rhVjv530sb:rI94dJ9yjOuNhlU6epO5pJk7r6aT8HbB
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  tmblog3/upfile/admin/vote.php
- Size
  
  8KB
- MD5
  
  8521fd015f5c5257b8b8f7e7f596d187
- SHA1
  
  1f5edda527db7f17b2ed50de102a44a0a80aa1f8
- SHA256
  
  fbada19e7b844365fde929a8c7e02847239b2be37592ffc0fbd4aee69bf18132
- SHA512
  
  7bdfed15e02be962f0adb8f0434def814d52fd36aa8dd07d30910633816a299192be98094537bd885a356a06c6189862b09f0e98be20943e228e8afa0ae61a4c
- SSDEEP
  
  192:rI9VGdJZLhbCjO47cX6GEtFDt6bAqzPzsWrN18HlO9mdW+jv+3rhVjv530sb:rI94dJ6jOMcqGEtL6bAqzPzLN18HlO9L
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  tmblog3/upfile/fckeditor/editor/dialog/common/fck_dialog_common.js
- Size
  
  10KB
- MD5
  
  c400afb593a2e24e560d00efd38e6a91
- SHA1
  
  16e96ccdb29402b870e8694c1b996f1006035d5f
- SHA256
  
  0d91ad0d7960c122da8b0fa2cb3fcd5a3e1beecb89c2c0c406e240b4601b68ee
- SHA512
  
  bc76298345310693891168cc3b2f0b7d9b501b9a5f92f118eba2e9759191ea08f38743f996a2b93a0e5184dea132c7913e33df7ee5b5d1d7aeb6a9d54f781ecb
- SSDEEP
  
  192:5IlIhiITBWp3cjyXUvQ1TQ1avc9gKMFBpJRGpRrQnL6lWn+Si2PzcO:H3g3qvcTcj9gPD0pzlWn+YcO
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  tmblog3/upfile/fckeditor/editor/dialog/fck_about.html
- Size
  
  5KB
- MD5
  
  44a3d0340d68dc8e2069e82f825f81f0
- SHA1
  
  67102f222a6fb6749d8e11ad4cd6495bcb12dfab
- SHA256
  
  fa60af9116e95fe12459d1e264df174c18812c6adb9f1910c24885325b990d3a
- SHA512
  
  accce467b342767f7909d1dba3a90a326d2eeff8c6b20b015aaba512bd2138245d8863c40d57b2b1ce251032d402392c83ba587216006bd4cae8cf57ff8aad8c
- SSDEEP
  
  96:j+IlIhoImI3fWvFQf8E4rV2YeJn9CHCptG6aom60IuYeoIcohQzcDl:6IlIhiI3u9Qf89rV49CipA6Jm60Ipebr
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  tmblog3/upfile/fckeditor/editor/dialog/fck_anchor.html
- Size
  
  5KB
- MD5
  
  96508304923c41131dd2ecfca4b751aa
- SHA1
  
  d04d2731d4117d6411b521d13df0de180bb1c891
- SHA256
  
  013a9369f59db75a43050582a385b9e638292120ab84abe79c60aef6efab436a
- SHA512
  
  6a5d197db6e1cc839b722e7b2fa6784e50f34fee81db8eefbdee1ba1089a8c8e1389b5b432bceb1bc73a9b97031d9252c3304318fc4540cedc5f62bbd550375e
- SSDEEP
  
  96:ow+IlIhoImIboDQVjRzO+r+oNVaqdq8bA5AqxyTqyXXkln+UdaTxeBdjh9QfCf:eIlIhiIbDzdrUAfbWn+UdaTMdcfCf
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  tmblog3/upfile/fckeditor/editor/dialog/fck_button.html
- Size
  
  3KB
- MD5
  
  649064c1450ce05379d520ee9d3bc048
- SHA1
  
  31f77f85cb271a878c7984424b9edfde4111f2b4
- SHA256
  
  b6d255d04784f6af15f0e92f52073a73ce078b7868262f4e3b33841f0c5fe781
- SHA512
  
  238147ec6d7488ece559a3d53e09320f907c1bb5ca6074482aa5c3fdc74d50ec422fc44c6aea090f7a25797640e21f3aad509a4b53524b26d29d78add67af3d0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32