5cbc9b548f34c542cb9771fb1bde9c2833aa2e942fc003f2a7e12aba70e326e2 | Triage

Sharing

General

Target

ebbfa0ce75e8dd2ca2544575bc40e170_JaffaCakes118
Size

14.2MB
Sample

240919-t4tessydqf
MD5

ebbfa0ce75e8dd2ca2544575bc40e170
SHA1

b7f76dce06f64cb1eb0f8433688b9b73101a2ec3
SHA256

5cbc9b548f34c542cb9771fb1bde9c2833aa2e942fc003f2a7e12aba70e326e2
SHA512

1920682926719f2efe738911b97ad212dcd874604e81c6b354d76ffdcc86fface80a4f1c4454adbb4565c4f33eb1ffb7b01a5a8e16357b5115c8911f15088e1d
SSDEEP

393216:4o1JhjKJNaAseCN0VI+RQDXbi29aUt2XF158YJt0nJ1e6uDK:B3OyeC8QDXPnuJt0JQ6x

Score

7^/10

aspackv2 discovery execution

Malware Config

Targets

- Target
  
  mpcrmsetup.exe
- Size
  
  14.2MB
- MD5
  
  b189394200422149548f16da9814e41c
- SHA1
  
  f855b1eda0ce4b26c8cbb4fc1df09155a8db5836
- SHA256
  
  c92af932733eefbd0f0fc25d1ab85e7e50cf637c19e9fc769aefa052b7875d8f
- SHA512
  
  6d9684fac0ad63b2f4b4b07e58a3f5c0d8d6ea05986617e09a707a38fc3922f241ab5bb11506c75770c22f1e17d95ef0b88730a1012bb30e642edc72cb6e02b8
- SSDEEP
  
  393216:mpIhf4YtQ6p7F1OT1JEc4BHSAqbUB5tOblzyi:mWhVtQc1OT1JAyAIbdyi
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  4c7d97d0786ff08b20d0e8315b5fc3cb
- SHA1
  
  bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c
- SHA256
  
  75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84
- SHA512
  
  f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a
- SSDEEP
  
  192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/advsplash.dll
- Size
  
  5KB
- MD5
  
  ca60ae514320a0bfc4991c1fca3dc4ce
- SHA1
  
  c0d7db92c979d75233db185f18dee0c9518dd8ae
- SHA256
  
  08d2283396141ae8222c6959a0e1b4f75a75a3f2643b33d6d1c9b90d0669c606
- SHA512
  
  8e2d00909828b2f527bed1d2dae39e991142091cda8e80fb512ef2790fdd8146e6222dc1a98730af864b1437eab9f0e881e9adc3aad4e6c67f840dc3c4115a3b
- SSDEEP
  
  96:+JVdCWbnbRurMwGFhcIeJaWBkUhW9dfrZ8:+t1bRKMpn+NGUhW9Rr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  SWind.dll
- Size
  
  152KB
- MD5
  
  46e60eff6e1c0e0561e4fdff3541c9d8
- SHA1
  
  ea9175b16006aa65c13dde17bcf6db296909402a
- SHA256
  
  5bd7caf86aad19b232384c1d60726e8f0165f42eed68538cc1907aab602ec0f0
- SHA512
  
  f7da4f61ad10dbdd28e563923c677be6f7be1ed54946b1edb6d12f65d35bd0a5da9bda8c40f2d6e8fd870e3be42d78109a9e69fd3cfa215bc4934587654ab466
- SSDEEP
  
  1536:l95MbWrDILjcexB73Tpk3GZF6/m/2hALy6jm1XJIoVJax6Z+8kZaJwx+:D5IcS63Q6/jA5m1CoVJuw+8Ikw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  client/index.html
- Size
  
  272B
- MD5
  
  f07a00d6e19a88c452820115173df8a6
- SHA1
  
  348f93ea0fee100fad17240625c387e1e07446cf
- SHA256
  
  e592c4abea23145b192edfda7403a8e69835a77d09d8676873dc4062c3651591
- SHA512
  
  74204f53afdad48fdf8423d6cc67b571a6b0f0aa0f65c1880d7b9c5379a4514730cd660f0078c4c36c85181f7073a89fb02929a80c5a1e399e62b7ee271eb338
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  client/view/default/js.js
- Size
  
  30KB
- MD5
  
  5d23c4a2dd6de159aaadfc271011ca36
- SHA1
  
  5d1213059a175b1ad08e8052761dbe2f156d7bf4
- SHA256
  
  e1b694301be1c000c20303ad3bd4a8d6b09dbb6eee5931e936dba9a16333b2ac
- SHA512
  
  f4a0299fed6c2be807682b628ce94586252da76e9a8e4869e6bf9589d1ce465674cb2e85f038905f55c5866e58435db28251bb23f3a15e3444a9dc2d89da265f
- SSDEEP
  
  384:KHJO9lU/NJGP7rn3qPFrFMbIuzpwm8eCH0aj4jl1yrnvgeMICiLsSW2+QTw+3:KHJO/U/NJGXqNrFMbnwZfjEUoeBCizZ3
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  client/view/default/list.htm
- Size
  
  2KB
- MD5
  
  e257bfe8269120c35a6f382d2743e63e
- SHA1
  
  53d8019e2f71bb8f21e2fbdba44dee6911520fc4
- SHA256
  
  ac2ad4a830daccbac285ccd07457e80bb615abd832794d924239967c5ae3f2e7
- SHA512
  
  d63cdf6da7973ecc3d8f3a0af582bfdcd1c2ae47b83d66f35b4c3563d2db277c26eb66595d4e4a0900a011bd3a29b097a82392497ae8fa0f43ca74087cffa00f
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  client/view/default/login.htm
- Size
  
  4KB
- MD5
  
  54f4404b1e80b142950126fbbd55c87b
- SHA1
  
  098472d4f73327d01adc23aeade69355202790d5
- SHA256
  
  4d73a48952ea34c23b862c800a03c59c8cff223fb2edf36aea282b3cdacdd6ae
- SHA512
  
  3dad29dfb0b4f44f2b40ad094cd5bfd78edb4c5f3928a78560dfea4ea6324b173c7e2dc8300a8e3a4d2f4b5f23b4fb6ffe25fd6b3bd03b6ec2a1eab5ee0bdaec
- SSDEEP
  
  96:wOjqUvFtZaATSTOw+ZIKgw6l/l1+4LMGUN96wNbi+Bq:wUqU9raRWgw6ZSNxVs
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  client/view/default/main.htm
- Size
  
  5KB
- MD5
  
  a2c39a4021d2c84e9b22208c06c78117
- SHA1
  
  32394b5935206d742b6007afd94e4eebd9ed36f9
- SHA256
  
  d20e0affb945db0c23eb7ac910dbf9165cd0c7c0df9665a9025c873bf97feddf
- SHA512
  
  864808a2b4ba8b65f56f67b88306ddd10e1734b1605770a3daeda8ef30cffc1a415402d9feec0a6acc3f8c385ca96365755e75b40866fcb1d54bcd4788bd691a
- SSDEEP
  
  96:wOONUvwtZaITpTKHhiIv0JhHf2AV4zJAGhu229kO6vaEAU3tUMVsQ9rGWtXFAKex:wbNUIrarHMIviV4zWDkO+abCz9rGWlFK
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  client/view/default/menu.js
- Size
  
  1KB
- MD5
  
  37ec3fef81aa62413465ed1e8874aaf3
- SHA1
  
  1f25659866941b7ca76783fd90958081ea0fa84f
- SHA256
  
  a33760b13dcf9fb9c758a983e87c14399eff61c35da036a23da2ca7e8489813d
- SHA512
  
  35ccffeb79eb41a5f86ca0662b692f25e8ecdc3aaa99459c8df3bf19d6ec3681f510ff38d0774ea02992daef8aceed4af0de5698f304c5af9cd8a2d113429c98
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  client/view/list.exe
- Size
  
  266KB
- MD5
  
  a3e596e421320dee9fc931e20882d68a
- SHA1
  
  210197e59bc93f1be019f7e617bb30394ab6c17f
- SHA256
  
  431dc9fac1845cfd12f436f12365c368887997a5b91939ab63162f517c49ae39
- SHA512
  
  e664f6ecc6548e2722f26ea7e2ee6ec9f4d64829920f27921b7b975dd4131fc295cdbb514b272a526f42f8a9fa4bf10e343991f8ac99985f221438c8adb200b1
- SSDEEP
  
  6144:F9mENAz5FW/9+G3zO3KFtje7Y1qRST3SCz5/04:E5FGMz+ty7YWS2Cd/0
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  funnel.htm
- Size
  
  760B
- MD5
  
  fd30f19a171336906454e16f374e1227
- SHA1
  
  915dba7ee2316a1df94510de1d1cd892ccff728e
- SHA256
  
  f04ae787c1ba9639fc958a53862f47e425fd8d10906d36c4cbec45a0f9e4f657
- SHA512
  
  1b12e15320fa0e5c8f6224c5cba51ddb43ba143c8d26dd6a37acbe1a2fbb792203666ff803b06059c8adf031d8d4d9e74ef29152316331af11334cc2f1f49a1a
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  mpcrm.dll
- Size
  
  148KB
- MD5
  
  bce4197c2e478c866fe7f71478e6ee4c
- SHA1
  
  a60e8a0baa24073d71c52aa27a3467618be6e773
- SHA256
  
  713a130bf8bc6dab8c94f1a850ae4cb8eb3ba84129d3e49024002f94b334494b
- SHA512
  
  7ebb56c5a7fb637b2e4f2a60570f909a96ba3a0a99c3e24608c9072ac27212445c83e00c00137d724309c6ed3a38b3dbbb8a5e8e8ef0d1120b6f1d887e028ffb
- SSDEEP
  
  3072:2kM+5eDeN5Y2YV40B3UySqDWOe8JXMUgu+d7i86EeqgsD70vf/5Y7KZSyZRbqgwf:2lDZ2KkyByv8JXifp6EjJUf/GuV9qgyp
Score

1^/10
behavioral25 behavioral26
- Target
  
  mpcrm.exe
- Size
  
  2.5MB
- MD5
  
  40eb9b1ccc9c923886c67bc99f0ae52a
- SHA1
  
  d65dcf5f026d813461196fa9207a0b09e79c10f7
- SHA256
  
  a57223de007bd450c2f5d0158f9b48ef2ba663f958b6370a31f5001ca6cfea52
- SHA512
  
  b0a6bd472cd9ccaa156af847910aad393b11bee8388445780e044e8494665f04f5e19d34887fc763ec63f0278e7d73d5960d9a27b7f23cc81d11de02e733d9c8
- SSDEEP
  
  49152:82za/SGeWRW/Wz4qBBzot1MC/X0G9EVGF2Yz4A1JJoNgp7ROzjoxG2Yt:82z7kRW/s4KJQu2X/qVGF6A1rQgpFOzx
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  mpsoftup.exe
- Size
  
  179KB
- MD5
  
  85e037fcc0c481d1c6065f7b0f061c6f
- SHA1
  
  54cd1181486b5bdff7e492c039d8190950ecf79c
- SHA256
  
  99c20982ed88446f094e6da6066c0fdc17b5db95d65467a1935064424f22ffbc
- SHA512
  
  745f62fd3a191058be9bc67c12d30a190b28c1c0487537fc9c517b6138eb70c74c3efee92dac92120f2ecf0e398af05e11a681a3fa38bc92755d44dead26ae00
- SSDEEP
  
  3072:ir9NvTlv12Cw8a9tIRUIvI5Bb+u5tW2U9dG16LIGr0Kj4lQgO8E:IDled9uONbh3JoLIrsAE
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  mpweb.exe
- Size
  
  51KB
- MD5
  
  52cf36bb3ecd73cf875ba195a2242485
- SHA1
  
  f3bb787287ca6e94b94c48e3d0397583b9810c77
- SHA256
  
  d19ac94c96a260aa5a6eda4726e8dec3f85251128f4d454e0e6f41be4856a3b0
- SHA512
  
  882b98a7858917e6a76f97f6a9480002bdb1850048549d1739a804bf543761e8c464e3dc51b565d281c27f8e4934a401e2cad81f28fec8b7774deb6e95ffb23d
- SSDEEP
  
  1536:PJeVjQpc8rG7YvssdrH2l8E0v07wDLjRCR:8jUGxsF60yw9C
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32