b92e1ee2bfeb614cbc96df222bd9dd085ce48185e350b5fd6d85d681897ff454 | Triage

Sharing

General

Target

00980d66f756e72b8f4818490608e7c0_JaffaCakes118
Size

7.8MB
Sample

240930-ldbs3axdqr
MD5

00980d66f756e72b8f4818490608e7c0
SHA1

a02807bf355adc5ac42ab0aae345e57f35da1a90
SHA256

b92e1ee2bfeb614cbc96df222bd9dd085ce48185e350b5fd6d85d681897ff454
SHA512

fd177c77eabb54e5f4bd5f11c76e171a3e25affa954884ffbb88ed077502dce73e6278162e28e55b2151eeb9944bbdb17e21058a290fd2db5948a39289a9d306
SSDEEP

196608:005FlRcTKwGbl6dxWLuPQhuGaAhjPyDzChPsjjDF0a2F3PfKLA3IP8emRfv:005HWTdAlPLmoNaAhjPxhSjDTu3Py83d

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  00980d66f756e72b8f4818490608e7c0_JaffaCakes118
- Size
  
  7.8MB
- MD5
  
  00980d66f756e72b8f4818490608e7c0
- SHA1
  
  a02807bf355adc5ac42ab0aae345e57f35da1a90
- SHA256
  
  b92e1ee2bfeb614cbc96df222bd9dd085ce48185e350b5fd6d85d681897ff454
- SHA512
  
  fd177c77eabb54e5f4bd5f11c76e171a3e25affa954884ffbb88ed077502dce73e6278162e28e55b2151eeb9944bbdb17e21058a290fd2db5948a39289a9d306
- SSDEEP
  
  196608:005FlRcTKwGbl6dxWLuPQhuGaAhjPyDzChPsjjDF0a2F3PfKLA3IP8emRfv:005HWTdAlPLmoNaAhjPxhSjDTu3Py83d
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  c6ca47bb4198f483c8b31fd90b779acb
- SHA1
  
  ea9024cb535fd5471f30d27b22318b59cb4d31f6
- SHA256
  
  f90ebff31051802116def3349310f9b0e3dbee0f0236d54f364149e1feb186bc
- SHA512
  
  b761b4ae89ecf15edadb3015fe0d3012048f1480b84ec8d30997c128e210818d0da9c7ec75de9efe8e1e08f84501c314a32c109f4ff1e8adca2cec5a73fab7db
- SSDEEP
  
  96:z1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5FnhElMmV4d:Vep2w5k/FyEttgN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsisdll.dll
- Size
  
  276KB
- MD5
  
  478982dffa90b951e07fb411ca5d97f9
- SHA1
  
  3cb96be75f6d8a7ac9bd53fe0b176ca74823091f
- SHA256
  
  54291864b272f0621dad26eb2c6987a41f32ef02e2e8049c4e8294905a41ffd6
- SHA512
  
  e95ee9b65879fd0285dba387e9fc7333ac760f01c1c8632d0648e4d97f6a0366e5df611ed4660d2bb38712396c61f416a01605f723eb6df5bfc9e657ed4b9521
- SSDEEP
  
  6144:RgOel/FsKFSrTrjo3+EZtyILwO3R2g+ZBijQwnw6kgtgvOenREq2CTdbYvbM4oo1:RgOel/FdFSrTvo3+EZtyILwO3Rl+ZBiv
Score

5^/10

discovery
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  123key.exe
- Size
  
  260KB
- MD5
  
  2709f75d8f93267821ca00042a4f74e7
- SHA1
  
  e3dd20b583b81df91cf7704a3796661fd1de283c
- SHA256
  
  972cf3830e0ff39a009ecb1d907528174306ef7ec4d25ac477f0885169386c99
- SHA512
  
  965407ff9967d6fde2fa2302f1ae5c7549df7703870a83fce680d7743ce656f19bc5af09b171f12bc82a90b3cda918b6f8f2175a68f1e58ad4e1eb4bf13eefdd
- SSDEEP
  
  6144:AWIGtS6973o7AClkkXgHgcVVTiyQXs1g7emQcPkKDIWbHsWWGapG3eTppzXJ/:/pS6973AAClkkQHguVePXsUemQcPkK9m
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  acbtkey.exe
- Size
  
  324KB
- MD5
  
  bb6e8d47de522d51fcd13a8e9c3a0c95
- SHA1
  
  bbf0540fc916e6f70479870b09f595ad614a19ab
- SHA256
  
  6a28dca3284a054b097dd79c6420a3f84bbae73e628598cb5522269a3eb3d320
- SHA512
  
  37478da21941e55a713ceb12e0bc7e35ebc4bbf73721bdad9213e52db11be6b491f56f7ef85fde858972409980c2f8c72347d989e1a4c6fcf366cbce5d4568f3
- SSDEEP
  
  6144:Rak0SQLoKFih2ZBC5o7uLPJsDGKaN6vRC0ABaWyJlYrVjeMhhTwWDKFJflV1fzJK:Rak0SyoKX7uLPJstaN6vRYBaW5yMh1wM
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  actkey.exe
- Size
  
  336KB
- MD5
  
  6c3b0889b7d9a9c52bc465d6362516d2
- SHA1
  
  a3f75fdc0a7b0976e59d2de3707547c1fc1cbcf1
- SHA256
  
  d2e09905ac114f7b84a29878e6ac79f13a295a10e644a699bdb1bd1780701954
- SHA512
  
  fa94148b43535a3f612bdc6fe4a70e7349564c6d752f6b62af779be56e64224148815b1f495d74da2c86bff31ebc42196bbffef56d14710104feb9d427867478
- SSDEEP
  
  6144:0qIc1bNPwHG6VhFR9gsWwDyUSLxE7P0BK6gZ35vvKpBYTqdBlTxD7BTZYUGbcK1i:0qIc1bNPwHGyFRZWwD9SLxE7P0Ba35vM
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ariskkey.dll
- Size
  
  48KB
- MD5
  
  7d54cbaf078eb1ca67b5eacb1c8bb280
- SHA1
  
  774e0edbf678aa17046b432c6a7af2758bd5d2e4
- SHA256
  
  6059b8a00f6aca503bc1af3f0969a3b547f37fd0a2ce1231e66f1ac38d7c5938
- SHA512
  
  991b532f64a9ac9fa7ac7f825846bff62edb2c89453d4e7bd2a75cd101cbf9635f85ea4a219ab674abf2d6bb94da1b3937698e9f51065ceded5381939db3e7c3
- SSDEEP
  
  768:vItccBdlsLHYxKFhXLRydVeWZRa/hhiiuVnpHdHI6lhy7rwYnErYlGJ:vCp7lCHYxKFhXLcdJhq6la8YflG
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  ariskkey.exe
- Size
  
  53KB
- MD5
  
  23f3634968f6cf4e367923a078386507
- SHA1
  
  d4ca3553ac0f62324c8c13513d82feb0c474fb6d
- SHA256
  
  904209ef08b9b4680d90c11431c29bb39dea2480766a93551c1b5812eddac7bb
- SHA512
  
  ef688cb350ac426acbeabcc1bfb3bbfdd6075dcc0a8641accb1bbef442dce8d291578214ffcf9de2f7140101d2db11afe7e07ed8b125e5e80bd1def68aa4897c
- SSDEEP
  
  768:J+f9hr5lcuYNyqvFskBl4DW8XwL3rkl3U4Yqh4UnsDv9+wsK:J+Fhr5lcumFGknGW8ALbul6UnsDUI
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  bckey.exe
- Size
  
  276KB
- MD5
  
  a5c101aa2aa4202d73d455e0a62ed701
- SHA1
  
  9a8fc7f4413deaf81cf1a8b932ea548bb0e9a493
- SHA256
  
  0c68ab9d6be77095b4932779b4309c2f35af78db1d16d3ac12f12ead15773f05
- SHA512
  
  ad388bcb7193534914f1955c9f9f90c4c0a8174eec7dc0fa8ca49b1071522fe302e368233037d88f0176bd5c502c9527137fb732bde90844ae288b3f2b34aec8
- SSDEEP
  
  6144:ATXmIFz7jRzOEuxFTecs904rhkIeONdJtIIdbuhqqDLtm9FB:sBOEuxNecw041kIeOnJtIIdjqnKr
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bckupkey.exe
- Size
  
  204KB
- MD5
  
  6ea62599a65aba234ea95383fafee749
- SHA1
  
  765b952f6d4f05aed23140efdaaea722636ec5fb
- SHA256
  
  2e942e3d9251dbcf32fcfa604ef9eec1e59e422691f549b81ea71d8ff611c653
- SHA512
  
  f058130a91def114a2daa6b30ccc2e79c79bde211622c9df6df013e37ed174c533ce43ad586f5fb51623c9499e400dc63d553c37029cf89f41bdce06f68463fa
- SSDEEP
  
  6144:1ta6eEO0FNbQqBO7rB4Tj6Plor/548K+fsj8qEeU1TQatCJ90wv:Da6eEOUNbbBO7rB4Tj6Plojq8K+fsj8C
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  efsdll.dll
- Size
  
  188KB
- MD5
  
  a380576572ca1a7b23ea2c05fbdadfa4
- SHA1
  
  3755d18417b1338d5fe1b3560480a3fed558be08
- SHA256
  
  9a55de57f24a2ed96759a8e8cef0470ff09e79174dfc7220d36a586c4ecdb01f
- SHA512
  
  58352bbee22a2a3a37547f398924b447601a9d9dae532d04255f5524c4bad913ea48a142880f2cbf2b36fb28d2820d1fe967c5a9e5ccfc56c9b04dbc7da5ba48
- SSDEEP
  
  3072:naUfLpn9ocdukzaOjBh8nSf35/IexSzGbflbD+fDyBGdx6Mxo8tsSVNXRyz1s4ml:nXDp9ocdHjySP5V7l/+8GdxNq8tfVNBn
Score

6^/10

discovery upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  efskey.exe
- Size
  
  194KB
- MD5
  
  5aed2dc2ffa22134e8204301dfb7bf12
- SHA1
  
  6b1c81390c18739849ca105c8d45a1d305094d46
- SHA256
  
  ade854f456f8bd05aeaed87de207caaa84b5ba457ad1dcfe902d252478564c6a
- SHA512
  
  f794567e3d06e2e39cb70ba793a8871dd85fa72e542ab7775b49f2053ccf6121d2a909f3a13a9182ee9553fe873127af2cbd0b808d07d0ba87694131d76579dc
- SSDEEP
  
  6144:qU9rVJ56cLxGnl8JTtE6xNPOTSE2Cy/rcK:VVJnLxYOtrxsG
Score

6^/10

discovery upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26
- Target
  
  fmkey.exe
- Size
  
  568KB
- MD5
  
  7285b5ed94fcf0c831d00d42c899a7fd
- SHA1
  
  b8f2c611c542a4746572f34fbbc3fe77aac94934
- SHA256
  
  7d2489b9a0afd221acafe8fcf2abd4a1650ac7d3facb12eb5d50e16f758a021c
- SHA512
  
  905e31ed3ded409bb6c9d4d49d087cb6cd91c11b08a1d23ed8caf4f6a9dcf4a24e3d60d6b0c21815b7e29fd73d303bad74f076b9429744a72ed6809e565b4a8a
- SSDEEP
  
  12288:FCJ9SHkpzFonHMEpguHv1+P+Tq28ds4iy0y7Lp+XQNkfwJA6oLL8aOeghFM4lPrq:FCJ9SHkpzFETxOseBbNZl/xh10pRPK2P
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  iekey.exe
- Size
  
  1.4MB
- MD5
  
  1ec49b8d563a805a9bd09810d37c4647
- SHA1
  
  a68a1b232681ba54b50e082c5f0a8246587d9f26
- SHA256
  
  125e1ba9eda1e87fe34eea6badeb749cc820feb977aab2f43623fcdb49729125
- SHA512
  
  bd052c014a8aea6f37c81268b0fc787bbbc758d657b938a0457d9da954e1a52b49bde7dabce780e64f6ec884aabfc0c99276d4cfd6617bf1c257a897e775212e
- SSDEEP
  
  24576:tEJ07sfwY328G9vv6wCoGjTUzQ4TiaZGxjbsYTyKghGALQKOQQDOMc:tEJ07sfFo7LubsY3ghGnKOQ1Mc
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  lnkey.exe
- Size
  
  92KB
- MD5
  
  d8c1536eb0941b40bda8172bf340fb42
- SHA1
  
  430571c8c7f82de2bb3fedbe905464cc55d59ff0
- SHA256
  
  456d90eecd3d26a712dfe29a660f87d0174847649b22010f2a762c75045b6f36
- SHA512
  
  e2fa42d33a1696d64b3ff9216390a05639f8fd9f45cd6fb5d373ebc928e162b976354ca41461faa33bb2bff12201f6ae8be19c8b3beffc6c0af74912e17e0ba0
- SSDEEP
  
  1536:qNdBP+abJW9Zk5M2QPnkQc7N4Kgwkj4p0waxgJU6rF/fKydcU9syPnf:GvnlWjk5M2QPnLcxgJwaxIU6B/pdDPnf
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32