05a6ead51af6d93af99e3f01376e092fe985cb9122403ea3e47adf08b71e5014 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

017c05a778e1d4cac74f77901d432827_JaffaCakes118
Size

68KB
Sample

240930-qb8r8s1ckh
MD5

017c05a778e1d4cac74f77901d432827
SHA1

c895644c06db6424e1ed2493f76bcf2dab45ef0c
SHA256

05a6ead51af6d93af99e3f01376e092fe985cb9122403ea3e47adf08b71e5014
SHA512

787ff0b0cb625d24f3bea9637f8f53eae60ddd2e512842863fe173c64191e36c358af647bdaff8b34b40ee62482c9f1b857e64a635d079ef0f6d09ba332f47f4
SSDEEP

1536:nDw9UBqrNzWTCC1FnjSPpCIKavveut0QqQYVtdJKavI:nDwmqrNzWWCnJIKagxQOlKaQ

Score

7^/10

defense_evasion discovery upx

Malware Config

Targets

- Target
  
  017c05a778e1d4cac74f77901d432827_JaffaCakes118
- Size
  
  68KB
- MD5
  
  017c05a778e1d4cac74f77901d432827
- SHA1
  
  c895644c06db6424e1ed2493f76bcf2dab45ef0c
- SHA256
  
  05a6ead51af6d93af99e3f01376e092fe985cb9122403ea3e47adf08b71e5014
- SHA512
  
  787ff0b0cb625d24f3bea9637f8f53eae60ddd2e512842863fe173c64191e36c358af647bdaff8b34b40ee62482c9f1b857e64a635d079ef0f6d09ba332f47f4
- SSDEEP
  
  1536:nDw9UBqrNzWTCC1FnjSPpCIKavveut0QqQYVtdJKavI:nDwmqrNzWWCnJIKagxQOlKaQ
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Loader.dll
- Size
  
  7KB
- MD5
  
  264a9bb1e3e418802a894c5bc46bd754
- SHA1
  
  9c8b5b69106d91d974784cb90d3721a1da10f5da
- SHA256
  
  264ceb4b74267138c9240ada79d7f0cbb02677a4e55fd39806c4e666722047fe
- SHA512
  
  a073bedd19e8bb3f107ebcf2eac9c91a5f8d6fcfab61f918c4f7c2080bcad44950d59cc6fed61896ca6ee4bea88262c2cf22b4071ccf1aa67e48f1badb4f1d50
- SSDEEP
  
  96:dXO5wUy8CaTsKKKy+1fbIEijoUXeq4ldKFo6TI:FbUyjaTsKKKy+Pi4ldKFo6TI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  ecodec.exe
- Size
  
  20KB
- MD5
  
  6a69232dfffa8fccffd49eeb551d5284
- SHA1
  
  16758b3d3ae503429353db39325e57656c22b881
- SHA256
  
  cd8c651804a57d45f74dac9b0d9f3a7f925c1af0ae4ffa0c397109ae7ea6e1ed
- SHA512
  
  6c70f0baab970d1f9c8067649b7b5703ab0adbd42887f65fa07a6b048a04f106533864e9950fd6dc11410c50062d4ceafd83b4f24743c5c5819829cb02701239
- SSDEEP
  
  384:QRBzeY/JasQG0fq1QflTpfRCVTBIlxqxKyaEi8FOjXY:eReyJaG0QqQBGVyaEiRY
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral7 behavioral8
- Target
  
  uninst.exe
- Size
  
  25KB
- MD5
  
  a4e70a9dc4f4c6342bee1a37f6d572cc
- SHA1
  
  cda78cbc2ea9fdfc75ccb2d54c744afbc2085f7c
- SHA256
  
  b94f1ae51986f19541d74f3b82b642e913b1bbaa11c9c6792172bc25b44f43d3
- SHA512
  
  c45ff95096f7b78ae17dc3cc5ad801e5a687980fe6663cc9a17c4cf658e1e31e355d91a0782c134750db6ba6e78de224dbcb0fdae6b7335f9d306d28e7daa8b0
- SSDEEP
  
  384:AOlOQjVw9ka2Bt8TM6lK0KsGFqP3dx1/Vby7HvCQD3FS9ZVKl67vb4:AuOow9UBqw4k23DdITC41SJKU7vb4
Score

7^/10

discovery upx
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

defense_evasiondiscovery

behavioral8

defense_evasiondiscovery

behavioral9

behavioral10