da339343b6578b3dac71c6936cb6ab35b22ad3bc3bee03b82e8a07f7b615834a | Triage

Sharing

General

Target

08198b508e575ea2d035610ad2e9d65f_JaffaCakes118
Size

88KB
Sample

241002-a2rzeasdkf
MD5

08198b508e575ea2d035610ad2e9d65f
SHA1

141112612eade43641b4ca2911f04bb4033c75c4
SHA256

da339343b6578b3dac71c6936cb6ab35b22ad3bc3bee03b82e8a07f7b615834a
SHA512

28e1f4789e654937417b16f9cdd2df509b63b666d850c3ab9f522ae155c708e4e4bf62e30410bed26ccce0c104f37a5de50297be50d8d303c6bf481f35ac76ec
SSDEEP

1536:x6DgAzkKVYB+94KtGlrqqXsXNHg7ZxiJpUtHEmeXzTAdQ63Nbw2t8XBmoz7:YDgAzRHPGF3ENA7WJpUtOXzG3dxt8XN

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  12.exe
- Size
  
  10KB
- MD5
  
  a9a91ee1e9e86236182bb4c3964ec7d0
- SHA1
  
  24c8f69f429115b14bef83e59622daf67d8d2335
- SHA256
  
  02ef82771cb0b65c5c35c26cd0491a7ebe86afdc96c62c2c69f63f96b395373d
- SHA512
  
  2a713cf958dc56a6d8638e62ee66256c9ce2c2a247b9174b023b1ef48a5f4cfa8ae8a40cc2b33bd96a462a51ff182ae3ca5d172036711576ce075d8a9b3fb4a3
- SSDEEP
  
  192:rVNkp+27PqpJkJCmtdwu0BgONC3HUK0WhKvsx3a5c+KGRvS22nj9:rVg7PWJkJh9RON6tKe3aVK0vShj9
Score

7^/10

defense_evasion discovery
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  honst.uic
- Size
  
  141KB
- MD5
  
  8189730ddc89f89d3b736c22f2a7780b
- SHA1
  
  d0d0e1f2d351f836db101cc4d1ec9181d97b3c85
- SHA256
  
  3e202d803a20e3fdde5f6f55903b86f7dca8d92f4414d465c8839d1a50355ef9
- SHA512
  
  4442abed537efc3050dd4095aa0857c7539153be3b5d8b34ce9816530c939a337e4d7fe4d6dfb27aa711a53d21e329f198e5fa154379590a314b2fe30db5dee2
- SSDEEP
  
  1536:/qlamnzHCTMp17dNfOHvE/llj0Gj90KuS5TOfNjm3zbptwzAOI5JQzsqQ1DBAy35:ZgzHCTLGj9b5TOfNj8BPOI5s8Dx3WF4V
Score

1^/10
behavioral3 behavioral4
- Target
  
  xxx.vbs
- Size
  
  1KB
- MD5
  
  1e8a915679747d307aad101cfe59e04b
- SHA1
  
  b11c1d5838b1ed170cf27a5c70fd8034b3a75e9e
- SHA256
  
  5eef4b9d49eda768ffce6d5613c115c9087c4000821473e0ca18089c863a1d20
- SHA512
  
  609e5b00cfc297fcd2d5132d98046da0065c39c2d806e8f87ce58eb696709aabc2ffda6c3f5ebdf2ec1a8483a562b9887b46ee2806621e7973cae576de255673
Score

7^/10
- Deletes itself
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6