0e2191f0b1c0dbe48b6976219c92858bf14e63d45114db1d79e690161d3416bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0836ab9e1c375e9020f2906fead9101f_JaffaCakes118
Size

3.0MB
Sample

241002-bm147szdjp
MD5

0836ab9e1c375e9020f2906fead9101f
SHA1

5cb07b71dd7269d021653cfb97ed87c377d5b335
SHA256

0e2191f0b1c0dbe48b6976219c92858bf14e63d45114db1d79e690161d3416bc
SHA512

0518d777f87e558fec3d76a084ace0b4be15114343bc681d9fe95faf3fb4b8fc50b4df5b1eab50892c33693809382bd330006276e10940c26dbb634353f11c51
SSDEEP

49152:KvgSn30JYVtaDI4+PrzA6LCsXDlSJJvMqWJh0XCbjjHp+2O7yVgF5NEOCbb1ca0x:KvgORDa84+zzBT8JJvTOhYCjJ+JBCOT9

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  0836ab9e1c375e9020f2906fead9101f_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  0836ab9e1c375e9020f2906fead9101f
- SHA1
  
  5cb07b71dd7269d021653cfb97ed87c377d5b335
- SHA256
  
  0e2191f0b1c0dbe48b6976219c92858bf14e63d45114db1d79e690161d3416bc
- SHA512
  
  0518d777f87e558fec3d76a084ace0b4be15114343bc681d9fe95faf3fb4b8fc50b4df5b1eab50892c33693809382bd330006276e10940c26dbb634353f11c51
- SSDEEP
  
  49152:KvgSn30JYVtaDI4+PrzA6LCsXDlSJJvMqWJh0XCbjjHp+2O7yVgF5NEOCbb1ca0x:KvgORDa84+zzBT8JJvTOhYCjJ+JBCOT9
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f7b92b78f1a00a872c8a38f40afa7d65
- SHA1
  
  872522498f69ad49270190c74cf3af28862057f2
- SHA256
  
  2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
- SHA512
  
  3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
- SSDEEP
  
  192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsJSON_2_0_1_1.dll
- Size
  
  81KB
- MD5
  
  e07d77d9fbb7a0905f28592cccdc3a83
- SHA1
  
  318cb13331ecf97ffb53ef6c9aaf7b681cf070c1
- SHA256
  
  06bed90ca7b5378867fb3e75660e88783cf31cd3833de2fedf5f048dbe1031c0
- SHA512
  
  6505aca263f1d6c0a4233d01db7c7eb1a1b2a7d2b31d69b8134c0e684fd9bab306c0a8376915948e8cc5798137f58711f717bddabc962898fafb3641ea3aea14
- SSDEEP
  
  1536:Hbxeuc++cpnIrlyAU8b44r19NKTAdkFKEtkBbtfNoz:Hbx7TIwW9NLdqKEsbtf
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsUtils_2_1_7_0.dll
- Size
  
  282KB
- MD5
  
  8d0fa62721bd91973d94922694cb0407
- SHA1
  
  f72a190bcb8c5673da2e06ad31bb12414aa2059f
- SHA256
  
  9ea7b204977933663e174214de6988fa74ce878fdce8796cffe946188bcf0dc9
- SHA512
  
  5c0f5c1ccd5d0118afdc75346286648924dcc7e0fbeddb0db7b8fcf9a57a74b59c44eddbcfa26d5fbb6dfa48055778dcfd094da785daa400fc89d443c689919e
- SSDEEP
  
  3072:sv9tK0KlxH2bERS0N+yjubjz5Vzymj9dELTK++Zkb/zn+WqfZtWze4S+ob:sv9tZ6xWdcpuTXzyQgNTS3Wq4Nob
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/SPStub.exe
- Size
  
  67KB
- MD5
  
  ea5c1d73fb6840b69e5034ace95684af
- SHA1
  
  954c6bc07e97c488d4a1ccb6a810b320e5edcc64
- SHA256
  
  077343d918a7fa4d693ae1e5c535999f371999533d16873cde5db679e105ddc5
- SHA512
  
  d737b4db8bb1daa695c66c18b4175db5419c5b4aaac460d20f91d575cb210360489e75e947d80bff0791109102a768a65a5312fd77400dfecfe2d9c27067442b
- SSDEEP
  
  1536:/dZEszWriITJGrvopX1VF7CXjl7y0CjUErcPIL9AJHgCg/7:8szWOITsEL50jl7y0CjXcPIpb7
Score

7^/10

discovery
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  5ccde6cbe28a74c393f2b7b6f5cc7458
- SHA1
  
  f49a9731b0c94418430c2d82970164b21acb4bfd
- SHA256
  
  2c2db6b7ca5781a34c30c42c18ec1ece1284b8d500fd0251fa383fd7b1eeb6e0
- SHA512
  
  f2a24ec74409f006c9c99ea5ebe7e33de6ae8f49d8f90b05d1f56de9c0ae17a31b3217a71ccf2dc33ebb4305db19cad2e296f32f12273cd9bcbb2603d536100c
- SSDEEP
  
  192:sBer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4SySXe:sK7Xws4FVWig86/5eCBqSySXe
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  29KB
- MD5
  
  8326b29343614f3db9d8e3da200bde36
- SHA1
  
  c4fdab266af7f1c0eef0e77c77ed8ba38bcac667
- SHA256
  
  7a438bffdcade504d71ca822cbd852d4f99f9a257493031e7340eec0d0d44172
- SHA512
  
  a24ff4dc59e0f5889ce0d3a2a1130e17edbf161ffae8d247b7d929a6b9ffdcc08cfae19141014dc51d2430048dda5cdfdac64268789c4dd4bb39a5b277ef56e2
- SSDEEP
  
  768:WOG8sUAUnt88CFJDhmajMA7IILh6bCg/a:RGSAi8N456gCg/a
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $_114_/Conduit/$_108_/$_14_/UninstallerUI.exe
- Size
  
  1.7MB
- MD5
  
  9a92464e62d44cc885fa4e64214ca1b1
- SHA1
  
  75f83d0e2071210c11b550863ec82f53d0e195a9
- SHA256
  
  d38bbdc83b0e03bee39a19f23eec00150f37dd85853235ba99cb4d1ad9c22609
- SHA512
  
  6c8170c0297e366ccb1ff85050523974f156dac4dcf30ec6d7bb5767876044427ef03982c20b3fef34316c98f0ac216f4a328d0586713775c563bd3657d32f95
- SSDEEP
  
  24576:Rb+VqVD1JrC7DU0z/DoCQK6Iu+SBfXioO70GwcA8NYusbDkUTGq1Cxo:QmDDkAe/UuQ9f3C0GwcA8NyGq1Cxo
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $_229_/$_229_/$_234_
- Size
  
  623KB
- MD5
  
  6796f6e449f90a543dc3345538acc46f
- SHA1
  
  97bccd25561f44e9b13f05f6eef083c9ce9ba529
- SHA256
  
  f22e58cdfe94d4a5fbbf2795a743b167ed9923e289e14654631e0077dd306c1d
- SHA512
  
  f4402027bf1d40f550aab809b17f3bb8543ae76694d1a0ca429c6e1a0e2eacd835b81c4d8f13debed5c80e51c4214991ec8dba8f3a5731b8e5c8ff88e047685a
- SSDEEP
  
  12288:UCSztmLUkx5XDYSOmt+DbcA5fzQI9UsbmdcUyQTSrM9H/F99CcknD:BSzwLrXsEkDbcARzQI4d9TSrwF9UXD
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $_48_
- Size
  
  4.9MB
- MD5
  
  01799def4ee217264f0abd2ccf1beff5
- SHA1
  
  19c0679fa65f480c9a0bc5c43396d2adec8bcaf9
- SHA256
  
  3c48249174000b2a32d2d3388d79e81ad4d2ceee3885cf054fc1ef1e69e914bd
- SHA512
  
  6355713b40ace5d39d902adafc06485a9086f1735e2458d88146b86610de1aaeb9ff436a59d807386c4728badf13cea6a27b3d9e0e4cf0d6f6927bf6972e82b0
- SSDEEP
  
  49152:m5beEJSI5t12S+S3DgnCdjfKcfn+vx9j9d9jhkPcFigoSqd8VzcDCeXoVcx3arQS:RE4I5t12S+1yQJdVhkNaiqR9
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $_65_
- Size
  
  221KB
- MD5
  
  480994ae776f86dc885fd654665ebdfa
- SHA1
  
  1caaab0ede5fdf753f0dfba5b395a2840cd0a76c
- SHA256
  
  8d0f51cfc52347b039450a4ffd3e0b35e3c550451748cc711239cad650dd85f3
- SHA512
  
  aa85488e329ef86c1354db774e612ad2594049358bc93a6b2ddca2bdf767e60b666f985a062b2c19b0cd08dbab936f7012e52c579b37a7d2abae2014e4f708e2
- SSDEEP
  
  3072:2doDvO+w1LcIzVUpFmu3cuGVNeWhwjoF6+T04rGEY9DZlvLRlcLu8A5Hvol:2donw1LPVYf33Gw5T4iE2XEu8SHC
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $_69_
- Size
  
  84KB
- MD5
  
  943f313974a830d4634c73beb8103f5e
- SHA1
  
  c58417722c0b741ea8d55d06914e692180900885
- SHA256
  
  506946980ae3833a4108ea78504acc1e708b804e60cf6751757f20b69410002c
- SHA512
  
  7ec39c2f831f5ee45d69563ad306b5515f8795edfc06ffdb5a055c999e1c877a1935d43f40d065c69709a6abd33115d2dd857d166c88afe55708f9c3863c1843
- SSDEEP
  
  768:pTtvwGU8Sllhu26ujhzEA21SD+f7g/BGnpG/qWDNKFcp+LsWjcdtn87q2BTnepF9:5Ul7BjSws1QChcp+LsWjcd5dhpFuuH/
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $_73_
- Size
  
  325KB
- MD5
  
  2a48a0cd819728a99b8ea8114f84fed1
- SHA1
  
  efb534d515903744b9755391a417051902c16de2
- SHA256
  
  2cf6e4c6f61905136013e62c06a15460dfef9b6309d90830dfa34cfd824e7bc2
- SHA512
  
  1c9947ff3e40d4b2561936da2eb1a4bf2722ca9b0349f1f707cfcf5e36b1bd52e5777af6720c511cbb078c2078af2f87bfdc9984ae2ede16a969c376a1b5687a
- SSDEEP
  
  6144:bPooCgADbU6phF3LGFGl+fx1zsmL9WEM/:7NCgA/vGYl+fDt9WEM/
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $_74_
- Size
  
  1.0MB
- MD5
  
  b4ac04ff97bcf208b4c6074423349c78
- SHA1
  
  c325f9a28c049d03e23060686a70b398531cdb05
- SHA256
  
  58aa3e900c527c7775fd9663ba1f877686fe5b5538c78461db0ad2d2765c2e00
- SHA512
  
  0ea43dfd66a3ebe3f1da7f4a906c69ea70fb743fa8256f6d8b6ecbd0132d38ee6f373bff7c20516a435e3a2d93592813fe2a9cfb645c62a27bf15c2487acc1d5
- SSDEEP
  
  24576:SgPrO8Or582TRT+k4D+KEGVdbXN1nUo8zybQ/VXAfCej5JXFCnFI+gh:KQHXFCnZgh
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $_75_
- Size
  
  1.2MB
- MD5
  
  0cdcb4b27180b1e7106ca7807b944454
- SHA1
  
  ecaac2b22c5df388fa3847749c931aef458384b8
- SHA256
  
  c327dade81a8b391ec2f54ab5cd65cdead84791f441e02f5fa7a9fed5f3aa7ba
- SHA512
  
  ef73ece65fcc9be03e3cf4b07412f1326cfe7641fcf756ccceecfeab7e0c4d8b15506a135e2f7c53c4f1a8f52b0c8a1c193749a1ca36a5fd909b53811d0164af
- SSDEEP
  
  12288:cCN84/q1S+UThBIUjndvMYHBOn266+P13+QcKFk5l/awFlR4VXyAj:9NaS+UT5nhOn2/+P13+QcmqYwFMpyAj
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32