73a10974bfadbc4993834895fff5364c79e108e3e405019ae520b6fc09c7c8b3 | Triage

Sharing

General

Target

0878f702ad2bce738d258255f7595dae_JaffaCakes118
Size

14.0MB
Sample

241002-c4llhswgre
MD5

0878f702ad2bce738d258255f7595dae
SHA1

3e4b1f36d6500b82fe5373ee5039ab87b75939b2
SHA256

73a10974bfadbc4993834895fff5364c79e108e3e405019ae520b6fc09c7c8b3
SHA512

dc55016e8ca443e68e332bb2aac8edddf8077a2caaf8360f1b7c0e9f39423dcf908f64386f1ef2cc37026279977479537866b96516307a35d5681e6634e88dc7
SSDEEP

393216:iSWOou94EU0mMzTxvOq2SvdwFRc/DGJyqWkcD0oogjK:iESBMvxmq2LFu/DGJyqWkcD0pn

Score

7^/10

aspackv2 discovery vmprotect

Malware Config

Targets

- Target
  
  أˣ./3km2.dat
- Size
  
  593KB
- MD5
  
  bed2ee4efa7b8478e1d1e217b9969ba5
- SHA1
  
  02ce5e1b07e116eb22f670291a29792ae10293dc
- SHA256
  
  5e632ac2f71f206469dacb520e5d8699acc42136d4756789a37b59f08bfb6a72
- SHA512
  
  7fc86b7f9987a8a65328d424f6705cf563039d8a5706e595b834a944703dd69f5fcd235e6f7bc98beb1d1f48c71a8ce71784475dd535daddfdb3fe4756b4c2b5
- SSDEEP
  
  12288:KP4sdbAk9KOzP6Im9LkjNRqVKWxIyxNd/66B8LutWa:K/VAkoOz6IbNwVNyyxN966B8LutX
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  أˣ./Game.dat
- Size
  
  2.4MB
- MD5
  
  3c52d056abcd36891f3756c9c32b9ec4
- SHA1
  
  aac576ea7526643c543a38b3aeea1672dfbd39df
- SHA256
  
  7e4aea4015ce73df78a438db093b3c432d74cd5b382f98293dff936994582b5b
- SHA512
  
  b848a492da202d084a0428cb9876fdc8a9a2983130ad71fc799bfe3d567785e2c33af1d0784abc89723f91afe5dfef92af4d4d8764527e8adf9a33d5268dec59
- SSDEEP
  
  49152:zOG0YULrXczcU2HTyf11gFjuKMvFochfagwgRIvjq9eG4bBRIUCQc/4DvJL:z/fU/szcUM+f112HMd5hfagvRIbqMGy9
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  أˣ./Main.dat
- Size
  
  11.6MB
- MD5
  
  524cf04373bf1f76c04c600b66eb1002
- SHA1
  
  f1d097b8ba4062e443d6469eaede298bf0b755b3
- SHA256
  
  518270e3225c9187aadd3d7473affd75d17a6c76010c5a3ea82503fb556fe580
- SHA512
  
  95f3a707bdbfca05af04ca1ca9d35d2117f14aa0301ad715579806e64ef3aaeef861aebc38d4dbdcd5597a05bbd36ec7999ed71e036c0b8e4d52a43336433f0a
- SSDEEP
  
  196608:EWXkQHihawDFTn8gfuA5FmD2uv4Sv4r+jEC:dUw09VflvI2sPv4r4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  أˣ./Net.dat
- Size
  
  1.3MB
- MD5
  
  768051a97d379c086b203cf3410f8007
- SHA1
  
  b283f03086b04c2415380505ac569e9680689390
- SHA256
  
  a73f7a11ff6080737bd145a1226a4a4984e2054fdf2c5fcc702a8b76f4ea5a4c
- SHA512
  
  402bd74de79752351aaa1207bd56d7c2a38cfe8e7d7ef6b56acbdb33969b4da434998bf6f1647686486a0be02e854643940b91866fec67ccbb6faa185ef88702
- SSDEEP
  
  24576:a0LUU9eTE4TOmXxpCKnALKuZKPY90g6KKusA/BEsOdF2mAEYksCN5I65St9+jv6:aIh9ARo+SKPY6GKs53eF2mdsCNC9zB
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral7 behavioral8
- Target
  
  أˣ./Sysy.dat
- Size
  
  589KB
- MD5
  
  aa635318e46723b8885274294e213ea2
- SHA1
  
  4c50afc5669202e5ba714e3ad4007ba3d4a86c24
- SHA256
  
  43b3aec6cf4d7a0cc0cca641d6075b6c883c6ddd510cc6f0a922ba18e9868f26
- SHA512
  
  0c98bfcf7b05d2ad0cb1d72c720ccaa7d48e078c06038711c69c497855bf11346b0e7d3384ff2299d3bce04fda8fa16bf2f1a87784a8763dfac6094a030c27d0
- SSDEEP
  
  12288:/yJJ709hYspBZisIkd17Xk9q/vKsaeQiDxSork4Dlnd4:2J70csp3fIkd17Mq/vKsNQiDxSwkmlnd
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  أˣ./WeDlq.dat
- Size
  
  197KB
- MD5
  
  0d20b5fb402cc697ba053a75d960535f
- SHA1
  
  0068d858c91c2e1ba299bf24a1b07153a47242cc
- SHA256
  
  ed9c061e38cffc11d3f26de058b51efed83facc89d25721413b1a5c771752125
- SHA512
  
  f6c86959a0c9c71bbabbc6df6f35b7ac17c9d82792ea658d1eb2b7e8bab30ae3f00ce53478f520229b2386faaa6e90f1a5ff5ebf44b8814b9b7d596cbda3bd37
- SSDEEP
  
  6144:Vbb4NmBRe2P6l4fnkgFc5vWAqol7njhTmmZ:VWsRp6l4PRqQ8jhT1
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  أˣ./WeDp.dat
- Size
  
  115KB
- MD5
  
  c815d7f2926da6dc707feddc10a859cc
- SHA1
  
  37940599b23d85b03640954a5c720c535fbab0eb
- SHA256
  
  49d12f3e15b6164ac1af9be4512e13161f9959709e11efd846ac9e961f8104d3
- SHA512
  
  b1944174e19a87e518b628dd85ca1d035de72cd4f060099646506ca6f3362b49999f515c3527e782fa7acb5ff05cca68a3223225e52c06aec4f68ab9bf124cfe
- SSDEEP
  
  3072:6Lozc+Kcio5fh84Waa3WFCvd2tAuSC9Q:6VCiitWa9cA
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  أˣ./update.exe
- Size
  
  1.5MB
- MD5
  
  8152373d9d14c676b4a0f3e45a5b48f9
- SHA1
  
  3889cd404aa157d3f9341f8f828d6d1e907948cb
- SHA256
  
  496cd5deaa0a76d6182fad71e8d23babbb9f82d8a0ba8298cecaf83429a1aa42
- SHA512
  
  f2f9d1d978c343812be065700537ec0ebac6ea2f47690143a38e66e6f0997e62fc6e0619ab4b56d485cc90a8fbdfe2fb4baf4d0d9ff097d1bf86d9a7586bd3b9
- SSDEEP
  
  24576:DtgblejMoybMKvQ1uVKFDs2Rj9lIO0PxdaGT7TXQw+sYJ3Zj8QGul3BpuyOAK9L:5+ejMrbLvsFQYj9lg6sMwjYJpj89u1jk
Score

7^/10

discovery
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  أˣ./xkm.dat
- Size
  
  586KB
- MD5
  
  7a18fd586e1a48afd537ce970130b25d
- SHA1
  
  fca38c601ef9fc377c109e4814aa0953dcc22cfd
- SHA256
  
  2c6313440edc6a6d185877ea3cb921b615af67f6a1f8fb9e619066fbd065b894
- SHA512
  
  f13be8dc409827fc1adb23a0fd606a0476045c3a141c43b4e5e3f51add82ac6fffd395dc687d7deea54e9158996ec0aefd1cb68e2c62d6c61d70aebab8d950a1
- SSDEEP
  
  12288:gZ2XCuDjSyF66QrAbtXI8B1UUwyJcgIlzf+G0ooWzvXHrgZ6eqK647A:gcXCoZF9QcNQPSD0zf+ytzvb26e9J7A
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral17 behavioral18
- Target
  
  أˣ./Сɐ۽̴̳ȫ.url
- Size
  
  99B
- MD5
  
  fb4d4b140703f1bd006b2f877fb7a82e
- SHA1
  
  c76c98826c55082cf52d3f18ed9ebe8ac975216a
- SHA256
  
  32b20b17d243de7571dc69a01782eadf172128011021d1aa23b2465c073f8629
- SHA512
  
  542c9ef11c98769edc4b8b3cf5d9522bc0277f248942e9b1145e09de287d04b196c8240a6b33bafa80f48135589218241377d14e6f8c6ab379e83b3485784e6a
Score

1^/10
behavioral19 behavioral20
- Target
  
  أˣ./Сɰٷվ.url
- Size
  
  80B
- MD5
  
  de22ce288420d5ba2bb72202933a8274
- SHA1
  
  8fa0287eba542c94bd9ee338f49e95d1fb157e2d
- SHA256
  
  028d7f087333c48b9e79c7dcec591dddc41db285ba4ceafe434c845082d2e861
- SHA512
  
  8e9ae4d19f37b9f80b2b7c6534734ded93a714b3768957042f5b045cffdac09f35b17e96c812ac72ce14bb024d7dc3ba3fb7698ff84242159de1d36f451d5967
Score

1^/10
behavioral21 behavioral22
- Target
  
  أˣ./Сɰԣ.exe
- Size
  
  472KB
- MD5
  
  de4eb249dcf4f7fe3bae56dc5e34ecc2
- SHA1
  
  3f72c4d11923da84e483bcc66fdc86cbfd4783c2
- SHA256
  
  6adde0c3a756ca9e9dcd5fd6a53cfe06d8ddf83518137e1c065c33edf252327b
- SHA512
  
  00c8d37c0134e7bd379ad594babda9986c3271bd97042a58fc3de0b4d253455f482928ef89e2dcc5c412767b9f83957cd98da8c6b39a3e35452f477e395138a7
- SSDEEP
  
  12288:tjNjDR3PdJGLxe0DcXD4ktPEwXwg9GlL6:tdDR3PdWx7Dg4kewklL6
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  أˣ./֣ɣ߹.url
- Size
  
  104B
- MD5
  
  9008a26f8a4d53bf32b9c657fc6a2b02
- SHA1
  
  f3a799b5162aa51de109d52ffdf0d30c513a111c
- SHA256
  
  ba496501605699559b126cf21cd5ca64339e48dcf12601c95f133b6e45c15a1f
- SHA512
  
  a2cce770ec72b4b61e45ab1e014030e72669a9914bdd90ccdc1b5b23a77b50325cae1c36e244d561d2877ba56178e170a484cf14689c9a42f7775f48fc352d47
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

aspackv2vmprotect

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoveryvmprotect

behavioral8

discoveryvmprotect

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26