5cfee470d4f78de5aab023766bbeaae56c4545433ecb005c5e0394f37dbbd9b2 | Triage

Sharing

General

Target

0d796f670121abcfc86be4b46402c347_JaffaCakes118
Size

367KB
Sample

241003-ct5awazdjp
MD5

0d796f670121abcfc86be4b46402c347
SHA1

593505eabcbea04a90d9039f580f009092821454
SHA256

5cfee470d4f78de5aab023766bbeaae56c4545433ecb005c5e0394f37dbbd9b2
SHA512

cbaca11478059bbafe69726a612f6c1697bedd7c8f1a75f23dbc599d8a3c703e36453409e7aefe9a0b32836102efe7066999a0c56f8b50f27e108ba3b489e437
SSDEEP

6144:AkNRExR6FlfcaaZy+T1jC6a92JQNLEjk9cE+2WQzixdzeX08IA93aTxO8GWJqm7K:AWRiYfcVgQJQqFQGxd6jyw8XJqmFhuIa

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  0d796f670121abcfc86be4b46402c347_JaffaCakes118
- Size
  
  367KB
- MD5
  
  0d796f670121abcfc86be4b46402c347
- SHA1
  
  593505eabcbea04a90d9039f580f009092821454
- SHA256
  
  5cfee470d4f78de5aab023766bbeaae56c4545433ecb005c5e0394f37dbbd9b2
- SHA512
  
  cbaca11478059bbafe69726a612f6c1697bedd7c8f1a75f23dbc599d8a3c703e36453409e7aefe9a0b32836102efe7066999a0c56f8b50f27e108ba3b489e437
- SSDEEP
  
  6144:AkNRExR6FlfcaaZy+T1jC6a92JQNLEjk9cE+2WQzixdzeX08IA93aTxO8GWJqm7K:AWRiYfcVgQJQqFQGxd6jyw8XJqmFhuIa
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  9KB
- MD5
  
  225f776172f1baccd2721a6e5d512b36
- SHA1
  
  2dbbc86f7b0285682880a627b56a75de09f4bed6
- SHA256
  
  ecfcbe30f5b248673f9cbebb734b9981ed14b06380ea787c563d67b30e2d069e
- SHA512
  
  4b99a5ac68122501a5913cf54bd3ae99d851d57656b0e136980122739cceef739fa2d5ea097f2442068b9489a4c25ea0884653c41d85f27f25996792bf6c21bb
- SSDEEP
  
  192:MMr/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/:MsXGqM93Bi46AQ5Vujg8/
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  96KB
- MD5
  
  da5be8a2066d67c93265dcd6a9c9dddf
- SHA1
  
  8fe968e27e259530dfb435511b1dbe4d167bfda4
- SHA256
  
  30dc225ef4a4e084ee65c0912d07abdd939d5a49fb3fda535d6c41ac6b112f0b
- SHA512
  
  d7a98903adca16124c538a12ae912432d6ebc1874e9beaddf394004e96a33a58ab68f5f2e2771b83c56cfc53e05e314d4ab79d5c034459d7bcfd31090fd4bf97
- SSDEEP
  
  1536:8/fL6f67dFj7xWkdX+zHK7K2h9PORs7dR0h1UgDH40NF:8nL6f67dhxWW00tYwK1UgT46
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  35KB
- MD5
  
  2cfba79d485cf441c646dd40d82490fc
- SHA1
  
  83e51ac1115a50986ed456bd18729653018b9619
- SHA256
  
  86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
- SHA512
  
  cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
- SSDEEP
  
  768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  8KB
- MD5
  
  249ae678f0dac4c625c6de6aca53823a
- SHA1
  
  6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201
- SHA256
  
  7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce
- SHA512
  
  66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7
- SSDEEP
  
  192:r/QeHNWSvUTfWdXw08LYKFaynLb3MRlbOVlR:7jBvwudT8LJxnnMRlyVlR
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/downloaderDDLR.exe
- Size
  
  58KB
- MD5
  
  c7f6ed56312c8fbb58ae6ed445c38df4
- SHA1
  
  e2dba94ef052db774478b9f7198c1a2298b334e5
- SHA256
  
  fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24
- SHA512
  
  ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43
- SSDEEP
  
  1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z
Score

7^/10

discovery
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/downloaderOFFER0.exe
- Size
  
  58KB
- MD5
  
  c7f6ed56312c8fbb58ae6ed445c38df4
- SHA1
  
  e2dba94ef052db774478b9f7198c1a2298b334e5
- SHA256
  
  fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24
- SHA512
  
  ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43
- SSDEEP
  
  1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z
Score

7^/10

discovery
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/downloaderOFFER1.exe
- Size
  
  58KB
- MD5
  
  c7f6ed56312c8fbb58ae6ed445c38df4
- SHA1
  
  e2dba94ef052db774478b9f7198c1a2298b334e5
- SHA256
  
  fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24
- SHA512
  
  ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43
- SSDEEP
  
  1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z
Score

7^/10

discovery
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/downloaderOFFER2.exe
- Size
  
  58KB
- MD5
  
  c7f6ed56312c8fbb58ae6ed445c38df4
- SHA1
  
  e2dba94ef052db774478b9f7198c1a2298b334e5
- SHA256
  
  fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24
- SHA512
  
  ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43
- SSDEEP
  
  1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z
Score

7^/10

discovery
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/downloaderSTUB.exe
- Size
  
  58KB
- MD5
  
  c7f6ed56312c8fbb58ae6ed445c38df4
- SHA1
  
  e2dba94ef052db774478b9f7198c1a2298b334e5
- SHA256
  
  fdb8452173a4f116f6e362ab5466c3c16bf6697502fe3d01db0d82f0e339de24
- SHA512
  
  ac43e5bb31c3c0876a7768553916cce76d92088e62594e8463b128a0d6e587c48152a5efcf0b2a5e8fb43028d46913df114ae3c3750b7e6c4212c7044518ba43
- SSDEEP
  
  1536:tLXB65939tY6HBg4sXJhweErCi/S8qcy4PLv:tLk395hYXJh0C6jy4z
Score

7^/10

discovery
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $TEMP/242e617c5eaa9cfd3cf9deecfaa8ee6f/preinstaller.exe
- Size
  
  241KB
- MD5
  
  9d8fe8bcc4c493b2fd1da8d2b07ba57c
- SHA1
  
  aa9366eb9210c8a5398b5e55921c92ce8970df5b
- SHA256
  
  f33b7419880c7c90c999970e4c21febaaf6d39fdb02f9d9deafa8f8d97f3b3eb
- SHA512
  
  3fd58a0d7c870e8b07eb17f8f088d505ad98c7101733972f486a2946d18babfe0e4866ae28a16fe2481e006c26cbdf2d3eb1a2dd71bb44c084bbf14fea475216
- SSDEEP
  
  6144:gLZpiirZUwURUebtBGVBpBwXVUTL7E97IkXQxBRUoz0iYvF:4NYEVjBwXVwM9vylz3YvF
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32