812b811e7ee8a2b7914e861792e53b138035d21958ccafa69f1f8481b21b1df9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f2ae96ebf17a0428a4956a2c36fd4c8_JaffaCakes118
Size

58KB
Sample

241013-ltyb1azfqh
MD5

3f2ae96ebf17a0428a4956a2c36fd4c8
SHA1

ed1b99a0d880ef8aec45f737e24623e5501d5fca
SHA256

812b811e7ee8a2b7914e861792e53b138035d21958ccafa69f1f8481b21b1df9
SHA512

5f19a3d75f24a49f64eb67ecb21b7228d16236c3063a6ea0c2bd6bbca3013465ff7fb570157ce279bbd8a112591ce650877d939c1a43c4b26373bbcea0f3aa0a
SSDEEP

768:Ziz5UFE4kcQpndNJYPqodb4hV8fX6gQAxre+yKM1Z6BSr/LTzKFar4CSMIZ6tVCY:ZU0EXzdAPqodbJtJyKMKyz8VMcSbqa4s

Score

8^/10

discovery evasion upx

Malware Config

Targets

- Target
  
  3f2ae96ebf17a0428a4956a2c36fd4c8_JaffaCakes118
- Size
  
  58KB
- MD5
  
  3f2ae96ebf17a0428a4956a2c36fd4c8
- SHA1
  
  ed1b99a0d880ef8aec45f737e24623e5501d5fca
- SHA256
  
  812b811e7ee8a2b7914e861792e53b138035d21958ccafa69f1f8481b21b1df9
- SHA512
  
  5f19a3d75f24a49f64eb67ecb21b7228d16236c3063a6ea0c2bd6bbca3013465ff7fb570157ce279bbd8a112591ce650877d939c1a43c4b26373bbcea0f3aa0a
- SSDEEP
  
  768:Ziz5UFE4kcQpndNJYPqodb4hV8fX6gQAxre+yKM1Z6BSr/LTzKFar4CSMIZ6tVCY:ZU0EXzdAPqodbJtJyKMKyz8VMcSbqa4s
Score

7^/10

discovery upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  107737e3282fefd85684f2fa3df6d1c3
- SHA1
  
  3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f
- SHA256
  
  21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0
- SHA512
  
  439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4
- SSDEEP
  
  192:FTmFxiXTQdQbg9FkGuz9lBDpO5DwbgUojcA96lK72dwF7dBG0N1:FTmriEdYQFkGUlI6vojj6l+BGE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $R1/do.bat
- Size
  
  102B
- MD5
  
  d832f102900a55378e225b79c4551763
- SHA1
  
  e51af196add9d9f3b7294a3a7f91982dad8b6458
- SHA256
  
  29d89e8100b79ea01d6cd2c50ba863fc83a7c787b42348c0968461b9541632e8
- SHA512
  
  69661a10ef61d3befbdabfe511cf3f04bf74fbda25036ea402e3eceff8b15fab32f76c61d9ed56b935a37ecf41bb1e8f0301d72dc7ef0517ea20a1b7e4ddc218
Score

8^/10

evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
behavioral5 behavioral6
- Target
  
  $R1/undo.bat
- Size
  
  77B
- MD5
  
  20a56583bb3a1f884b0d995bf529acb3
- SHA1
  
  50b2e6ce7ae650fd2af3920b56fc19ae11a759d6
- SHA256
  
  7714d53d9659926fb9583ed78bb48014a84b9f6688422c0fa7b81d79cece29a8
- SHA512
  
  41004def469f646139c4f0c3263b2a4d4f4db7fdf97e9ea30acc2aaeac1fb84abc0b7781c2a94a3956e2d2c70c0de8c16fc2f8fac007511d57871e2c200604df
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8