b91fb7455e3ae1f7fce1ac4bb5b37f33d931fa2ed40596b66d2d2d46991f4341 | Triage

Sharing

General

Target

3f6aa36436658bff007615487982cc36_JaffaCakes118
Size

1.9MB
Sample

241013-mv9bbssemh
MD5

3f6aa36436658bff007615487982cc36
SHA1

dd451a0190a75a998c15c75a5576f224147f545c
SHA256

b91fb7455e3ae1f7fce1ac4bb5b37f33d931fa2ed40596b66d2d2d46991f4341
SHA512

3988c082b4f559e8858780cb748cc7e909a6eb1562a9e0e6293bc6ff702d198776ccb4ef183ab47f169cd6ba48f7b175846895c42d4dcb04dbdfeab21b0ba316
SSDEEP

49152:Xnj0ib/HSxg8zQs9zAjFe/OhfLIzVoP54lHC:XjjPUghs94FKa0Zc54lHC

Score

7^/10

discovery vmprotect

Malware Config

Targets

- Target
  
  160_2037822_a24f8e491ff2eba/Patch.dat
- Size
  
  1.7MB
- MD5
  
  e81abb49d4e34317d0c8861bfc0013dd
- SHA1
  
  6f413d8e2a5e09e00c4db35816ecb73dbeb0605f
- SHA256
  
  6acf5fde1ee9d9499fa9d641ca266aeb595d8ca82dde8f15657644350f1c7d0b
- SHA512
  
  2a4e6c32c3438b1335385e632704a61949737ec44e14b77abc00401efe2616c6431e307c1f55fbf190d55fcc66dc9770bcaa4428f9fe4b7fac73f0fec1ed0dd8
- SSDEEP
  
  49152:nVbrSXFhi+pygEJTcehTnHyLOXo8vnAEd5Ooj1:nVbmXFhi9OcHxXRvt5Oo1
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  160_2037822_a24f8e491ff2eba/Patch.dll
- Size
  
  56KB
- MD5
  
  b049aad4549f4a83280d51a3dd810462
- SHA1
  
  3f5bc248e3970121eda04d3cec6ec49b9ae872e4
- SHA256
  
  17160442fe521442578b290c72a90fe590e4698657dd95b447bf5b1c0163950e
- SHA512
  
  9d8a1eb25d1b27f87a7227371f5c94c8eb604073187b74600ab1c6e01ff4e65d5356310fa4a3da6073525bf855942bed0f20b31669951c15d15ba87019a23bb4
- SSDEEP
  
  1536:I0uINUo2iFZE/IIMkiHiS1boFhIpIscMnnXnH:I0uzo2iFefMzc2IscMnX
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  160_2037822_a24f8e491ff2eba/官方网站.url
- Size
  
  205B
- MD5
  
  aac8d89eec013717f7a16acad89ff501
- SHA1
  
  be9bfb2160d8d9878b15e3c773f6160fe7d79a96
- SHA256
  
  c888778d277742ba668cc1ca017752daa3f8dd52e51dd7603738315498f4e779
- SHA512
  
  9c28f1a851299ec8abd5b0dec5f128191c9b9c80695a21c9ace0e8dd6c28ed5a953c52e3ca04e5a714a88e813455d495e3051c22f0515cbe227fa363bb77e820
Score

1^/10
behavioral5 behavioral6
- Target
  
  160_2037822_a24f8e491ff2eba/帮助.url
- Size
  
  241B
- MD5
  
  3c27eb9eb42fac28b3268a7bd45ca4b7
- SHA1
  
  8fc72aac99a765507491428aee587d584fd0958b
- SHA256
  
  d7d03b924f65b1425057e7a10e245ee041492ad3eb32c4b46e914e37e75dad72
- SHA512
  
  7037695676741f09549ec3dc8a5214426599e2596edf8e2abd9ce406f6fd6d66b0029e251929a25bba13d5e7ee79c4af8ebb00f3c645c5b2942a600b10e0db13
Score

1^/10
behavioral7 behavioral8
- Target
  
  160_2037822_a24f8e491ff2eba/街头篮球辅助.exe
- Size
  
  644KB
- MD5
  
  7521bcecdf40a157cdb0de2abf44ca98
- SHA1
  
  edab44962505b831c888e0618ef94e27b32d3cc9
- SHA256
  
  c90558b6284e76090f72047aed44e3f290d75cf716ec6f8c42c71929b4ccc208
- SHA512
  
  460b6c86a9fb050c7c15a8b4307248bc9d18bca2f5c23b19306995ccf4cb4bf643a147859e13178147a753b2af04ee8f212b55604ca7c1f8e65d7860ec0b09b6
- SSDEEP
  
  12288:yr6s54syWbGnJo/G0hProO788Sm04UG3ou6S:yP4LWCnJo/G0hPrfA8f0HG3ES
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryvmprotect

behavioral2

discoveryvmprotect

behavioral3

discoveryvmprotect

behavioral4

discoveryvmprotect

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10