a0fd5e2c7294304e2f33a3fc7a0aed45b33be2a13e7d9d36c8aa4d354fb3bd77 | Triage

Sharing

General

Target

4bead6605384155d5fbaa73fa98e5732_JaffaCakes118
Size

1.7MB
Sample

241016-jbcapstdlm
MD5

4bead6605384155d5fbaa73fa98e5732
SHA1

7074b628ddf4757141facf5f3ec60c748a26b926
SHA256

a0fd5e2c7294304e2f33a3fc7a0aed45b33be2a13e7d9d36c8aa4d354fb3bd77
SHA512

f060e571db93f346b7551ba7e5ff8401351451797db06fe8432857ed1e747a62e3753f9d6c19a790c2cc7830903eb0f3e3003b42d3fc1f6c5aec4574f1961e46
SSDEEP

49152:1L4nj6PAOsbVz4Ocx8Yd0BoUQLhfz3PUYiwPblCcJXebQ:1L4KruVz4OUGBRQhr8zUhXebQ

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  FeStudio.Game.dll
- Size
  
  202KB
- MD5
  
  bbf5c70e488f64c342340e9bbed7bfe0
- SHA1
  
  a768e3c9d65bad3ef3d58cc955f15379e29d22d4
- SHA256
  
  7d5ee04889bbe4b3cb47e2e8a3639086106b8a99f0fd6baabc5ba11c142b81e6
- SHA512
  
  d18e7ae0b6deb3285f52fe1ac79a0f6f7410d31a83deb66996e5120c617ff83c48438d281bd7be3280ff9bf117be82557f4aa7cc9197c9c753337fe5f6c9f2ee
- SSDEEP
  
  3072:IwWxHCWtAO6awgvRYn1emzJLt5N8L23SSzHlMS93bARiN1f7yDl2ccTn1:soOagvenLlmLfRG7YUccT1
Score

1^/10
behavioral1 behavioral2
- Target
  
  Newtonsoft.Json.dll
- Size
  
  382KB
- MD5
  
  8611795b70cd1f321cb5cb5aad95ff7b
- SHA1
  
  3adf7d5b701c2ee4af9faa79c36fc724a73a1427
- SHA256
  
  cfc2edd8ee6a9e91719e493a8ee26938b59d8a2485d8bd4841fa34e9d6fef573
- SHA512
  
  1658d0dec157dcbb008bda2bc3db227d605c4ad56b853f81a8d8571bb49e8d56780c994447cbd6fa88a2bbae9985ddcb43f8bce032010674eeb78a1f1e7d9486
- SSDEEP
  
  6144:t+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzb:0Pw2PjCLe3a6Q70zb
Score

1^/10
behavioral3 behavioral4
- Target
  
  System.Net.Http.WebRequest.dll
- Size
  
  16KB
- MD5
  
  0c3e36c5203cd8aa78aaf04f10bff9f3
- SHA1
  
  6f6496babcd0ff881fadee444ac2c9e1f09eeb03
- SHA256
  
  ba078486dc7fb441393d2f8e10af911856c564d118d21c87cb65b243cda53159
- SHA512
  
  82eb39132852211cf1a20dbdd4409b23cd68cb5c47c0c75db671bb2c8b4926fbc3013712895db491f795fad0da248b23f47acc8ea489e7d444069845b426b2ff
- SSDEEP
  
  384:4Gbet1xxjQa2k1gWpYm1sMONWqJ1ae00GftpBjM2A8N:4CeXxxtjpVIPTasiC2/
Score

1^/10
behavioral5 behavioral6
- Target
  
  System.Net.Http.dll
- Size
  
  176KB
- MD5
  
  ce0a6a40bf5e81184af63e7d50f01d39
- SHA1
  
  be73c4086ee33dd838a18cd414c4eed54e0a2ea7
- SHA256
  
  fa7dc23750de4ec77a3e137f58ff31421aeaa4e10b596e02db7b1768024a4509
- SHA512
  
  ab907030e68555542359c6ace958e3be841b35ca087a509b3cdb3aad0e98328d03f7e6bc653d4ee3bfa2aebcf65f2519d5d01beaac8ef82ce8b2065a7df4e323
- SSDEEP
  
  3072:ZcLbBPuoDvWLLot2fbhTWhISam5fGBDyNAFZbRfAY/EROUv8h8:ZcRn6HVdOISaMfuQvR
Score

1^/10
behavioral7 behavioral8
- Target
  
  Tsg.Net.dll
- Size
  
  693KB
- MD5
  
  1f58902cce086dde5b2d4372ce36a3cd
- SHA1
  
  a0ab36c221e8576b0d2618ca8c7e7d541fb66406
- SHA256
  
  8991ae866d3fef244fb7587ae16ea5b8eaa9e878cdf5cd41bd1de2ef7dd5363e
- SHA512
  
  d7fe8004e3422ab65ef7f18d5194dd179b6dd3f482e482cbf6fa29360fd8ceb4cc1ae034f24349e852c9c784608699b35a4b286f9d573f9e747ddf3eca866c9e
- SSDEEP
  
  12288:XaU74V2rNIPkLdqqqquSod923W/xcB1rqxIHtzJPmxEzvVEEoyFFp/j4PbltS3jv:Xai4crBdqqqquvd9CWCB1uuH9JPmTgq0
Score

1^/10
behavioral10 behavioral9
- Target
  
  Tsg.Vip.exe
- Size
  
  908KB
- MD5
  
  6141038eb5e98713b40bdada6189ecf5
- SHA1
  
  d64be40cf41b2230d7ec37561327f0989545a70f
- SHA256
  
  1e90b026a38dcd36d0c87394e87eb879cbbd1976dd84621d6b084678b7efd83e
- SHA512
  
  d2f1c96bb276edc777fd2b4c2da95ad94001a6a34ffc7b3c52638c7155dddab9471509d16038bbbf4068ad5ba20ef9f8a8617a112e26b2a8f4ed59ebd4a2bdf8
- SSDEEP
  
  24576:miXOGMIuyLvlk2xKu7FeiA8NNRPI9xer:nfqEKgFeirNnP/r
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  ԰.url
- Size
  
  168B
- MD5
  
  ff1050dbffd353fcf1b33e1b98c46a43
- SHA1
  
  84d1da117d9fa9adb5092180f945288f6bd350c4
- SHA256
  
  264ced769e31afc066f90002420c4c52fae622a340483e35d149e3db836ed3d5
- SHA512
  
  590bfca4916ac3b2cd4898d67fee017d5ba2b3129bfee51ba79bcbb04d1a593af28cd0724ee9f9bac75de8efe2bfbd9e15a086cece1b8ca47b64a70151db7f2c
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

discoveryevasion

behavioral12

discoveryevasion

behavioral13

behavioral14