cb0506d38054e09204e9b28ac1c03d32a19874037e7814bf1d77f835dbe7d162 | Triage

Sharing

General

Target

55fbfe51bb8a992a4538a3b1d60479ae_JaffaCakes118
Size

690KB
Sample

241018-herdcsvhjr
MD5

55fbfe51bb8a992a4538a3b1d60479ae
SHA1

36b8ccca14446efc2a6af9815b86b5bd05a22d55
SHA256

cb0506d38054e09204e9b28ac1c03d32a19874037e7814bf1d77f835dbe7d162
SHA512

02633a0ecc1a6c8cb5e5da3263e8b9744ae3f766bca30d3a9e5e521ed94741ad5a96ef7efe399aeeeb9115c7365970df6a7acc85d872516d8cd73f70faa9e3fd
SSDEEP

12288:x4NmKW/rth3Nrqy5DJW+8bFrV/ELEjzvaP1aYfTvb5J4CCGbFX:bXEy5DMDh/VjraEYLvb5PNX

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  IPRadar.exe
- Size
  
  872KB
- MD5
  
  8d984c91b9a51fdd476c189214943aa3
- SHA1
  
  6d7bf92c0513ac017c5a5ad71d11852092639bfc
- SHA256
  
  afa31c0835ba42c1950d62cd84dad05f5a2586364e2dc4b8405a571cb6e5d10e
- SHA512
  
  47d2b97653b7acef05694a52d27524ed0b765a20ba3814e3abe1bcc38f3c2209ce4c313708d72270d0cd1563f99b5c929fbd7501ea3957420e73908a17f90d83
- SSDEEP
  
  24576:Hy/E8Cx5Ko7i7iPyt15iBkCABeSS9QF8KV3GcIAF:Hy/bCx5Kom2a
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  xiprad.dll
- Size
  
  123KB
- MD5
  
  425274308082094393d3cf500e180044
- SHA1
  
  e6a648086281f1a15b114d205a2673b829191de3
- SHA256
  
  a85b273a6b8fb319dafd312c89e716f32af4bc97716c16d4a7fa667e6e4ba23e
- SHA512
  
  56b699276d5605b17594482f93635e40a699b40b753646a96ec1c8c40d289fd8ff07b2f70a1ad9255dc37131e2f7cdab1dc217423b56e43f74c89b47d5283bfa
- SSDEEP
  
  1536:4tnLIvWGuOcmZYS9DiZRyLLNLns/Sku4KrvKRNwegI5+2fR:OLAz4yYSdiZRytTsOvKRNXgI5jf
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  xutil.dll
- Size
  
  237KB
- MD5
  
  1eafc1c2e7e0a52d8e3f2088b446f95c
- SHA1
  
  38417962fb4933426247258efd8f992c0d6d1cf4
- SHA256
  
  11ee24c09a6d93d7356faa1ae4172875dcdebe885fb9cbde1d9a2e0132acec91
- SHA512
  
  8a54084546db069455427d50bb01f1d65671937e3d6be6876a3ff8c7cb8222b61d251483c8c1c7efb66a911d0057d20695f40226f80151c6568380dcbc119913
- SSDEEP
  
  6144:NfHKrfzP2kNKaQ1R4YfbMUXTdDOaO4LUUJnhRPpq:NHKrfzP2kG51XTEaO4LUUJnhRP
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6