5e5bb6ddf3de647147535d087e9e494f322ed0d7efc681883bd835c5e9efaa67 | Triage

Sharing

General

Target

b413ccc7aaaaa63efccf395fa943ec34_JaffaCakes118
Size

19.1MB
Sample

241129-3p28tssmez
MD5

b413ccc7aaaaa63efccf395fa943ec34
SHA1

8139d2089b10e6c2722af67750a48c9f7b7d0f43
SHA256

5e5bb6ddf3de647147535d087e9e494f322ed0d7efc681883bd835c5e9efaa67
SHA512

088b41b2744c4952588693bbed1a6aa71d0cc70b6f7e8af10ba4b8bebce9660c2de2d9f97ec19a768681ffa10b24aadaa700fb81f43679da50e5cbdce7fb5fa6
SSDEEP

393216:snSiX0lYHaq1Y28su71FX+b6VqlhtpZinHZdMv9xU+o7thb:s0Ia4R7up9+b6g0HrMFbo7tt

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  qq_pinyin_4.4_Dsn.exe
- Size
  
  19.1MB
- MD5
  
  7e83a7da7d93a75887e6cc8b3c123364
- SHA1
  
  7d53c0ac037aaf9e22bb35b7145395bb70b44048
- SHA256
  
  147587b99acf08db4860477df77e616ebaab9d787befba40f006de1f6e2fa8c1
- SHA512
  
  62e11091f2fbd0ea2e4df3cbaba403f5f6e98f352dddbd23c2c48a703e448da23aa1195cfaa29819f878a49bf639c3b596ff61374921c5c76ad6922c2fb50acf
- SSDEEP
  
  393216:SjyiTyX6JKqpmiIQk/hJ5wngRINfzllQuBSgdr54R99sIoZF/O:ey8KGpbkpjwng0k6t4LdoZFW
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $TEMP/TXSSO/InstTXSSOHelper.dll
- Size
  
  121KB
- MD5
  
  13fafbb1918109a41cae67974ebce678
- SHA1
  
  ea54fcebd1a4ca23c522b5c6a5832f6a4235fc9f
- SHA256
  
  3bde28956c26066e5dd3fe2cbf8d9db25b712ccf135408ded9a6a2c84c29b3f9
- SHA512
  
  c4ddf25af7219b88dc955a525e0586cffd3139887c948ae0a611e058f095d22ac5045af97fbc1f6807e61326d41f1280dc495b46a8bb9a9f41ebb20b3bcccf3f
- SSDEEP
  
  1536:cP7ObS2PQXHbRKsQj0eZk3Jk8YTOj3jhs9hrsKX8mkRTfS3wwtXd+IBa7CH:QQnGbRSrkDYnrsAkRTfS3wwtXd+zO
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/TXSSO/InstTXSSO_LUI.exe
- Size
  
  93KB
- MD5
  
  a51f9528bc96abfff4b56a431db260aa
- SHA1
  
  8c1306bf338753e78229d36a1984a3b7c4ac84dd
- SHA256
  
  54e999edf7f68c088cf6cfc443a30f807af13b7c5924b5810a037db6dffbcc04
- SHA512
  
  b07a9dffd569bcb54a46dad46f1d87108dd114c3f03be261adf7172af13977fbd77575961abc65effa284f2ae6a524cccafc1b451aad6b88b4f4a44df19e756c
- SSDEEP
  
  1536:EduQeTTqrIqUWfOlFcv+LFcbgEbQ8hQ081/DvT5pWrbTpRwDT9t5D6a7Cf:EtefSw/Eb9YarbTpRwDT9t5DDm
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/TXSSO/bin/SSOCommon.dll
- Size
  
  1.4MB
- MD5
  
  0af22e9b8a536df9753a7bcc5b504e7c
- SHA1
  
  cef2938f92c360da8824a738a356a5bc8254ba5d
- SHA256
  
  7c581c56de69795712bbe1047d3460cbc6473a76a120c791db3f10b3a1be311f
- SHA512
  
  c3d57d5e03e8ac58bdc882c5e26996b88f6df7fe98b5ca2191615e7c905bfc01ec0a5420e774ec0682689fc6a664d12e599ad15086ac90504fc630d2c75a9d3c
- SSDEEP
  
  24576:LdKO/Je3nexJqdlCY1eeCfmEIEBcWpriVgRAeLpCuhXYTULkIKVj61:Lo6e3exJqyPmEIa31RrCuhoT+kIY61
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/TXSSO/bin/SSOLUIControl.dll
- Size
  
  457KB
- MD5
  
  f5470c86af0b482a7bc7e8e76233adff
- SHA1
  
  c795d1f0ef9a3e7c1fc863c306745ead176fb65b
- SHA256
  
  a2f1b7bb15f8f10ee07dbb942e9a8bc2470719e378b4e7097b4e971b2ae08a40
- SHA512
  
  fca27b668b1386b12cf6a760a4241380ba4b0b7daf78dd2a99464df07a4b6ce352a32a03c87234eb928ab280efb31be5e501e6f9c1583e0711f60bc53f1364cd
- SSDEEP
  
  6144:JIVO4yj4QWfV3OoS6bL5IgVyUYcd8MohAynAlpeLlLGM3STc:2VOhrWfV3AgVyUTd8m4l3STc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/TXSSO/bin/SSOPlatform.dll
- Size
  
  573KB
- MD5
  
  f2e1a75c9b36676d26895322f333989e
- SHA1
  
  ce9a41d6ce292e0a5b3f6e4f1c636de78fc28672
- SHA256
  
  2f9bb964b9466d991183966627c7453b1910d82f4cb67c0dc87a5b6fc81be1c6
- SHA512
  
  8650b61ac4f4a39dbf1e5406379cac7d9e85d5a2fcadbbac05b9fd09df491d4bf19d772e6d3aba7b21d9cf11f4300696cbade9dad8c4a3eda5f790b5b66cccb2
- SSDEEP
  
  6144:wjCCeey0t0orqOWsrtlVNQNZZVZzuGWmmW2xKcCWnTxytf1nqZBNLwZGv6H2n/KK:d0dtBYCjNQNZZZmNBTxy4/C2jTTd
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  4.4.1105.400/QQImeRegDict.exe
- Size
  
  265KB
- MD5
  
  86b494b9a2ad5094ae17a0ff19b98231
- SHA1
  
  2a7987697a63a882ffcbff01e30f7974f51ea502
- SHA256
  
  b30b628e09f5e7349ba40565abeaed93d40ac0f35c29b91eaf20c6333e27ddf7
- SHA512
  
  fe930fc5c0b3b73d1ba7f31d2b6169268e3129784f3080de5672de94e966d319b03c4979e5c68d5c5f656cf90d19c04da29a1ce0803e1d3e0ee83278d698e773
- SSDEEP
  
  3072:V71L2VDs42bkFeFRdM1YFpkNMtEMZ/O1Gal+56gY+LWCQl/K6Gf0We:pIhsfbxfdM1Ok/8O1+56qCMpe
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  4.4.1105.400/QQImeRegSkin.exe
- Size
  
  169KB
- MD5
  
  b2051c1dd877bb917a99cb676dffe0df
- SHA1
  
  fa381dc2c340d69f98e000eadb0fbb8fa280d57a
- SHA256
  
  c0a3dd7ae0aafeca488433527358c0fada826bfd39b34e0dd484fe6bff1dbc44
- SHA512
  
  3c2f59e9fab65419169cc95fc4759dc0992b77fd95587ef870146304baf18b080acc077bc51690d2b3a98709cb5228503ffc1a6eefc068fb53a83e54c2047641
- SSDEEP
  
  3072:Dk3Wxi0W8GaRkkMMblCAxE/dMS4t1XPoCbP:VeayjMblgdMdXAyP
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  4.4.1105.400/QQImeUtil.dll
- Size
  
  1.1MB
- MD5
  
  e57e7c294ad2c82b1734e4a53ac4eed8
- SHA1
  
  c9c67a0f7c285ae3ae00776d5b43968b3257ee31
- SHA256
  
  173c368eed280282bd88d6541112f87d9e010228a3eb3f82299fc44d4bde1122
- SHA512
  
  dcc8e0bf0397a29f4c031eb88f3b7a253c25b0371787eae165a82d420fc52c3ac5f1e12e87a6cf09e3122c59e51f9172f63a761096e42d1ca9f7aa963b870af3
- SSDEEP
  
  24576:cYV1ExcDVYX4+eTmHyc1HWpvdED8WmMOJSZ73JmTgIfTA4256LYa4Vs:3Exc7/iyymKNAgcTAP56Lb4Vs
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  4.4.1105.400/QQImeUtil.exe
- Size
  
  105KB
- MD5
  
  314cc11177c257767eb951c800eed2ef
- SHA1
  
  2e9e4476666eba914ae25fd513dba75c411c5a8e
- SHA256
  
  a16006a0ed8318fac27673fc487766862da3f26b6fa8813afb8821704ddf123c
- SHA512
  
  b9fcec5c00302197d0da415ebaab490445ba8487805ed6c7c3f69dda2e1c854f3286d8628918eb3b8a9b540d354ba787f20e31580d84b9b6f9ad7dd6ac4f9541
- SSDEEP
  
  1536:4HK/XPA5gQoC8fIbz63ZTexBU/kIUbgA6N/tq72da7CaA:4q/MSpAbGTe2Aq/tqio1A
Score

8^/10

discovery exploit
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral21 behavioral22
- Target
  
  4.4.1105.400/QQImeUtil_x64.dll
- Size
  
  1.4MB
- MD5
  
  9b73fe1cfb9a2e3860217eed204a0941
- SHA1
  
  5e111ec84afb14b856d1e7c9616b6496f27046a8
- SHA256
  
  43dcc1e64e05dc490830f1b8ce0668c72f0f66ce8e9d1b546dfae89c42f96b09
- SHA512
  
  7767fe17db30498aae0e20c09871012637b323395b2f9960e62706f2c7e884f2d65fd45055592bdf7725b626dbea1de80b094b53f176079201a32ff749c2ccba
- SSDEEP
  
  24576:QrsPuwJ8UI2/UW6mHuMs0xd08cv+DLP5qQYbo7atSo0Tw4T8ViP6256LBk:QrsPu08UIV6HuvQdHc2WSo0TnTvF56L2
Score

1^/10
behavioral23 behavioral24
- Target
  
  4.4.1105.400/QQPYCloud.exe
- Size
  
  417KB
- MD5
  
  f44c6ffc4e081d8b38130f0d981466b0
- SHA1
  
  d9c934d7b58f2475c3e5644799f79e1031a42f3b
- SHA256
  
  a5fef123e8cf53e2bc726c39ae81f56e086c06ac6da0bd3f1718e698780ddf08
- SHA512
  
  3599ad717af8d19e5c34d54c8e184c8d1d6db268d0093c1d790dbdfdcae89a8bb31a0082287132e847acaa1ccb80cec0c8e217e53b05abf4b9be0bf807f8fd29
- SSDEEP
  
  6144:ZHOBeBJ6hrZ+CaKal5pZgb9ffrYH9N8vlmR/753lW44k6rB/3K/EoM:Z5r6hrZSKs49fG9N8vlmRD1Yt0M
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  4.4.1105.400/QQPYConfig.exe
- Size
  
  3.3MB
- MD5
  
  fa81c01cbbcc8aecd8b3e8618d2fa46c
- SHA1
  
  f3f90478e1098dedcdd7749767a9452babc4c785
- SHA256
  
  da58b6dc83d6fc31826e26d38c3640844fcf72b317a0ae0e5dff7fe8e48e9e71
- SHA512
  
  19a5b475ec08b4cd0865a8e27d75ab5c9fc3b65797505114b62e0d59381331bc3e95862007bbd8c71c17af1aab69054b6c38fd4299e131bf47dbd4b58f555388
- SSDEEP
  
  24576:2nOEP/nh9Rh3XgiZs49U6kQ6dwhzem5DXHpudb/jCi+jfatlT4XWRkcmYcj3BahD:w9vJClT5wPBtYpeqwoKm0e3TU153xyyk
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  4.4.1105.400/QQPYFace.exe
- Size
  
  1.0MB
- MD5
  
  e31c51d2912eea3336a3b676276e6b3e
- SHA1
  
  633f356011b75e010a380fdba4518b39ddb33c76
- SHA256
  
  c0210a6131e8c4dbea7a7b471cd9e965f20b9fd7d8ecbe60cacfa92ba1de4f8b
- SHA512
  
  2bb6b4bfebf2cbe9b8e2c9f06938c9a55cf90ba59e2e4a702d50f1acde3aeedae19de4e2cf21dd8430525a29e77d5d6da06d6babc6e8cf819560d8a7e8df0c56
- SSDEEP
  
  12288:hb/xJ2l41lfWcS87IsEeVEPQBSNBocoYBr21gLtV4u2SNWTsmcUwiNMF:FZY+1lV7I0tUzRrTWSNWTCiyF
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  4.4.1105.400/QQPYHandInput.exe
- Size
  
  1.1MB
- MD5
  
  b546a486760dc9ae0ba67a74516b2d66
- SHA1
  
  9ed669a30ed532a585950f08100dadef4d27a39b
- SHA256
  
  22da1bd813c2e6399e3017989d8967549de0135cc6f49e93f4f686821e5ae3e0
- SHA512
  
  9c103e55d33d444eb7b9ca71825e2a079375b554b2a7de783619f0065ba8a921eb115930afe95191a5a7cc86173ab993c181ad3bd72d9527b91f47cba3237ffa
- SSDEEP
  
  24576:GmgBfAXrIxvi35PyKTvaJKUlpKw04rOnXYThJdyZc:GmWgKqjTvuy4eIThbEc
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoveryexploit

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32