39ec76a40c9ca23930ef6191263e8b613d7cf2280cc1371dc9ee3b6ea7827d24 | Triage

Sharing

General

Target

fb927b747d772358d69e9e8cc154427c_JaffaCakes118
Size

4.0MB
Sample

241218-pvz4rsyrat
MD5

fb927b747d772358d69e9e8cc154427c
SHA1

0c65b72cccbfd7cadd40e87fb50ca93a02576d06
SHA256

39ec76a40c9ca23930ef6191263e8b613d7cf2280cc1371dc9ee3b6ea7827d24
SHA512

5419f1ba274bf0dfcb26de989fffffac68f53920cb4f7e8ae39309a5b701523a3ec5c5440322eb7db3063701be1ac1e5aec359a5c8f443dc1d28d5e024225303
SSDEEP

98304:M2oUe0wp73HFfpQrVqFFyYKPAUkQgTcbmDb9N4DmyHFX3hnRJw1gX1r+:DoUkBHFf+cUkF93j4DXFnZRJci+

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  MSS32.DLL
- Size
  
  957KB
- MD5
  
  01c14c4c2b8568a3e8d2004c5930fed7
- SHA1
  
  57ca5229b6c233d407061ec1f038da34b07bdf8c
- SHA256
  
  a0ef00858d423763fa4aec6d0afa6cc9d9ebccf15717d183419f850402f2b546
- SHA512
  
  ba2395e97acf7acaf8d840b408901f0547b2c164a262e56767cea2422dd8948c6613193c3b109d776200d36d57a0f800cc0f6462d602a389ffced9e450ac4400
- SSDEEP
  
  24576:5BBCQFgtnGyfZ1ybM0OPj9RFPGEHouQOnYsdW1CJEx3:PBCGgtGMgM/FPGa/vnYsdW1uEx3
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  granny2.dll
- Size
  
  361KB
- MD5
  
  866e2e50c531d6121023488b2f13a16b
- SHA1
  
  303d6410dd8341e49a7321de446fb7237eeabdf2
- SHA256
  
  0f6b80bbdb68e2990e01730dee9cd26440e71fb374f296974d63c50e9497e932
- SHA512
  
  d38a745ded38d69e2d602cc15809b9f4664dd2e40ca75d5b478c0d7e9e5f4b8c5dcbe61137fe11e9c289f003fa56c68f075fcd7c9ddc1cf9c2338637d45a3d6d
- SSDEEP
  
  6144:3LrmxvIvVP1+aS3MxRVBz46dXc5W2D91QPGEs29h:HmxYu3uRVRVs5VhWh
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  lib/Libido.pyc
- Size
  
  26KB
- MD5
  
  e5112b56b47b5d0e7b4280e8fb1c852c
- SHA1
  
  3840a85041e10d445651df388e8e225f13a90afb
- SHA256
  
  4f6493d6f09f7cc7d3b8964bb08c6f957754fbace85e0aabb4bff34e2d843886
- SHA512
  
  fa618a7becfb68ff8170155d6acf4f2878587c63026b5ce0c14a603179d1598031c2665d9fd55964813b24338d005fa68832445f67b81a8f3684dc66d489f3e9
- SSDEEP
  
  768:WLuVaTW373Y59hN2TE1yOvHYZ05zh6bbcK:gP0L4hNOE1yOvH4uicK
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  lib/UserDict.pyc
- Size
  
  5KB
- MD5
  
  1761dd489ab354134165190428f8fbf6
- SHA1
  
  68a18a42e408e81b75a74695576051dd610a0a04
- SHA256
  
  0a768d5dde7df1b8b76f3f7d4e95f9c3038b650a5c8afed78b56ff6777ad5877
- SHA512
  
  c49cd7d3944b73e2dbf6597ede808509f7a189f081eda5e29ba0190bc38cc1d536d52d7bd86883921f431d0b5bac21d37724c0efe99cd5c4de0ea6939ea2a5b2
- SSDEEP
  
  96:mxTWMX5tj9bDfnlSkT6mF5dS5RKBHrew+rMMx4bkCU:wqMJtjdDPlfT3S5RKBHre5x4bkCU
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  lib/__future__.pyc
- Size
  
  3KB
- MD5
  
  02466c5102c7297f86a35b80d42cd991
- SHA1
  
  1ab83f706eb7350cc6d4d63f9d3a6dedd1a22873
- SHA256
  
  8802b4115f2896096133c51a4764bb2e8ecc189428ddd903e1f2d1c79fc32d48
- SHA512
  
  abf21a7322bb6d2153c6636c4de1997601ae71ebc3b4f4295ddc071a80f261e35767e620ea18c9daadfec2c57ac543a131aaf97991190f6e2542bdd3bd61f5d1
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  lib/_socket.pyd
- Size
  
  44KB
- MD5
  
  277ecbc077d976204f19f1bd0882d5b9
- SHA1
  
  79a99d75615844496d13c37e19af703a13d3efef
- SHA256
  
  7e9b1eccc0ff7f44f793bd8a5aa50d2923473fc4ccb043130549a2a4d1051e47
- SHA512
  
  d4413f15f40dd704f1e57c1ac90771470e1d2ce607fb183d1908923157b4b0eddaa4154792627a6e336dca7debc9ed18bffd197bd12544dca687bc953fd4c8b1
- SSDEEP
  
  768:oklsvZsx92fmrl35ofhnCtMZgHsBIvALA6:ok2vZw92M35ofQAes
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  lib/_sre.pyc
- Size
  
  14KB
- MD5
  
  91eceaa966c4d48a0f030e837e4ed5cc
- SHA1
  
  6c1fbb0c07494650b8c01171ada1cd8c1bfc8f7e
- SHA256
  
  e02bd24250eaf24b88c4eda40f79a9114572d1ced2da473d9b51de3ede6958b2
- SHA512
  
  a2ed0abe510f81a010d1339509b66322daed98ba70043250af432eaa23271e9984a031be977b1561bd02aa28c58b730cf5581b0afb316a0a864188c2e41b216a
- SSDEEP
  
  192:Wip5uPjiD4ROAQeHrG2EWawz0iWCxpy5fK/UPLhYXfptLJbvCW/r1uLlVPOkQ8QE:5p5uP+DkLihiMjG1Ols2R88L
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  lib/_sre.pyd
- Size
  
  52KB
- MD5
  
  15d39b821e19c255a16c9ce1614edecb
- SHA1
  
  081a260fb71ef6b23b947c42d5c10896970b2cba
- SHA256
  
  14874d8efeed98feaa5449db5c7b5c0ca4d5ae6bcf91ac0efae6ab8fb8710218
- SHA512
  
  15d490ee76e16e1a34ef769227a5d7e587e7474594eccae26a7a46d25c77038f29d35140bdf5d2bfcb07a1a65d7783a34f04f4c798398d9df45e3e6b771c157e
- SSDEEP
  
  1536:dFENazkFByBPSkBHzjCEG5FXBFBXQqBSBViteJKat/t6ymByR:bENazkFByBPSkBTjCl5FXBFBX7BSBYtG
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  lib/copy_reg.pyc
- Size
  
  2KB
- MD5
  
  dd30745c8cade086fadb51b38ac23f6d
- SHA1
  
  3b15cc32663113a32074fb2e07a7aa7ab3b01458
- SHA256
  
  b439ddd80008eafc91ead4eb876c930cfd3f91af8c43505624fb2ffbbc7f6de8
- SHA512
  
  e644a59b8587a961d3435bd194a5386da1e4329008547a8e475b3809595750609a57fdcec8477863e08020275bfd28d2ee2612b2632021a0c344721423fa2e57
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  lib/httplib.pyc
- Size
  
  41KB
- MD5
  
  7dbed0981e4fb5ff105e0b1c3e5f9323
- SHA1
  
  b721f97b3d6cc3f3287d05ccacc02791b1760294
- SHA256
  
  c73d00b6f3d688259305e883292e7ba4bcbdc16cebc59454432ad28d9b9fd15f
- SHA512
  
  4a8833e3408d78df8b134b0b66639f79706bec3d4aa069b982cc3c305ca47e97e1d817bb640d3ba669866b80677dbe232d0d5eac136b36d29554c1c223e2a8ec
- SSDEEP
  
  768:EG3s58f2mOfVDUGJUdusYHDBXTKdV0DWyrBK/yxYD+QbUsOIabhcOuJ/S:EG3CmuDlJUdZYHDBDKdV0CyrfxrE3onL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  lib/inf.pyc
- Size
  
  1B
- MD5
  
  c4ca4238a0b923820dcc509a6f75849b
- SHA1
  
  356a192b7913b04c54574d18c28d46e6395428ab
- SHA256
  
  6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
- SHA512
  
  4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  lib/linecache.pyc
- Size
  
  3KB
- MD5
  
  267732ad69e101b0993959e3e881cb1d
- SHA1
  
  5528c6e14eeef47af5621179de751932f622d671
- SHA256
  
  6f1e8eeb778cf9df356a8e0f8671f2b56897953bea1c77848585572ecaeac79d
- SHA512
  
  0de0fb2b5387980a47435944d771a9cac5e1697b739621020f993715b41f42e6090068c82b279417ef38d7e2272cf64fa4a18f8be3cd69a2dee351a6ca58ade0
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  lib/mimetools.pyc
- Size
  
  8KB
- MD5
  
  a7cbb38e9c619c3a0c10dfed82942cec
- SHA1
  
  b8c04642f1755ec9ffae47b2dc9598063b6e5a4e
- SHA256
  
  510a28ca5c46f289617b421ce42c49bb46f5150e9cbc5baac6c636fb29fd72ee
- SHA512
  
  3b42e2e4d4fff6944e17206a4beebe3d6eb5d43fb267e5c8923ad6fac2d0ca55d276a9d22a71c64cf706eac56a462c89e5bc2ed2b97246d36a183e2ffb2b24ef
- SSDEEP
  
  192:GNk+Ykczbn+kvoAEgcIez61wIBGL42tK/20YHJg:5+Ykczbn+kAdbIez6qIBK42tK+0YHJg
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  lib/ntpath.pyc
- Size
  
  13KB
- MD5
  
  e5d99efbf612906aa70335265b51282e
- SHA1
  
  897bdc2323c946f8478fc0b3b5936a227fafaa55
- SHA256
  
  e10d48bd12451d61c4a1a81660513ad2a7502c8d4c9be6619f45975e4150b420
- SHA512
  
  ed5e42c7f1fbf132ec874a87f80c20b7b154caba5843d0bd5059a8fc1f31ecbf7e23ae809890e4f9a18a2cf32d9672505503ca824635ec3b622eaba2fed78c78
- SSDEEP
  
  384:XFOBBBf3KC904OuN19IlGWz7yWS0YrdZ+O1PxMB5rK8gjV:w7l3WvuN19IlGW/yWSZjRxMHuL
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  lib/nturl2path.pyc
- Size
  
  2KB
- MD5
  
  dc348410402b59be9ad0e54c1c2bf553
- SHA1
  
  7a111bc515a7a7991085e2e1fc3698c2b8b7b9fa
- SHA256
  
  63c173fb4cca0dbe043c2a097af125513954e844802d291cdebf7b4b9092cd87
- SHA512
  
  b64f3a0cc930018e7498c2419f0a0e49691ee1f8df106f7bf105729f24c8f82b8db4d3dd165d2ddc9d0443bbc69f1d1573ab1d2c03b0d556ddb84884db1c4462
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  lib/os.pyc
- Size
  
  23KB
- MD5
  
  2e34b81cabfe5d0a88d6cd8d8733a582
- SHA1
  
  1ec0112301bb9b4439682f50d5a6dbd096239c26
- SHA256
  
  27722ffe85c9f31eded94ee409d527dae21a45b958db236a4544b6be644b7517
- SHA512
  
  f61b6c11be1782c48be39165ad82560960d536a63f6959d306626ddc62d4a7ebcf46ba49779dec14df7c1e18853485df955ac8668889d6e4c27780d83d466623
- SSDEEP
  
  384:EfV3QmcQEDFqJyKVPJPumFJ9ZKUyQp75r5lCB8LFDsL+LnwL+GLsHL1LfGLGGLqD:EtynD2NxeUhd5r5gB8LVsL+LwLhLsHLn
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32