General

  • Target

    fb927b747d772358d69e9e8cc154427c_JaffaCakes118

  • Size

    4.0MB

  • Sample

    241218-pvz4rsyrat

  • MD5

    fb927b747d772358d69e9e8cc154427c

  • SHA1

    0c65b72cccbfd7cadd40e87fb50ca93a02576d06

  • SHA256

    39ec76a40c9ca23930ef6191263e8b613d7cf2280cc1371dc9ee3b6ea7827d24

  • SHA512

    5419f1ba274bf0dfcb26de989fffffac68f53920cb4f7e8ae39309a5b701523a3ec5c5440322eb7db3063701be1ac1e5aec359a5c8f443dc1d28d5e024225303

  • SSDEEP

    98304:M2oUe0wp73HFfpQrVqFFyYKPAUkQgTcbmDb9N4DmyHFX3hnRJw1gX1r+:DoUkBHFf+cUkF93j4DXFnZRJci+

Score
9/10

Malware Config

Targets

    • Target

      MSS32.DLL

    • Size

      957KB

    • MD5

      01c14c4c2b8568a3e8d2004c5930fed7

    • SHA1

      57ca5229b6c233d407061ec1f038da34b07bdf8c

    • SHA256

      a0ef00858d423763fa4aec6d0afa6cc9d9ebccf15717d183419f850402f2b546

    • SHA512

      ba2395e97acf7acaf8d840b408901f0547b2c164a262e56767cea2422dd8948c6613193c3b109d776200d36d57a0f800cc0f6462d602a389ffced9e450ac4400

    • SSDEEP

      24576:5BBCQFgtnGyfZ1ybM0OPj9RFPGEHouQOnYsdW1CJEx3:PBCGgtGMgM/FPGa/vnYsdW1uEx3

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      granny2.dll

    • Size

      361KB

    • MD5

      866e2e50c531d6121023488b2f13a16b

    • SHA1

      303d6410dd8341e49a7321de446fb7237eeabdf2

    • SHA256

      0f6b80bbdb68e2990e01730dee9cd26440e71fb374f296974d63c50e9497e932

    • SHA512

      d38a745ded38d69e2d602cc15809b9f4664dd2e40ca75d5b478c0d7e9e5f4b8c5dcbe61137fe11e9c289f003fa56c68f075fcd7c9ddc1cf9c2338637d45a3d6d

    • SSDEEP

      6144:3LrmxvIvVP1+aS3MxRVBz46dXc5W2D91QPGEs29h:HmxYu3uRVRVs5VhWh

    Score
    3/10
    • Target

      lib/Libido.pyc

    • Size

      26KB

    • MD5

      e5112b56b47b5d0e7b4280e8fb1c852c

    • SHA1

      3840a85041e10d445651df388e8e225f13a90afb

    • SHA256

      4f6493d6f09f7cc7d3b8964bb08c6f957754fbace85e0aabb4bff34e2d843886

    • SHA512

      fa618a7becfb68ff8170155d6acf4f2878587c63026b5ce0c14a603179d1598031c2665d9fd55964813b24338d005fa68832445f67b81a8f3684dc66d489f3e9

    • SSDEEP

      768:WLuVaTW373Y59hN2TE1yOvHYZ05zh6bbcK:gP0L4hNOE1yOvH4uicK

    Score
    3/10
    • Target

      lib/UserDict.pyc

    • Size

      5KB

    • MD5

      1761dd489ab354134165190428f8fbf6

    • SHA1

      68a18a42e408e81b75a74695576051dd610a0a04

    • SHA256

      0a768d5dde7df1b8b76f3f7d4e95f9c3038b650a5c8afed78b56ff6777ad5877

    • SHA512

      c49cd7d3944b73e2dbf6597ede808509f7a189f081eda5e29ba0190bc38cc1d536d52d7bd86883921f431d0b5bac21d37724c0efe99cd5c4de0ea6939ea2a5b2

    • SSDEEP

      96:mxTWMX5tj9bDfnlSkT6mF5dS5RKBHrew+rMMx4bkCU:wqMJtjdDPlfT3S5RKBHre5x4bkCU

    Score
    3/10
    • Target

      lib/__future__.pyc

    • Size

      3KB

    • MD5

      02466c5102c7297f86a35b80d42cd991

    • SHA1

      1ab83f706eb7350cc6d4d63f9d3a6dedd1a22873

    • SHA256

      8802b4115f2896096133c51a4764bb2e8ecc189428ddd903e1f2d1c79fc32d48

    • SHA512

      abf21a7322bb6d2153c6636c4de1997601ae71ebc3b4f4295ddc071a80f261e35767e620ea18c9daadfec2c57ac543a131aaf97991190f6e2542bdd3bd61f5d1

    Score
    3/10
    • Target

      lib/_socket.pyd

    • Size

      44KB

    • MD5

      277ecbc077d976204f19f1bd0882d5b9

    • SHA1

      79a99d75615844496d13c37e19af703a13d3efef

    • SHA256

      7e9b1eccc0ff7f44f793bd8a5aa50d2923473fc4ccb043130549a2a4d1051e47

    • SHA512

      d4413f15f40dd704f1e57c1ac90771470e1d2ce607fb183d1908923157b4b0eddaa4154792627a6e336dca7debc9ed18bffd197bd12544dca687bc953fd4c8b1

    • SSDEEP

      768:oklsvZsx92fmrl35ofhnCtMZgHsBIvALA6:ok2vZw92M35ofQAes

    Score
    3/10
    • Target

      lib/_sre.pyc

    • Size

      14KB

    • MD5

      91eceaa966c4d48a0f030e837e4ed5cc

    • SHA1

      6c1fbb0c07494650b8c01171ada1cd8c1bfc8f7e

    • SHA256

      e02bd24250eaf24b88c4eda40f79a9114572d1ced2da473d9b51de3ede6958b2

    • SHA512

      a2ed0abe510f81a010d1339509b66322daed98ba70043250af432eaa23271e9984a031be977b1561bd02aa28c58b730cf5581b0afb316a0a864188c2e41b216a

    • SSDEEP

      192:Wip5uPjiD4ROAQeHrG2EWawz0iWCxpy5fK/UPLhYXfptLJbvCW/r1uLlVPOkQ8QE:5p5uP+DkLihiMjG1Ols2R88L

    Score
    3/10
    • Target

      lib/_sre.pyd

    • Size

      52KB

    • MD5

      15d39b821e19c255a16c9ce1614edecb

    • SHA1

      081a260fb71ef6b23b947c42d5c10896970b2cba

    • SHA256

      14874d8efeed98feaa5449db5c7b5c0ca4d5ae6bcf91ac0efae6ab8fb8710218

    • SHA512

      15d490ee76e16e1a34ef769227a5d7e587e7474594eccae26a7a46d25c77038f29d35140bdf5d2bfcb07a1a65d7783a34f04f4c798398d9df45e3e6b771c157e

    • SSDEEP

      1536:dFENazkFByBPSkBHzjCEG5FXBFBXQqBSBViteJKat/t6ymByR:bENazkFByBPSkBTjCl5FXBFBX7BSBYtG

    Score
    3/10
    • Target

      lib/copy_reg.pyc

    • Size

      2KB

    • MD5

      dd30745c8cade086fadb51b38ac23f6d

    • SHA1

      3b15cc32663113a32074fb2e07a7aa7ab3b01458

    • SHA256

      b439ddd80008eafc91ead4eb876c930cfd3f91af8c43505624fb2ffbbc7f6de8

    • SHA512

      e644a59b8587a961d3435bd194a5386da1e4329008547a8e475b3809595750609a57fdcec8477863e08020275bfd28d2ee2612b2632021a0c344721423fa2e57

    Score
    3/10
    • Target

      lib/httplib.pyc

    • Size

      41KB

    • MD5

      7dbed0981e4fb5ff105e0b1c3e5f9323

    • SHA1

      b721f97b3d6cc3f3287d05ccacc02791b1760294

    • SHA256

      c73d00b6f3d688259305e883292e7ba4bcbdc16cebc59454432ad28d9b9fd15f

    • SHA512

      4a8833e3408d78df8b134b0b66639f79706bec3d4aa069b982cc3c305ca47e97e1d817bb640d3ba669866b80677dbe232d0d5eac136b36d29554c1c223e2a8ec

    • SSDEEP

      768:EG3s58f2mOfVDUGJUdusYHDBXTKdV0DWyrBK/yxYD+QbUsOIabhcOuJ/S:EG3CmuDlJUdZYHDBDKdV0CyrfxrE3onL

    Score
    3/10
    • Target

      lib/inf.pyc

    • Size

      1B

    • MD5

      c4ca4238a0b923820dcc509a6f75849b

    • SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

    • SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    • SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Score
    3/10
    • Target

      lib/linecache.pyc

    • Size

      3KB

    • MD5

      267732ad69e101b0993959e3e881cb1d

    • SHA1

      5528c6e14eeef47af5621179de751932f622d671

    • SHA256

      6f1e8eeb778cf9df356a8e0f8671f2b56897953bea1c77848585572ecaeac79d

    • SHA512

      0de0fb2b5387980a47435944d771a9cac5e1697b739621020f993715b41f42e6090068c82b279417ef38d7e2272cf64fa4a18f8be3cd69a2dee351a6ca58ade0

    Score
    3/10
    • Target

      lib/mimetools.pyc

    • Size

      8KB

    • MD5

      a7cbb38e9c619c3a0c10dfed82942cec

    • SHA1

      b8c04642f1755ec9ffae47b2dc9598063b6e5a4e

    • SHA256

      510a28ca5c46f289617b421ce42c49bb46f5150e9cbc5baac6c636fb29fd72ee

    • SHA512

      3b42e2e4d4fff6944e17206a4beebe3d6eb5d43fb267e5c8923ad6fac2d0ca55d276a9d22a71c64cf706eac56a462c89e5bc2ed2b97246d36a183e2ffb2b24ef

    • SSDEEP

      192:GNk+Ykczbn+kvoAEgcIez61wIBGL42tK/20YHJg:5+Ykczbn+kAdbIez6qIBK42tK+0YHJg

    Score
    3/10
    • Target

      lib/ntpath.pyc

    • Size

      13KB

    • MD5

      e5d99efbf612906aa70335265b51282e

    • SHA1

      897bdc2323c946f8478fc0b3b5936a227fafaa55

    • SHA256

      e10d48bd12451d61c4a1a81660513ad2a7502c8d4c9be6619f45975e4150b420

    • SHA512

      ed5e42c7f1fbf132ec874a87f80c20b7b154caba5843d0bd5059a8fc1f31ecbf7e23ae809890e4f9a18a2cf32d9672505503ca824635ec3b622eaba2fed78c78

    • SSDEEP

      384:XFOBBBf3KC904OuN19IlGWz7yWS0YrdZ+O1PxMB5rK8gjV:w7l3WvuN19IlGW/yWSZjRxMHuL

    Score
    3/10
    • Target

      lib/nturl2path.pyc

    • Size

      2KB

    • MD5

      dc348410402b59be9ad0e54c1c2bf553

    • SHA1

      7a111bc515a7a7991085e2e1fc3698c2b8b7b9fa

    • SHA256

      63c173fb4cca0dbe043c2a097af125513954e844802d291cdebf7b4b9092cd87

    • SHA512

      b64f3a0cc930018e7498c2419f0a0e49691ee1f8df106f7bf105729f24c8f82b8db4d3dd165d2ddc9d0443bbc69f1d1573ab1d2c03b0d556ddb84884db1c4462

    Score
    3/10
    • Target

      lib/os.pyc

    • Size

      23KB

    • MD5

      2e34b81cabfe5d0a88d6cd8d8733a582

    • SHA1

      1ec0112301bb9b4439682f50d5a6dbd096239c26

    • SHA256

      27722ffe85c9f31eded94ee409d527dae21a45b958db236a4544b6be644b7517

    • SHA512

      f61b6c11be1782c48be39165ad82560960d536a63f6959d306626ddc62d4a7ebcf46ba49779dec14df7c1e18853485df955ac8668889d6e4c27780d83d466623

    • SSDEEP

      384:EfV3QmcQEDFqJyKVPJPumFJ9ZKUyQp75r5lCB8LFDsL+LnwL+GLsHL1LfGLGGLqD:EtynD2NxeUhd5r5gB8LVsL+LwLhLsHLn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryevasion
Score
9/10

behavioral2

discoveryevasion
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10