a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36

Sharing

Copy URL

Twitter E-mail

General

Target

BetterJoy_v7.1.zip
Size

4.2MB
Sample

221124-ykjhpsaa3x
MD5

cfdfd386b72aafe8b68390f4f83c63ce
SHA1

b189cd95436c59fae09bdfc20244f380c210b744
SHA256

a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36
SHA512

1112377fa1daa6f5d77f1ba840c1f964fc029c7085e00a1d1418bdbfbb94f2c31d369f5454f85641b6de6dda280f97a1bb71b750be9f4917acb696d1c8387bf0
SSDEEP

98304:ckT92bM+bd1/ngy/GizoQO1iL54S32tAkj/6y2JLFiOiZ8:ckT9/INg0GizoFi5d32qI/O59k8

Score

7^/10

Malware Config

Targets

- Target
  
  BetterJoy_v7.1.zip
- Size
  
  4.2MB
- MD5
  
  cfdfd386b72aafe8b68390f4f83c63ce
- SHA1
  
  b189cd95436c59fae09bdfc20244f380c210b744
- SHA256
  
  a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36
- SHA512
  
  1112377fa1daa6f5d77f1ba840c1f964fc029c7085e00a1d1418bdbfbb94f2c31d369f5454f85641b6de6dda280f97a1bb71b750be9f4917acb696d1c8387bf0
- SSDEEP
  
  98304:ckT92bM+bd1/ngy/GizoQO1iL54S32tAkj/6y2JLFiOiZ8:ckT9/INg0GizoFi5d32qI/O59k8
Score

1^/10
behavioral1 behavioral2
- Target
  
  BetterJoyForCemu.exe
- Size
  
  609KB
- MD5
  
  16a7fce04f4374fd5d21eebf0fdb2f7d
- SHA1
  
  93cc7d0886d70d5f340828226507869b95e939d9
- SHA256
  
  aadd298dc77c34c1b5001dea9bb70f519dfed9b847384201190b335dc7db505f
- SHA512
  
  41bc5445cf4e3e614722b121efcb3348ea81c38bdf04a8d3cf57fee58c0cc7b38a0c0238d2ccb0b7d50b83ff463ba5526da8185465a42878d70abf48e28a232b
- SSDEEP
  
  12288:aF6s6QnXH7XHbXHDXHKXH8xjLrRLn8sXHrXH5:U76WX7XbXDXKXavF9XrX5
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  BetterJoyForCemu.exe.config
- Size
  
  9KB
- MD5
  
  af9b2a3b8b997500365cb0181df930d0
- SHA1
  
  5520ca5d494feef5b9c534867f6510f8f1fb48e7
- SHA256
  
  59d662fd6bcb39609977fa439cd91f9580be7e3d0b54fcb8794bc0cb1c30816a
- SHA512
  
  b2caaaf587cc117e387a0178f93d4d74d5505727960ea87c3b79c08a7f20713c8739ab6080dc41cbea28f49cf50b3470caa3f545cdb7bfb6df0f0afc4cc08b9a
- SSDEEP
  
  96:Rr2QPdhI36J/ST276agwqP1B5XQu72Cre8+U0wDeAaJNqN0nR4ipYbWHJVmnGN16:Rr2QPzf2agJ1Btre8DONLRubeM
Score

1^/10
behavioral5 behavioral6
- Target
  
  Crc32.NET.dll
- Size
  
  7KB
- MD5
  
  cce714483b5568f140c904c30a38bce6
- SHA1
  
  8c668f156d612b677bd4408f4578b8e6cb31104c
- SHA256
  
  9eafbec3431a3ddc072d870dd71f96d4fd421eff27b3f855fb29dde31463803a
- SHA512
  
  92a947245699d48f7aaef4340519496cd18f4ea245e0d7d4913bf8e5294e026aa3d7ca47c84772917f9014ba94f086d1dd30078a808f08de32866d32f6ec9fc9
- SSDEEP
  
  96:5+tH6RbkMa27CvSVeGQGgKRLYm4vJDpLN/yZkO4rsaKRUAe3ipMnQSmXDT/2:5caRI27C8zRkth/DrXKRUAeIMQjzC
Score

1^/10
behavioral7 behavioral8
- Target
  
  Drivers/HIDGuardian/HIDGuardian Install (Run as Admin).bat
- Size
  
  377B
- MD5
  
  30cab8ec7ceeac504feb97217931982a
- SHA1
  
  bd49ce2c7b524bbe74baf6bc76297746680b0da4
- SHA256
  
  be7d428a517fa481fcca0136f5efc7255dccb4084dafc59b1ddeb10723ba1568
- SHA512
  
  1a9860ddfd46a3713170d73f153e581d1c6150dc09a2be62867ee9899972a70040b24b65647da4e33f8e577fad61ea5d63ffc84182950086e228fbc62871027a
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  Drivers/HIDGuardian/HIDGuardian Uninstall (Run as Admin).bat
- Size
  
  290B
- MD5
  
  593b773a58a71d73860f654be618b1f8
- SHA1
  
  d743046cde4723afc54c7d11668125213f7d300f
- SHA256
  
  9d12d075a2bce2ef7a5344d7afd32fb1572403f45d3ef15567dc4057bfce0477
- SHA512
  
  d5b28099d0a702b26b586b657a605d5a49bf905bb2a1f0019e0cf3d280c94637ef0559ace71e6e43e7ac0b8d97f7193f0105056123fce979a4ca11eab3b66499
Score

1^/10
behavioral11 behavioral12
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Lib.dll
- Size
  
  915KB
- MD5
  
  114bd42b291aac607afc63116e6c33c4
- SHA1
  
  67504f53ee72f7728adc314587a89368a2442b30
- SHA256
  
  e4f574ba09f39ec501b432443a8124c7eb9578d72b1657ebadf75e17f5c97eb3
- SHA512
  
  080f6e387bd77366c216fa4454a84b98c431739fdd6b4fca792cf2b3fe51165000bb0d02c8829daa22361979aa3ebb2c5b2ac829b7b1e04c1a10b9d5866e3a97
- SSDEEP
  
  12288:0qPBEJ1Yq/uHzCYJPnA/aS40TRliHTSZojdcl0KVqSjd:BBEHVGHmKPnA/a50TRliHTSZ71Xjd
Score

1^/10
behavioral13 behavioral14
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/api-requests.js
- Size
  
  2KB
- MD5
  
  746774080d87895033de7059dda30fa7
- SHA1
  
  d67d0bc7390bcb17bbb35f9bbf98a0d4341abf54
- SHA256
  
  2d0c26b1c9060210ee5ec562519901f0143430cc13eab525ac1091d9d2def4af
- SHA512
  
  07ac4d3c44cf6555afbec63c9a15dbf161251cd0581d264f6626c35a1dde4f317936825e22f011b64b18c12b9a1ab626c677d97aeba7b19551ce13fc2b6a46e2
Score

1^/10
behavioral15 behavioral16
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/custom/viewmodels.js
- Size
  
  521B
- MD5
  
  d3d3f8c6c26bf60d241190060e368b11
- SHA1
  
  2743f0a4ec2acdc84e70ea9176469b2c4cb2e63f
- SHA256
  
  a7183655bd730258a25718a233b21d55eed98eab1d1f07aafe847cbc50af9e3f
- SHA512
  
  c235a787f85b7ac13acc5dd99fec4676e5ed27ed48aa134b28baf12f0dc1e81ed2c681f9e97b82a58bf5e701d622cd4bfae3d80e2371f945a92666aa92e92efa
Score

1^/10
behavioral17 behavioral18
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap-theme.min.css
- Size
  
  22KB
- MD5
  
  9f0b6c56b43e75b28733a94b2d1eb302
- SHA1
  
  dfea86cfd99e5dd36704c64b47e9905281c11cd9
- SHA256
  
  8b273fe0ae11dfeb96f7a56f1b5ecd2d76500147927ad557356faa5227d17032
- SHA512
  
  5647f57583f52d69719619c26285d5769076825a331c41f9b864b6fccaeb1681ce4bb7f3ca85b5f7869c64f569ed44b3857eea158cf18e296d55f787dda33a0d
- SSDEEP
  
  192:g7dOxdOiu/DIG2GecMdO1dO5MsObnlkZOMdOkdOG31QNGiuUiu5iuOVOvVOA:UQfuMGazEUMnnlsLP3byT
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.css
- Size
  
  118KB
- MD5
  
  5057f321f0dc85cd8da94a0c5f67a8f4
- SHA1
  
  224c9f9ad11b495358aa61dbd53e838e9b61015b
- SHA256
  
  5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
- SHA512
  
  4056508074c098e63356f88b53f8abdacae6bdd46e76e79028505be5d94ed6ec9cc6513ce2dbd1b398b23649a0e260f989b28669594df847daf3010fe296fe5d
- SSDEEP
  
  768:Xy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1Fx:Jw/a1fIuiHlq5mN8lDbNmPbU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/bootstrap.min.js
- Size
  
  36KB
- MD5
  
  04c84852e9937b142ac73c285b895b85
- SHA1
  
  8fb8a9319055253d085edfc3bb72d20f614ec709
- SHA256
  
  36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
- SHA512
  
  e27be06bc898dcf893f06cc49cafcbb6ba6e3a69106a89a500f6993e57600b3636392784811237a1a783967dbe05d57a0769c78f8074a0c3a59b16b655b1d350
- SSDEEP
  
  768:72rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfgx8Gf3Zq7Q:yg73zhq0GvgJ3ZKQ
Score

1^/10
behavioral23 behavioral24
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery-3.2.1.min.js
- Size
  
  84KB
- MD5
  
  473957cfb255a781b42cb2af51d54a3b
- SHA1
  
  67bdacbd077ee59f411109fd119ee9f58db15a5f
- SHA256
  
  75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
- SHA512
  
  20da3fe171c075635ef82f8de57644c7a50be45eb1207d96a51b5eadeaac17ee830b5058d87e88501e20ec41ef897f65cec26a0380eaf49698c6eaa5981d8483
- SSDEEP
  
  1536:TNhEyjjTikEJO4edXXe9J578go6MWX2xkjde4c4j2ll2AckaXE46n15HZ+FhFcQ+:Vxc2yji4j2uC/kcQDU8CuE
Score

1^/10
behavioral25 behavioral26
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/jquery.form.min.js
- Size
  
  16KB
- MD5
  
  05387d9f7f3e4e2f35c8f8ab23e9e986
- SHA1
  
  5de6cbdf93bfe2b3b2362a1a8d334eb58ab459b5
- SHA256
  
  7706dd72407b72375603ae5dffd27f1b7beb20199345670ae7a9cac62f20726d
- SHA512
  
  02ac1483bba69bf7f2e648f05067879721bd4ee51a360f7fee163adb5fb7b2afcea289109108ca0c0f1897a25ac7cd8133d6dcb5b1dcebf253d0b7a5e87d9eb5
- SSDEEP
  
  384:DrHD1iPUVar769pkuEKtfSZIjLBhD1Rx//IpdTORZ0LdJnHqDo5J7iuvk:XD1or769piKtaeATORZ0LdJHJk
Score

1^/10
behavioral27 behavioral28
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout-min.js
- Size
  
  59KB
- MD5
  
  0d5287807c6ba5e440445933688c233a
- SHA1
  
  970054a0bd0a2c3c07cfb7d4d1aa2465c540cd6d
- SHA256
  
  494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f
- SHA512
  
  648e1c2170914812c2a431cd17a0ef9b1ab4b56728ad85cae89e40859ea820f32796535a2135b525e4b0d79c6f0c187301288e912f2df40f0a700ca37ce426e0
- SSDEEP
  
  1536:qIGHHbJdxdAv1xVJWQc+TJB9QLsPE8BqV/rzKzL:zMnx47F4+zL
Score

1^/10
behavioral29 behavioral30
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/Content/dep/knockout.mapping.min.js
- Size
  
  10KB
- MD5
  
  f22f3ec6969d92e36f4d052d6ccc64c9
- SHA1
  
  972f9f88e0a4b00ad4c011164115708b30dfdc31
- SHA256
  
  81a1a86cd93570f6a3d1a6dc566c99c5462008fb2e7822703798b80e30b8052d
- SHA512
  
  d4bc813d6b5ecdb5f42cee17e10ce17d977d8d27ad56ee56d08169315f5e72ae2525440147a871f2e88d7d42360287bb2c2178acad4d577ad8fae8a5e1527741
- SSDEEP
  
  192:uaI6WYuDL+CsP7NOytgGXG1Y4+dWroHeXQkOFYkz2tplMQmMt:uaIz3DLaMyGGXG1L+dWro+gksYkaplMA
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in System32 directory

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32