Extracted

Extracted

• • Target

    f1c89e8224db361bc46ce3fdab84608a_JaffaCakes118

  • Size

    3.3MB

  • MD5

    f1c89e8224db361bc46ce3fdab84608a

  • SHA1

    5ec9dbbf8fd65ef11c5416ab3c7b0ce624ce79ef

  • SHA256

    67f44941b2b6bbb4a51dbf67e96012e6dec4070c5dfff9c778ca1eac43a10299

  • SHA512

    17dab03c799fb86da587f3e4b6f0451879bab4b93be9c7c834c2d1b4ea95728e2361f413dcb27d7de79eb570d642467979aa091425a02e079cfff24f581816b5

  • SSDEEP

    98304:x0CvLUBsg0ls4jLsG+HBIAIsACAbPbanKdoJtp7yp:xpLUCg+AG+hICACVJt5q

  Score

  10^/10

  nullmixerprivateloadervidaraspackv2discoverydropperexecutionloaderstealersmokeloaderbackdoortrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • Nullmixer family

    nullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • Privateloader family

    privateloader

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Vidar family

    vidar

  • Vidar Stealer

    stealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2