b696cf2c76a95ec2340527defda8bd533c479fce26dfda6ff7bbaab1f9ad08ce

Sharing

Copy URL

Twitter E-mail

General

Target

443f0d365da7aed79668022204d08830_JaffaCakes118
Size

2.0MB
Sample

240515-dcs2yseb75
MD5

443f0d365da7aed79668022204d08830
SHA1

c7ce5425f1dce9b3e855d00226e1becbb4c35931
SHA256

b696cf2c76a95ec2340527defda8bd533c479fce26dfda6ff7bbaab1f9ad08ce
SHA512

d78a9a7f32871d28c76877a39b6e30f82300f1000d935d614090fc2039ababafacc1d2bd1ed6f79009cc6e2202fad3e861db24d3971ce85b86f80dd483a2bc27
SSDEEP

49152:Zuj2PgD/QnI0XKgwbTYMz90oDa1rFIDFf2p2d//L7lnn:5xI0B+YY9PUFVu/DB

Score

8^/10

evasion trojan

Malware Config

Targets

- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/DPInst.exe
- Size
  
  508KB
- MD5
  
  be3541bfda8a81c474224eb84e977004
- SHA1
  
  fa9ca357ba8b16480bf92c22628a82dedbcdd183
- SHA256
  
  5520c35127fbdc94322966486ca76f8075eb3f64655f000b1af16be635309287
- SHA512
  
  761ff8cde80ef794eb371de20fa1d95440f090dabecd2c58ecd6f8b6c62d908e3bc3bdbe8a3817f3b53d78cb9e395bce146cfc9e1b9ebd03ee1f3d341b780803
- SSDEEP
  
  6144:Mjj9LmzA8F0UQLfwXI5bqhSN5L2vRq/NYB215mP/:2B6z0OIYhmObwMP/
Score

4^/10
behavioral1 behavioral2
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/FTBUSUI.dll
- Size
  
  104KB
- MD5
  
  e3974afac60ee2c3ec118d560c7fe98c
- SHA1
  
  b6c353060d15d4aa136605cfa1721d1c21efc64d
- SHA256
  
  c8e47ba55381bd3df5484a65c4682adf84f694e72b972a0f1c312bac2c0b5dad
- SHA512
  
  d9bc13c509a7f753fac04368be146d6bc4f234dfa9a8ccb0f02c96c0f5299041095cc783fda0d9672eca10e7516874af4bd757d09bb72639616f3f3c2c7e3c8a
- SSDEEP
  
  1536:oP72a5kDD3OpwYKsFf8LiHuOCJw7IevtW/:Yn546WLijdI6tW
Score

3^/10
behavioral3 behavioral4
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/FTD2XX.dll
- Size
  
  172KB
- MD5
  
  aa8046aa6726e0a2b0cda65fb5d2cd8d
- SHA1
  
  9decf4ee4cfabe32e05af7b0e8ea2ea872e01a18
- SHA256
  
  391644ee8db7dd5fe5ceaf612ea963280a54e4f4e03af8faf2008c35039a3c06
- SHA512
  
  18e6c3f7a6dfd9f8271266df362fde7e1ee7db7ccca14913f4b785130a712b22f7bfa4fc757736c840aadcb94c05453964654ec7ce82d5013a1dfcdfb837cf50
- SSDEEP
  
  3072:xa6Uqpl6dHk1QcUAC33DFMlLi3H4ixt06qY5nutj:xacpIkCHDFJ4qh5ut
Score

1^/10
behavioral5 behavioral6
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/FTDIBUS.sys
- Size
  
  46KB
- MD5
  
  b283f1bc1ff852bd232449a4b3e3ce63
- SHA1
  
  1735a5f442a52ae782217da90596c6f62c16af45
- SHA256
  
  e9e97433b39c0c20d9602b13dc0b5db06212cdbd2ccf733b1f0ffa94bd7567aa
- SHA512
  
  0898ee85a25900b508895444b43b0c10ad17dcb24e97af56aaf1a69797932c4b554006a8f5226914c9abf93c433d486d1cba1016f7f354703c373349c75ba0a2
- SSDEEP
  
  768:0Jha1cGV+JylMazaAIkiN2Jo2EPn2r7G5A0Ee/EsJMM3UuocsulZas+/baaKv7xW:gha1cGV+Jyk5F2CJn2vG5A0Ee/Ew3UwU
Score

1^/10
behavioral7 behavioral8
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/FTDIUNIN.exe
- Size
  
  184KB
- MD5
  
  9a411917e84142c706358a74e753ab38
- SHA1
  
  5ee4d0293fc2b5e916a5cd3ebe5ffd25dfc28c09
- SHA256
  
  3b0129a0fcd4f5ca649444358afdf852c878a2f539be897bf0519d07e8561413
- SHA512
  
  e7c48120e09bf389968268d5986922439a95d8ea604ba26fb8d2fbbcbf5cb559b14ce1b267b3685b8aca494eab54d740c66a2a4b9d81035a2ef198ca1c17635f
- SSDEEP
  
  3072:VIvkMUaUUIwtmCAipwDKyZCLiBhmdsTIKXNcBtw3x:+kMUaJLAipLkVTRi0B
Score

1^/10
behavioral10 behavioral9
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/FTLang.dll
- Size
  
  100KB
- MD5
  
  cdf91fb3cf82d2a5682c42714d8cb9c2
- SHA1
  
  749ce7db573f421bc520786e17ca0efa26822d81
- SHA256
  
  3392bf2a67f3774b58332fd1e45a3bddf87ca25edc3c40ef0c266f15e962114f
- SHA512
  
  f826acad305155b489b5403f04f6348bdec1c88c9798c871681cc1e7a5f3451a8cb4275d1b6055108d71c9947861d55fb08789016f39aed99728ad3f2c268f25
- SSDEEP
  
  1536:sGfTyQH+NKv4Z8Li60BXNiWh8vgtVcIUG:syx+CLiJXNiRvgtVbUG
Score

1^/10
behavioral11 behavioral12
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/ftcserco.dll
- Size
  
  19KB
- MD5
  
  d6ca53cccc8ea7d30e36f958a3275696
- SHA1
  
  782eef63a8b2f01d05c4bbba68d69a0fb793b90f
- SHA256
  
  fef49b86ba6112d2f75db5fcadbbd3a4cf385982549f943b89f134fcee755c71
- SHA512
  
  5446a1fe4328f3a9b0915390e73e4d04fe2d4dba5d586018217b62dfb95dd2c404a45b8cb93b8063467ba4e19f7b1f58808314f3de2236f5d89685f0986cf103
- SSDEEP
  
  192:Av9Z1zMQNM2eYfcN+re4bCF2XrFKNvB/YMqZu:AvdM8X14+zF+QMqo
Score

1^/10
behavioral13 behavioral14
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/ftser2k.sys
- Size
  
  59KB
- MD5
  
  678a73f56ddf84a08c31123c386e9967
- SHA1
  
  cadfb220a6e5168af8361e3ca25d9f082f0df0c4
- SHA256
  
  cefce93abf0928fbc361cc953b49d33bcc0376c4477d0ac1840e6b94c6de2e4f
- SHA512
  
  f7fd19f249fa53965ef517235a54b279050b8033c2dd917444c76cd5737c9a06b9e4fba14957b2383d1c17f0d221badee0d4632f49d56b602c810a229d127978
- SSDEEP
  
  1536:Fr+pO+ENfokyYatEvz7RRjT6giOMPVlvXem:Fr+dvER3PMPVlWm
Score

1^/10
behavioral15 behavioral16
- Target
  
  VAG-K_CAN_Commander_1[X].4/CDM_Setup/ftserui2.dll
- Size
  
  32KB
- MD5
  
  1452ce75a9ac31d29d552f3bcd62e64e
- SHA1
  
  9c55824bd4f8bd46d05388b017113201de6f5a1d
- SHA256
  
  e49ba33c49c921322c807d0ef21815cff0af3fc32c269c9f4cf32d57705b9c62
- SHA512
  
  36d64f5250d167722cbf69f6259d87d04067ff3a779f7a4d8686a8566d7373e824a51933378d3dfca65cb341e6a096d9758c64cc17ceaafed4c7a6a870c19161
- SSDEEP
  
  384:1bL6rJ9kE/hXnlsg8DiIYX8gJtckZqUS6lrdeOW9OqN9PWyWCtoxsQwM48KQYdMh:IPXegUix/plAX1W9fohXJ2/r2+
Score

1^/10
behavioral17 behavioral18
- Target
  
  VAG-K_CAN_Commander_1[X].4/RCMicroDogSetup.dll
- Size
  
  2.0MB
- MD5
  
  967fc1f2cbb8c29beb7abfd28726f16c
- SHA1
  
  932c6bebe7784dea955e01bcbdf4e36a11069ff3
- SHA256
  
  5671711caf7446ce3496028375156cf4443c12311ac4e75c626dd740652d8ef4
- SHA512
  
  1a770e58f2cb63add64c157b3a22fca94f2fd24c1a1ccab6ab6f03b84703409b1e55b04b4ae3cb885a7d4b961216be3d326d0e12f3969cf082805f5ab79e72b9
- SSDEEP
  
  24576:ToSdv3lgUBVV27+RZC/CZmtY5+uU+ufXGY+ul:Td3lgUB/PZ14Ii276
Score

8^/10
- Drops file in Drivers directory
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  VAG-K_CAN_Commander_1[X].4/VAG-K+CAN Commander.exe
- Size
  
  1.0MB
- MD5
  
  2cf368920cad617c413896e11eb318e0
- SHA1
  
  0cdc588ce2d3790d1cb8fb1d5d24bf5857deba11
- SHA256
  
  ea69c09b51fda25107d9926d7d033f4e25f5374ec0dd2b1bc4a9867a7b19b932
- SHA512
  
  842c2e9bb78dd0919c8cba9de60291600f7b2a7f161a4fe76652397f2e11663fea21d18c2c654051299ad695a399efc8073e637768486dbf9ac2f3672f9b9815
- SSDEEP
  
  24576:xXhEv0vosUJGRsWop1WHfsFOIqKmNnL2imfTuKi/WvXOmWlH:xXGsLG1xF5qKEyZTfvM
Score

8^/10

evasion trojan
- Drops file in Drivers directory
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Drops file in System32 directory

Drops file in Drivers directory

Identifies Wine through registry keys

Checks whether UAC is enabled

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22