Overview
overview
10Static
static
34cbc50b0f7...18.exe
windows7-x64
104cbc50b0f7...18.exe
windows10-2004-x64
10$1/1337/Alexandr.exe
windows7-x64
7$1/1337/Alexandr.exe
windows10-2004-x64
$1/1337/Ex...0].exe
windows7-x64
1$1/1337/Ex...0].exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3General
-
Target
4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
-
Size
14.3MB
-
Sample
240516-ycqxtada2s
-
MD5
4cbc50b0f7d5bd24c6f9ab3139af9e39
-
SHA1
53d1fd3d74c547cfe5af27dc887783cc4b21339b
-
SHA256
619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2
-
SHA512
915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea
-
SSDEEP
393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f
Static task
static1
Behavioral task
behavioral1
Sample
4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$1/1337/Alexandr.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$1/1337/Alexandr.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$1/1337/ExtrimHack [free][17.08.2020].exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$1/1337/ExtrimHack [free][17.08.2020].exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
-
Size
14.3MB
-
MD5
4cbc50b0f7d5bd24c6f9ab3139af9e39
-
SHA1
53d1fd3d74c547cfe5af27dc887783cc4b21339b
-
SHA256
619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2
-
SHA512
915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea
-
SSDEEP
393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f
Score10/10-
LoaderBot executable
-
XMRig Miner payload
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
$1/1337/Alexandr.exe
-
Size
3.1MB
-
MD5
7afcb8667f1ec33f0cc084936a8a4044
-
SHA1
a2755123f3515fbfcbd5b1ab38c22fa757b8afa8
-
SHA256
2304cf3b3d0753318d60c2769c535a164d5f56ee0343c59ac616036d95e8ad71
-
SHA512
bc04b81c01df03b360c225709d2db3078d1fb45fc2a67713f5f5154d050c71e241c2c7590f510d9f7ac3a0a4bc820b3b171d96cb56d23c0496df184e527162b8
-
SSDEEP
98304:A5aFQWMH0wPoBn1ZPBIjKNMxCSz4Rg4MuykNt:A5aF1MHropPDuhg3z
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$1/1337/ExtrimHack [free][17.08.2020].exe
-
Size
11.3MB
-
MD5
74541b23f5f5c2d86616bea5497db51f
-
SHA1
34d9f8cfbbe0999dd016e32ac4015cbcd127fbdc
-
SHA256
20b6d5a91f896f10a868a95adf50c1710c6a44d841a565bd15ec64fad809449c
-
SHA512
8289d9fba78a9143b8baabde22a083ab1384ff03c36791f80cdd7fac056bcec0ecfd46a7264492b4fce25ba1d2d90784619a1da0f72cb1e759dab806b3286d13
-
SSDEEP
196608:upuMlcqs/RrpLiCnx6pyC9lkfVxUi5bb4AJyMw5u+KWDt51ZyvVh8tEHtnCY8MxT:CuQcqs/RrpLvnEgC9laDbVr6KM5yVh8E
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
2ae993a2ffec0c137eb51c8832691bcb
-
SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1
-
SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
-
SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
-
SSDEEP
192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
Score3/10 -