2661ec0a0e9292c580ae663ffad6b19e860278dfa681af9e49db137819b9bd16

Sharing

Copy URL

Twitter E-mail

General

Target

63e74b5f713ba1912d57f002d73bfafc_JaffaCakes118
Size

14.3MB
Sample

240521-tk2l3abd6y
MD5

63e74b5f713ba1912d57f002d73bfafc
SHA1

6cef4f8f3de7ae99697e9ae0dc15412a789fa09c
SHA256

2661ec0a0e9292c580ae663ffad6b19e860278dfa681af9e49db137819b9bd16
SHA512

5f57a3411127f05314295a1b4d2191f480c1b358dddb855e0881498e63d2eb40957b89d7068a2759d3420b039f6607f1478882f844faf9b767f69c6ac1a5a021
SSDEEP

393216:0YNbxKM7ys2YLByWZ0/IOm55OhTyjKoPd8yzX9HQ7p++8:06xLys2myW/H0yjKoOyzX9HQt+V

Score

7^/10

Malware Config

Targets

- Target
  
  ARSoft.Tools.Net.dll
- Size
  
  212KB
- MD5
  
  de82d90ba4630430039b1e45eb739d38
- SHA1
  
  4602928e20f7f8033abc52055e675414fa2f2b28
- SHA256
  
  ae1225b42fecb73cc3caa79001079883129177ef17ef48fe816c8a92de832563
- SHA512
  
  9fab96a09725369acf2a633512b04a1141e7618012d1cef89d906352fcda6e01113d6e79d13903ae8319ed334c02e9781aeb1a002a4f9ffbd93e86bb10b7b7f7
- SSDEEP
  
  3072:R4vy1h7702wk0qhMEpzNhGPXCKxHVMIgsY7l68+GsmljPjSUhZ:HjaPXCKbMIC7N+Gs2PL
Score

1^/10
behavioral1 behavioral2
- Target
  
  BsSndRpt.exe
- Size
  
  317KB
- MD5
  
  ac23bc99492c5561f26712e8dbc6a3d1
- SHA1
  
  1752ebb222bd195daaa0424bc8f998b13ef9fde8
- SHA256
  
  4c92a3585775a0c22a3ea32dc95de35fc16adf916f0c0244a9e5e38c209c504f
- SHA512
  
  508d99b70088da6b2b9705a419cf4bd8e0073ce63abe66ad8f777779db9d221f04900e25ee5b607cf7a24d70a0d6cba581f07ffefcd599be8c7d4af07da4048a
- SSDEEP
  
  6144:UVPQoOeudia50QrjGldIpwQngmOPyVMnxyZo5X:UVYoOeA53O7IJgnPyVMnxZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  BugSplatDotNet.dll
- Size
  
  25KB
- MD5
  
  96df5bb1afea5f627af4b95dadb5e3ef
- SHA1
  
  b21ad2b24609eec64ee1d05417e667ea2cda5746
- SHA256
  
  c2a1e59710c7158cf59c768c864a12b2d2a5582a17a7493880a54314a820bd07
- SHA512
  
  eefc19d74b851a02678945a9f536905de96e19093908c408a9a74375d5cb2f8ee407aa72581359095033852e7a56ba505d0593bbd11b4509ab9ce598398f51e1
- SSDEEP
  
  384:TxS4mEBt81FbBpnsqjkonoljmbgsdf6qtwSWg4HenYPLnrix3SPjrd:To4msstn/Q16Nf6m/Wg4+IrixiPjZ
Score

1^/10
behavioral5 behavioral6
- Target
  
  BugSplatRc.dll
- Size
  
  97KB
- MD5
  
  061b0fc5b141aecd6d78b621eb854ff4
- SHA1
  
  416e4b15fd0a68229be078d072e0df28ef7358e8
- SHA256
  
  95e06d555189bd5e2e756157d6b0b6f18a8027c742b9695f839b7edd6e4dff32
- SHA512
  
  35c5ae6c112f6fe83494751f8eacadc8808c94a0c80e1268d41d8dc72c50ee472fc76a172d1b00d80af494eb61c76a2746c03d119f73ee0e99fb49c223e20802
- SSDEEP
  
  384:0I66CiPitSz4YtOiEjlsoJ/oDF4rQzdBKD5e29KDCly8K7ZnwBTngBo/614O:0HxtIrtOljlsF4rAGw8K7ZnwBc6i14O
Score

1^/10
behavioral7 behavioral8
- Target
  
  CyberGhost.Communication.dll
- Size
  
  57KB
- MD5
  
  0b8bdfa0d4b0ae75a1f48fe68d8b7b64
- SHA1
  
  f50d417b6db71ad8a57c66a21159670252509c42
- SHA256
  
  fd3ca4e7ed99cc1f2042e42254b3d129f361fa28374f132adf14fc4ec8dbbb5f
- SHA512
  
  683948f37495d415090863959343952348765c814b8c15f1feaa2d45113addd4a33ec8d0e7cab5c19de4e5c88a0d775dba20d5aca2d9787f8413132ca9b3206a
- SSDEEP
  
  768:yjZvEFFikKVE/wwrIwlLjDRVFT0c/VSHqANX3F68y/4a9XqtOhJR0Bz22TgNUbcR:L83FXa5qgR0BkUwtsizhdQrix5
Score

1^/10
behavioral10 behavioral9
- Target
  
  CyberGhost.RESTCommunicator.dll
- Size
  
  128KB
- MD5
  
  54f9602d9fd397b02a41ff7a54c905ef
- SHA1
  
  5bebb69c404c639fd4d9ecaf2c40cc6aca4241f9
- SHA256
  
  5a46258c595a3d4b5d3c7008cacb275733eceb4ec5021b55056563489221fc7f
- SHA512
  
  11403644efb18f44be4129ee1480096566741f31185d796afedd8a12c8ff3e2dd4e021f9e3d7dedcca4abd91f2aa3c8825afa1beb42c3598505659fd0aced283
- SSDEEP
  
  3072:FEvZctOlPA0RbkM3i589nJYh2TOB+YsT+g:rtOlPhVk0LKBod
Score

1^/10
behavioral11 behavioral12
- Target
  
  CyberGhost.Service.exe
- Size
  
  233KB
- MD5
  
  6e0dbdb495e0529370b27baa27db6528
- SHA1
  
  778c4a29abffbffdc63840f68e9ced44eab2cbfe
- SHA256
  
  dfb23aa3f9277876ab70e594b6722d99dcebce32331cd80728e9a3fa1d4f09d6
- SHA512
  
  17eb55170a42c43e48ecd0248421340eea8177228764d0cf25f843c8f52ac454e3656f818f2d09b8e4866b13e79df9235b4bea0210dd4986b801dbb654a5631c
- SSDEEP
  
  6144:SSu58jcZL/sW+ZIAaZ6buyxwLnWWmWa/YRX4HoHD/0yIYqMiY+:1+BZLUW+ZIAaZ6buyxwLnWlWa/YRX4HT
Score

1^/10
behavioral13 behavioral14
- Target
  
  CyberGhost.Settings.dll
- Size
  
  95KB
- MD5
  
  29a8299b25e929fe7c50a269d321ca33
- SHA1
  
  12250340166e2d34f2000706e66894edb164fa6f
- SHA256
  
  b23b1b4ab4ad47fc05c9c3d574ba0440bc8def3a0b6f3c5b676c327e71ff521c
- SHA512
  
  f4d46639060bde7bf4c8b8113ec58f8b8136d2c4f56484d9eb34b221c7694df6b9786295a8566343914cfc17d9f19ea477f893673be239975cfb041f2357630b
- SSDEEP
  
  1536:uU3RVIrLruOZQsvOy6wL5QrKCxT21TkDGHJg4to8/Q2hBirj/z14LfrixMP:uGRaXQsvORCOrKCxTiTkDg2AvY2hBiXS
Score

1^/10
behavioral15 behavioral16
- Target
  
  CyberGhost.VPNServices.dll
- Size
  
  89KB
- MD5
  
  bc31af05901cefa3230dd1cd8bc3384e
- SHA1
  
  b7151b85637d59112a49f43f572d5c2090982c43
- SHA256
  
  7e61e472914297ad6e8c1bd5aee5e9795c913619a87eef6100332cc534c73b0a
- SHA512
  
  aa4ff1b7660955e03884b8ea3b885abd01646b4ee0c3132c820282a6ea25334365c18d3a4b1bdd10c595852823585c0b410754e487b6976ac47be1539f4bd31c
- SSDEEP
  
  1536:08OLiTLnpwWGBzf4LvEkobByw56mby/7GJIPJ5rixA:0ZiTKzfCMkobTb6qA
Score

1^/10
behavioral17 behavioral18
- Target
  
  CyberGhost.exe
- Size
  
  1.3MB
- MD5
  
  1f5745e5011d1ce2a79694d7c9e0d1c8
- SHA1
  
  d2108bc4535e74166761fc9e51df0b5c0f82d148
- SHA256
  
  ee14351639bf84786442cee3f7af65b9f9efdc4afcba1a33625f91a5972e5a65
- SHA512
  
  53106be09124ec66870a556a532938d9b9a6fd4ab0ed25ceb06fa854bdb723cb425613fb9af9448c01d4948707092457a8184c8ff5dd898f4b6a8c10aebb9908
- SSDEEP
  
  24576:ZqbGoiE9SVc2Xyq9gYRRcY+wLz/3N/O2RxSTjgphsXZCGlxRip/:62CoLz/3ThsXxxRiJ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral19 behavioral20
- Target
  
  DE/CyberGhost.resources.dll
- Size
  
  92KB
- MD5
  
  0c07bb5d6f48b7ab0d40eb886c9d4e08
- SHA1
  
  79af6a91d20f81e10ea4b816e5852b1f25c3ad32
- SHA256
  
  c242a56253d724d42ec998a0b13e6b32d1850956b9d66aca13e549120a2d0148
- SHA512
  
  86b0c0bf1dfb383bba8d1111bdcf9227946efc88f85360156c7025afe4aed342b3ed733216f07eb00b69caf904254dcf4da5e160e830432027d2e386da58852c
- SSDEEP
  
  1536:ONYxl0331wytsRQAWlXqCwP1RHeWCUj4MuVM3BH/qC:ONYxl0n13sRQAWlJwP1xeWTjbuVMR5
Score

1^/10
behavioral21 behavioral22
- Target
  
  DE/Lizenzvertrag.rtf
- Size
  
  31KB
- MD5
  
  abffcf1d48675431a63b3930ad23d2ae
- SHA1
  
  64bec9b66159666611fa471ede006ab45fd8775f
- SHA256
  
  fc610f62b970131bb21b141a53c4eb2a5290563a7c1a15d2fb21d408d8edbd38
- SHA512
  
  4522adeb833ac295694a4fe466dd064da2961c328149fd382e4a766c34a0449a86b2efec43ec3dbc38f2ea6879b8a035f351b0b850c0ee23548473b627d7bfec
- SSDEEP
  
  768:dcijeQJGtEVXLL/VBXJDPPygcUwayXzll4f7Emxz3GjU:cQJTJLt2vTahf7Ew8U
Score

4^/10
behavioral23 behavioral24
- Target
  
  DE/OpenVPN-License.pdf
- Size
  
  498KB
- MD5
  
  b4d2304eaf695ea736267d711f51c744
- SHA1
  
  87f98beffe523b56120272636e0b68fa16ff5aae
- SHA256
  
  9ec9a8a661ffec35799b707717380ee4ba828dae8ca7dd2cdff8883d2a10107b
- SHA512
  
  de59557d374c23edc73dc7e3b440cbaf48bbd1805970a239844f7833b5a96b14ea0990d415890f5e0376530e0a28107d62dfece7e984cce1218ec18557b977b2
- SSDEEP
  
  12288:iRIasjj4EWwuOpc8UcFUgj3j8qkrvR/FrPg:iRlsjM3w5p0cXjjxERg
Score

1^/10
behavioral25 behavioral26
- Target
  
  Data/OpenVPN/libeay32.dll
- Size
  
  2.2MB
- MD5
  
  38c32ec7bfac41c8789bbc86b22d547a
- SHA1
  
  c64a38fd621256a5ec7b9cfae9deaa74934bac66
- SHA256
  
  7a14631f093cc459f48caab18635a034fdbcf27ac1dcaa64cd60e3440dedfd3d
- SHA512
  
  2bb7af81648b3172363a49500e92d21b8922fb0ef38c7a4c8975a93469232c41a445aac86147fd46bbcade3ab6f33d98b79a5de7061b82ed9a2eb037f27f35a6
- SSDEEP
  
  49152:qqrGLY4rzqgpJdli4OLz1/SK1ULLnLWdaqTv6akDCbpCX464lnbW148y1PuDT5WW:qqr0Y4rugpJdli4OLz1/SK1ULLLWdaqC
Score

1^/10
behavioral27 behavioral28
- Target
  
  Data/OpenVPN/liblzo2-2.dll
- Size
  
  170KB
- MD5
  
  7147f51f060f4570b401303df7a4ffbc
- SHA1
  
  3888c27f39b45262bb093e9a83cbd55ebcd28528
- SHA256
  
  d5d22f9c69c20390564ca60a5e22d6891348af208ca5168441726587ef9535f0
- SHA512
  
  c3a76049982830824e3f72abe2dbb222542d781369333f08e52911623c5ad4e5b7a53107504db93dbde8b5cffe90aa8cb03a9dd474387fd13221ce994253264c
- SSDEEP
  
  3072:5h5CDZ37FRuI7hDEjQ777RZ7B7T7N55Fjh/YAWFOEBhzFJEB55jKN:w3bRn9ZNnB5NfKN
Score

3^/10
behavioral29 behavioral30
- Target
  
  Data/OpenVPN/libpkcs11-helper-1.dll
- Size
  
  113KB
- MD5
  
  786eb73ffb1fd9bde387c369c4a86ef5
- SHA1
  
  5694da3050a6a178471f5ad29b717afccbab4f96
- SHA256
  
  d92aa934514ffc181823ec119f46db316206414b8c58c4666d5240c74bbd019e
- SHA512
  
  c3146b9c9d3febeae709453c5b842532cb24aca5cc268b5e107aafd717d61991121a93d8f2f609381d9f0f22865fb14a58f128109f6d8b97b6fad63cb5745b8e
- SSDEEP
  
  3072:J2wAbrPqeL0hqbvoDwOR/zxegxh9QQU7kVTAHluobjrNEseb:QbrqVSYwORlegxh9QQU7kVTAHluobjrq
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32