General
-
Target
87649ab3fbcff08a7565780073c5ad72_JaffaCakes118
-
Size
5.1MB
-
Sample
240531-r91d7abh51
-
MD5
87649ab3fbcff08a7565780073c5ad72
-
SHA1
8c76e6aab15520a1c53df63c755b9412b1aedf4c
-
SHA256
4edc648c3c801e361a050a6a9325ab8c0755b20d7300712652d0d39cf3a606a2
-
SHA512
b95764cdc01f4bff2b62874198631879b2ec8370de38f2f45f73e0a75e1fd7ae951900c4117302c6c77338f78e9e8f57cf105b827cc0e1fd75b29c3feef88ecf
-
SSDEEP
98304:xDWuS0E5HNdaDyEwH0pSuqarR//DXMt5E6ZUs827VE16pT6mUKab/:c508H5u9B/cK6F827ddPUXL
Static task
static1
Behavioral task
behavioral1
Sample
Cracking tutorial/Kidux Leecher v1.0.1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Cracking tutorial/Kidux Leecher v1.0.1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Cracking tutorial/Spotify Checker.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
Cracking tutorial/Spotify Checker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Kidux Proxy Scraper v1.0.1.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Kidux Proxy Scraper v1.0.1.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
nanocore
1.2.2.0
174.0.39.108:3630
127.0.0.1:3630
c6590fee-559c-4f07-930c-03e097f82346
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-02-07T23:45:22.900084736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
3630
-
default_group
CLIENTS
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c6590fee-559c-4f07-930c-03e097f82346
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
174.0.39.108
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
50
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Cracking tutorial/Kidux Leecher v1.0.1.exe
-
Size
685KB
-
MD5
1ff65929b157aa4492c82eca85d832f9
-
SHA1
d82b6469538f73145b0097cd16b4f2417ab5c899
-
SHA256
b4b6819a64cdab331bc5229185899597fbc51f0b68c04743a20db4fe942a6407
-
SHA512
458c43ae0ff5c5fbb213b916bc705beaf997466a452dcc4b39c1589eb067c223182a30054a48fd4ffc16ef95d52d63d394dc3f8d03359045874e0d20d5b632c0
-
SSDEEP
6144:bvtUyEPh93fQmTZ5dut5chvtUyEPh93fQmT:GTIT
Score1/10 -
-
-
Target
Cracking tutorial/Spotify Checker.exe
-
Size
5.4MB
-
MD5
1481c5c586484f3d5247cde3b1cc63a5
-
SHA1
25ef72d31ac28b95f5709c67e9058d729804ccea
-
SHA256
d84b13737ed85eec8262144d55f9b913dd6c495173a09b92f4729c0313bdf5bc
-
SHA512
3ce947a536ef00096376a45bc627c6c4f8b869456ed2e071ed55f1e21e959e52ee4348d60f01e527911bac2ebd2763b6c8edbd1cc431f39cfd39b305cb1ce340
-
SSDEEP
98304:YAJ+av4amuhNMcNucJu/n/HlxGIiT3MxGg0:nk4mAMcP4/hIw
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Kidux Proxy Scraper v1.0.1.exe
-
Size
3.6MB
-
MD5
2d1e1d99099fddf9f1ba1f30d7ff5922
-
SHA1
51ce6348bb301aa4e701948e65576fe84136bf28
-
SHA256
1b01f6bc2ba4416668ed6c1d2d7bbdcdf1b2b40dd16658a2d3f16cdba6c23b71
-
SHA512
7853d7b8cfc848652dfa52929feccb11cdc97f434884eefc28b11c2666bb45b1d654050b1487d6488c5a9329e550caa0f947dd02d0b9c832a396aafeba72e8c0
-
SSDEEP
98304:cviz/27qWGq/TzuqCDl2Ptao7jPqHtr105:cviq75/Tzuf8CL05
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-