General
-
Target
b7468904155157b5f8cd9cb3782686de_JaffaCakes118
-
Size
3.4MB
-
Sample
240822-mgc1za1gna
-
MD5
b7468904155157b5f8cd9cb3782686de
-
SHA1
3b1fa2908150cc6a7d7764ee82ec37755984bba3
-
SHA256
41ad6f9aaac40ebe7d35ad9caa46ceafed790ca57d7c4e283fa87ce1892a088a
-
SHA512
185c5beef69986989a4b028b753f9e70ed501f0323bc0106e63f584263a323513ff95b068f7f2a1810a5cabc0526d4e75d06e579c17d8873b708c7fa0f0bae69
-
SSDEEP
98304:y9SA9IVfu8JcsQ05Dsw5C92bLLl2zgXsjOmpzRTUF6YKK8NSIxu:yafJF+SFRcOs+iK8NSIxu
Malware Config
Extracted
nullmixer
http://hsiens.xyz/
Extracted
privateloader
http://37.0.10.214/proxies.txt
http://37.0.10.244/server.txt
http://wfsdragon.ru/api/setStats.php
37.0.10.237
Extracted
redline
pub2
185.92.73.84:80
Targets
-
-
Target
b7468904155157b5f8cd9cb3782686de_JaffaCakes118
-
Size
3.4MB
-
MD5
b7468904155157b5f8cd9cb3782686de
-
SHA1
3b1fa2908150cc6a7d7764ee82ec37755984bba3
-
SHA256
41ad6f9aaac40ebe7d35ad9caa46ceafed790ca57d7c4e283fa87ce1892a088a
-
SHA512
185c5beef69986989a4b028b753f9e70ed501f0323bc0106e63f584263a323513ff95b068f7f2a1810a5cabc0526d4e75d06e579c17d8873b708c7fa0f0bae69
-
SSDEEP
98304:y9SA9IVfu8JcsQ05Dsw5C92bLLl2zgXsjOmpzRTUF6YKK8NSIxu:yafJF+SFRcOs+iK8NSIxu
Score10/10-
NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
setup_installer.exe
-
Size
3.4MB
-
MD5
4b03c39108e3dc0e225ca17b2e60dbf3
-
SHA1
93c03382407478f1deb2c352fb09a06ddaf45427
-
SHA256
d54475a4d379b330858efba292a1b9c791155ecb8b86461e3edffd2e32afcd0a
-
SHA512
3f49a1cb00160681e5750d7821dc55e54207616ed4f9987827a2cc9dd09aecabab0b117a4120b4d1b925fd40827e2f01992ede1b7315889e67c6beea0b1bda3c
-
SSDEEP
98304:x2CvLUBsgz3n5nSgTlZuRF/7G4Mf7GJAr3ZPEfZMF:x/LUCgz3n5nSulZuGGJ23VExM
Score10/10-
NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar Stealer
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-