a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36

General

Target

BetterJoy_v7.1.zip
Size

4.2MB
Sample

240901-m9tt7azapd
MD5

cfdfd386b72aafe8b68390f4f83c63ce
SHA1

b189cd95436c59fae09bdfc20244f380c210b744
SHA256

a9ffe5bb14b05e775f34f9eeff41fca89a350d49252eedae1e330e88952e7f36
SHA512

1112377fa1daa6f5d77f1ba840c1f964fc029c7085e00a1d1418bdbfbb94f2c31d369f5454f85641b6de6dda280f97a1bb71b750be9f4917acb696d1c8387bf0
SSDEEP

98304:ckT92bM+bd1/ngy/GizoQO1iL54S32tAkj/6y2JLFiOiZ8:ckT9/INg0GizoFi5d32qI/O59k8

Score

8^/10

Malware Config

Targets

- Target
  
  BetterJoyForCemu.exe
- Size
  
  609KB
- MD5
  
  16a7fce04f4374fd5d21eebf0fdb2f7d
- SHA1
  
  93cc7d0886d70d5f340828226507869b95e939d9
- SHA256
  
  aadd298dc77c34c1b5001dea9bb70f519dfed9b847384201190b335dc7db505f
- SHA512
  
  41bc5445cf4e3e614722b121efcb3348ea81c38bdf04a8d3cf57fee58c0cc7b38a0c0238d2ccb0b7d50b83ff463ba5526da8185465a42878d70abf48e28a232b
- SSDEEP
  
  12288:aF6s6QnXH7XHbXHDXHKXH8xjLrRLn8sXHrXH5:U76WX7XbXDXKXavF9XrX5
Score

7^/10
- Loads dropped DLL
behavioral1
- Target
  
  Drivers/HIDGuardian/HIDGuardian Install (Run as Admin).bat
- Size
  
  377B
- MD5
  
  30cab8ec7ceeac504feb97217931982a
- SHA1
  
  bd49ce2c7b524bbe74baf6bc76297746680b0da4
- SHA256
  
  be7d428a517fa481fcca0136f5efc7255dccb4084dafc59b1ddeb10723ba1568
- SHA512
  
  1a9860ddfd46a3713170d73f153e581d1c6150dc09a2be62867ee9899972a70040b24b65647da4e33f8e577fad61ea5d63ffc84182950086e228fbc62871027a
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral2
- Target
  
  Drivers/HIDGuardian/HIDGuardian Uninstall (Run as Admin).bat
- Size
  
  290B
- MD5
  
  593b773a58a71d73860f654be618b1f8
- SHA1
  
  d743046cde4723afc54c7d11668125213f7d300f
- SHA256
  
  9d12d075a2bce2ef7a5344d7afd32fb1572403f45d3ef15567dc4057bfce0477
- SHA512
  
  d5b28099d0a702b26b586b657a605d5a49bf905bb2a1f0019e0cf3d280c94637ef0559ace71e6e43e7ac0b8d97f7193f0105056123fce979a4ca11eab3b66499
Score

1^/10
behavioral3
- Target
  
  Drivers/HIDGuardian/_drivers/HidCerberus.Srv/HidCerberus.Srv.exe
- Size
  
  586KB
- MD5
  
  2a25ba8b6d697ccc1181d6fb6c451af2
- SHA1
  
  98d67284e8c5c5702ac04c54f52fd855e5d64a5a
- SHA256
  
  419342a3b8bdb76bce151d80a719c0aac2e894bf5857ac55d56303fe8afd6fe0
- SHA512
  
  7053d60266a57c1d0e3d337cba2e6ad43f76193eaf0d9d8c684999f4610172768f3a56930e3a24e78f75230d822c27533dc7c1559dadca548081a606d6562a64
- SSDEEP
  
  12288:Ft7sEPx6zdRhUzPqpR2kplInN90NaOXMtjgO/aj:Ft7VPsdR4ipR2kplyN90NaHtDaj
Score

1^/10
behavioral4
- Target
  
  Drivers/HIDGuardian/_drivers/devcon.exe
- Size
  
  80KB
- MD5
  
  ab15859608d743048d77cd1474c8cd9f
- SHA1
  
  7ebe519da5184f3dd1bd47aa14c97b2ac5de851d
- SHA256
  
  c447d8fcf6a8752662a400d90798d4e7a576a86f7a8369a309ade4701527131a
- SHA512
  
  d5e7deea43d4d04b64ed6a96d570cabf1a4701ae1824bb428b087d018a7b1ec659fc28fdd1f807b8317fb06663ca492bc6d979c831a178337566a147dfabe54f
- SSDEEP
  
  1536:yTIiG187wHiCJDMlnA76UFc5VUE6FMqO7W/:y0spCV0nA2AcsEUM3W
Score

1^/10
behavioral5
- Target
  
  Drivers/ViGEmBusSetup_x64.msi
- Size
  
  856KB
- MD5
  
  d8d2cff2eae7f1d956e3f8a2edaf891d
- SHA1
  
  bc33e35ed5d60c492bd6733462bd6cbc19c2cd59
- SHA256
  
  5abbba8a4a07aaaeb50b4666183b2f243e0e5ad288026d2a9f3595ed237c4b28
- SHA512
  
  50d98dd7d81e309cf764da7d40e321270f2e5ebc387d7b35ddb414c2efcfaa1bf302e51d5dfd3fa4cf871a3449705dc5e57466a3e97fdd5c16f5af3cd3051447
- SSDEEP
  
  12288:ks/zRZDhrFD7Pd2w1t3jOZy2KsGU6a4KsBex5VkDSiF:d9ZDpFD7V2wbzOE2Z34Kd54S
Score

8^/10

discovery persistence privilege_escalation
- Drops file in Drivers directory
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral6
- Target
  
  Drivers/ViGEmBusSetup_x86.msi
- Size
  
  800KB
- MD5
  
  8708fadd862028488351bce03073b6ab
- SHA1
  
  f49d2cd9b335dc7a593d447a6717c699cb5f665d
- SHA256
  
  e383c1660036fd98719add71aea43fa81818da1a6c7ab9431b4940520a12d1f2
- SHA512
  
  0d81115220c0bc2a56e47e674924f6601883d9b105fecd9cd19f6afc7af9830246dcb4a09b006dd465abe58bb27eefeeebc97fd3e9f1da084cb7e24776996243
- SSDEEP
  
  12288:4xu6tmkOIYxYhTeDJBvsk8k9QHt3jOZy2KsGU6a4KsBex5VkvSiF:4xu6tXO3Bvsk39wzOE2Z34Kd5kS
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7