Overview

overview

7

Static

static

3

TibiaLogin.exe

windows7-x64

3

TibiaLogin.exe

windows10-2004-x64

3

bpk.exe

windows7-x64

bpk.exe

windows10-2004-x64

bpkhk.dll

windows7-x64

1

bpkhk.dll

windows10-2004-x64

1

rinst.exe

windows7-x64

7

rinst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    083abb870a4939caa852840914fa0276_JaffaCakes118

  • Size

    208KB

  • Sample

    241002-bq26nsterd

  • MD5

    083abb870a4939caa852840914fa0276

  • SHA1

    623399f70076658380c517c7f0d4debb10bc9447

  • SHA256

    b1121922fe8202271db16161af6288b91827b09931883e011d7d96b162ce4e90

  • SHA512

    580d218599216cc846de11e36743393e2247d7e22d8002d30007f802c1bf9f6838d5c1fd294799513b9ec627925c23b3470e1b928a7240b0f496c3510fd07eaf

  • SSDEEP

    3072:y17Eo2jWVvvV0uc1nfaZHG1FQSeVwi7nJA/kAww1T8yGioMKqCHI8cp1qDNtjP6M:AEo2iXVBLZHG1FQBV9ZA9mDtomXj608w

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      TibiaLogin.exe

    • Size

      51KB

    • MD5

      68c45f17d5ae1b334cfde0bb00e4929a

    • SHA1

      b623983dde09854b2ce4db42938a6ff24a986c07

    • SHA256

      335c4f487b15cbb88ec790aec848497f7c38136bc24ad50d2826f6668119bb2a

    • SHA512

      b3256b1e48d1482b7a1729bdcab2f76c8f7d3260dd27bb3d0c0b10fcd6f695820d1455734999d2b1f6ed2c4f681ee6a4553c05b3bb1d3c02db9a10ed11337ca4

    • SSDEEP

      384:isBv9En6VUEssvRBWMbCKbqsy8crx9TpDku6DB+ZEuyn/McAA8QFEChng9D9bg1B:iw9EnvqiMbCkYvx76zuCpRhng9DYX

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      bpk.exe

    • Size

      408KB

    • MD5

      522e846095b98892043c371b31626ddb

    • SHA1

      55c44054754cc9499f12e9692160fcbb6efb1ebb

    • SHA256

      21359731128ca17891fd1aa70291187cebea852534153aa246214450acad208f

    • SHA512

      ab3aae8a3233fb759bbee9b0f73796a546400a0fce113353c954abc28c6c09a23e678040d37f29c227c2f7a2a3adb95629f22577cf5c642ef1eebd6c52164b39

    • SSDEEP

      6144:pTiwfjj8v1jdMGahkRZ71EUkV1et32ljcCAbzu8bk:pT/fzGMkRl1EUkV42c6j

    Score
    1/10
    behavioral3behavioral4

    • Target

      bpkhk.dll

    • Size

      21KB

    • MD5

      f627f297fe52a3b3831df83dcb18f2d9

    • SHA1

      ac655a9a5aba163ec40f9a6346fdfcf068e548ea

    • SHA256

      8a84c559fe9104ac290d22d8514aa91592b0e4d4c8301f0ca9b7d9f916c34bc2

    • SHA512

      dd4d10dd10980f7bc9a58f5de7b90aeb643fbc2fc6d9dfb72adbc2840e0838d94060acd3849beb3baee16859c80444303e65a8ae0ce780eb10a24029455613c5

    • SSDEEP

      384:F/GO+oszenVlRbecDekWjqCVX9oqurM7WbdfAU:1jrscLJKx9LVedoU

    Score
    1/10
    behavioral5behavioral6

    • Target

      rinst.exe

    • Size

      22KB

    • MD5

      9a00d512f9e1464ad793702cf2b1eda0

    • SHA1

      39a47a90cd3dd132dbab9f5052dda38dbd7c63f6

    • SHA256

      98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b

    • SHA512

      18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba

    • SSDEEP

      384:c3PqIGR1uEtfWlXdbvoht0zsQHmr246v1hLqsHWuTqvhwp:aqZv3tfEbgIzsQHs6v1hLqQ9q

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks