General
-
Target
08413d5f9fea4fbc2fd57167c7599447_JaffaCakes118
-
Size
1.5MB
-
Sample
241002-bvzakstgrg
-
MD5
08413d5f9fea4fbc2fd57167c7599447
-
SHA1
be7b232f06cae72e4be9c66d601f7d8538ec35e8
-
SHA256
fd8f2b5eaeb354d4b2d73acf8f79b93ef77a353f132f8f0fa1ff094e39c4db64
-
SHA512
2dc0a17e16d8328b5c94dccb79925165dfa17f4e636481148d81abd4b784fbb9ee79eb17cc9bbdd17c35e2f5061b688a6c23710b966f5c24afb8c9f0b877d475
-
SSDEEP
24576:Bmt8SEzNP0PwtOoA1108g+z/k5yJwpQ+eShU0qgjaT6vELL5pxqs94G/mqXg3QR:BmUsPPvo5HeSh2UmdpxdH/PXMU
Malware Config
Targets
-
-
Target
DFX.for.RealPlayer.v9.103/3ddown.com_setup.exe
-
Size
1.5MB
-
MD5
3a34872b306508171c416d87fed93c37
-
SHA1
019a755e1c6859b12a4e3972ec0f3e8fe5728df6
-
SHA256
0f691473c15ee1785db529d574a812be62a2e86f6137894bdf4df4e2809b9ec6
-
SHA512
57fbbfcca0657bbf2662db54db2f85a3ec839b052873ff176154f6ce84aacfbeaab9abb75b2ba0398083cfd7b8643dd33c9df319d1b433f96bde6f29f102bbae
-
SSDEEP
24576:mQ2yABBtg+DHfrvDJPYGqgXqntR1etIXeClL4d0pJnUTZLYJRP+wekc2iw3d:72fBxXlYu6zc+XeduhZekxt
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$COMMONFILES/DFX/Skins/Obsidian/Obsidian.exe
-
Size
119KB
-
MD5
1086ea04b43875169d84f5daca15e8b2
-
SHA1
220b7d53785e273c0e4e591d81577094f4032547
-
SHA256
dc4a9b7fcc44883c5ecf6345e79e1b197795ad24730477bd5eed0dda1d0703ca
-
SHA512
cac596de9957e02bd26a05ea2ffd5794ad033ccffe141c6f18cd6e671968ce6514f5942f83e98546dd9ede50899687899a3d71ea1a9ad43b733fc9ec51cae62c
-
SSDEEP
3072:6lYIT/AhS/hwqF9JwSxK0AabGWJgkVeQUsARy/:y15hzIWAabgs
Score3/10 -
-
-
Target
$COMMONFILES/DFX/Skins/Obsidian_mini/Obsidian_mini.exe
-
Size
64KB
-
MD5
5310acb74fdeac2f1a44fc239bad4876
-
SHA1
873f264b972adb216760e56dfecfbac77a7345e3
-
SHA256
68ad67c48467b7957228d00aadf2309ee93148701324210628a392d334d7abd8
-
SHA512
d18dd9676b27efccf8bfb0493cdaf57352366416520f2daca954a0071ccf04eed15ed8e862eb41f806de12cb218a70b712ea9de37c8840e8e011d09759669556
-
SSDEEP
1536:+lYIT/AQYs//zNXXQqF9J/W7dJvAhvK0C/OxYOD8q:+lYIT/AhS/hwqF9J+TvA9C/O
Score3/10 -
-
-
Target
$COMMONFILES/DFX/Skins/SoundFX/SoundFX.exe
-
Size
137KB
-
MD5
b29eee5197683bf88a18cfdc31c40562
-
SHA1
c9ca2722d5821c20b049de822ce1f5e4aec41b30
-
SHA256
69c6015c641d0e510e5368d6ccc45c7559b00afbd8a7e1aad9cb7af03543db24
-
SHA512
dfcc4b0b6de51c826fc8dee3abf1221e16bf9917dc903ff165bc768f52a8648675de8a735ef56c82f072ccef33a842195efea9b0c23e776bb32f0c70373f2bd3
-
SSDEEP
3072:ClYIT/AhS/hwqF9J4Zs9p0gWoQG5DzKmMoujxkDAKk8:q15hzws9p02Q8GoujCkKJ
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
d7b3f05ff44116b9080b5e69b2e86efd
-
SHA1
2535ecfa122041edb901ac667944e0f6814c4cd0
-
SHA256
40d66e085409445202dce1b5419449cc302d91be17614b521e3ccce473205db7
-
SHA512
414c6b410b35a8bb5a2c9fdd46dad63704484e1535155219b29a5bb886ded73f4b7ca3bafa726ce751e1c711a764938c9256106a90098263d6ff88bc017ec140
-
SSDEEP
192:X6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:X6JaVh4I5rpPbTy+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
f716c100f551ac57e862c7b72dfe2b87
-
SHA1
a6fb358fd268507535178a8827943f1905f2606b
-
SHA256
d92b88c3096a5d09c1f9744b62668d588cc8b1992fd88fa5c88c4636121c9f44
-
SHA512
3d841154199d59d0f9cbf15ec4146de1e967d4292f3a78db8764afab5a9a242f38e1f0e1bf3943d06e5be5018a35cf7c441744a8cf542cb4001ae6b375f244cc
-
SSDEEP
192:o4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12QgszA:oysdM80dCI5a2LsQ5IlPNRY00AlAsU
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
4fbb4a2cd711fc1fe84f3dc30c491dc9
-
SHA1
888e01ae6e64e7326f88df9a30587f699eab154a
-
SHA256
c3b05f4faf5e8903d5b4cb4a8ce4bbf2e8144725b98d8787d51c117b6efa9bc2
-
SHA512
92dcf99672a5935065df6492e27abb653679f1db6dcddfde87cd14260c94a870327826b23cc2f338381b3eb53d07c1a3867806f6ff94533db5195b895a856847
-
SSDEEP
192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score3/10 -
-
-
Target
$_0_/dfxbtn.dll
-
Size
81KB
-
MD5
3969534dade35fc53ced9d0b0b56fe91
-
SHA1
f655564925c6566d3f438c069a8d74dbc44f9c87
-
SHA256
3e852471bb31064c46bbadd22a68ab30590da2937ab52bc3c2f1b89d00a80375
-
SHA512
02c651833c4dacad3cced0d27f9c0d6cebc5f7e3dbe17ba33684c13930306895f5680b39579bda9ce8c0d216b60a0949c81acd9992e53070ac6fd2dd24eb9cd3
-
SSDEEP
1536:hUYbPZCuH32V3NzMFVSk/NHg7gajR5x5Gd5uvKo:CYzZvH3izq3mR5x8o
Score3/10 -
-
-
Target
$_1_/dfxrealr.dll
-
Size
973KB
-
MD5
179d708b86cd0950c0d853fba6f7a9c2
-
SHA1
e6ed4e8fa4c5b07184135dbaf81a9c526e34af37
-
SHA256
a1aa586d95be28a3a9bee32cae73cce0cd00209b64f7a8dff45084e955a32ab1
-
SHA512
b0d19b66697868691efd8534f610bbc58a9c6b74f30d03eb9b90207b981368d502843cdeae2f5a0cb640324fe535ba1d3574f3b0a0e56cdec296526a67400b02
-
SSDEEP
12288:0fud1NAY44Y9td+Oeu+l9Fog4zyPhoHEdh0g0cSonaF5aUA1jQiCYTbzrwgR3tyN:0if3wgRM/0ZiR/pPsvRT4lmMRaNq
Score3/10 -
-
-
Target
RealPlayer/Apps/record_date.exe
-
Size
93KB
-
MD5
b666e22d3b7449c2b1e26564a27303a5
-
SHA1
2f1edf77358027e49f7f7c6a1d7d6c56f9f8b205
-
SHA256
8a134340fb7efc110b4168ccfce87cf510747988d1d9a7b9c69fd44ca4d6e83a
-
SHA512
e98389467e22974c7b47bd09ef68123f30d2be52e2cf0865f97b0cdda2f711d29c2e6edfd54b83b6342b50ef84058d02cf35a0c15314b6b631bc8b8e9ce89698
-
SSDEEP
1536:WnJrGtU0VaC/tgda5wjn7C3hh17LZkVgN5B5uvKP:WnR0QHn7C3Gg5z
Score3/10 -
-
-
Target
RealPlayer/Apps/record_email.exe
-
Size
141KB
-
MD5
0f6e55f0db7d5a2ebca9d5b753f545dd
-
SHA1
5dabe046ce1a84960e1f96ade6406f6683068da3
-
SHA256
4516747856bb04e9f65c8f6f493286dd71d7f037ebdf93f4e80d6b697f1b3ed3
-
SHA512
ccb64a8d786de72137b62e1c5e18b817cb254e3bcc94ccfbdc6557eae0cb4a72de9fffe537bf00555daa601276df3972ae00c1b407a99aa87ee0e862fac0a208
-
SSDEEP
1536:wysauCmZbMGmWy2jil5cTvMgwaMTx/dalxYnkQIp4vPqIo5ZOvp+5uvKS9:wrFZbmWFil/lx/dbhIvH5ZOvpd
Score3/10 -
-
-
Target
RealPlayer/Apps/registryCleanUsers.exe
-
Size
61KB
-
MD5
7d2b5cdf7d1034c5a2c6494cf6c87c7d
-
SHA1
5b55c65c6b04a3f8cf6b6b6787edccc55cb959f2
-
SHA256
7462efe10acb20605a757d5bc3f1c34916ec70d8091f53e46f216fa5f2a7fb40
-
SHA512
1751f567792ac288bb6a447a1acd30d95a0c8fa5b49b42f3a0dfa7a16d3962a82056a4cd83c4d9a4b5349620e081c1eeea3cb783094362051e8a814a22b5d15a
-
SSDEEP
768:9CxKQVLL2r0KnmlaoBHuDQhVSMo9L+k9H4hSldL5oLFubvK8:oNxL2rjgaAg4k9H7L5o5uvK8
Score3/10 -
-
-
Target
RealPlayer/Help/DFX Manual.chm
-
Size
196KB
-
MD5
9c2b548307211a9d44ac017986c12c73
-
SHA1
880355eeedf634376a8e3d0e801b988057e45e6c
-
SHA256
a755f8559649f71b530ec8545d18c65582ee255bc42174984f70119a61757692
-
SHA512
bc76e6e55b71f1274d7a404a3dd3c8fccf83818fbff12b8bcd3ab4d500e2523ca32217cd2e2e48a739845b850531db29b9d77d361d75e7ee20a0e639f8f8d15d
-
SSDEEP
6144:dh4LY9ImNtbjWTpEVIvxFaMb8l5IntRZKlmb:34LY9IYt3U2BMb8KtWlS
Score1/10 -
-
-
Target
DFX.for.RealPlayer.v9.103/lpk.dll
-
Size
45KB
-
MD5
fcdc863503f8b1be2104614f948179fc
-
SHA1
71485de3e22c42df5f0c9e39f47420e48195fef5
-
SHA256
d80b59ded380078af93526a8fb78bf19ab05a924958b15a9fdcee8b0e31c3f3a
-
SHA512
ca0bf43bf2615e32a496a8cd65f2db8bee08c19da36310bc58a7f7dde8849d9aea610a054e3088a9c6bf0284400370806fd38e4e89ba54a35f0f13e8a9f6c2b9
-
SSDEEP
768:zojY9Pg68uUCS77GhGLhLpms1RZo9yHHojY9P:GmY6BS7LL18+o9yHSm
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-