General
-
Target
JJSploit_8.10.7_x64-setup.nsis.zip
-
Size
5.7MB
-
Sample
241010-pkqgks1dmm
-
MD5
8981cd26e588223069f3312444be6cc8
-
SHA1
cce203a689135cc6a1c79c8c543be5839f7d43e0
-
SHA256
4962e32eda2ccd7238948bf579c629a2e70c9bf5a029aa79abac01da119c4414
-
SHA512
3fff093f1f41e84963495919eeb4a1fc43cead24e1ae12eb3d761a1865c28ec8ad20dd7a44b1eb8d4420dd22a5eaf7714a6727706fe2dfbfc6a10272ce20045e
-
SSDEEP
98304:frPwHVCta3WJ3eKrvOsbroYIknJ0a/eFuwsqQkHOkb5DSnum1YmDhnu5NHxHDb4R:fyMAzKrv5raUJ32kbTlSD16ACG7q
Malware Config
Targets
-
-
Target
JJSploit_8.10.7_x64-setup.exe
-
Size
5.7MB
-
MD5
87bece829aec9cd170070742f5cc2db7
-
SHA1
0a5d48a24e730dec327f08dfe86f79cc7991563e
-
SHA256
88a19d3e027158e8c66d5068303532a0d56a700f718db80aa97e5e44f39bf4a4
-
SHA512
198c80d4b430a38ac597ff9023128cdbc9d2891097beef239721c330c75a412c0bdb87a4bfb0609db94f320655f3df1fab7d885843c0af40687e46ddcc88c9d1
-
SSDEEP
98304:hrPwHVCta3WJ3eKrvOsbroYIknJ0a/eFuwsqQkHOkb5DSnum1YmDhnu5NHxHDb4I:hyMAzKrv5raUJ32kbTlSD16ACG7x
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
15KB
-
MD5
ee68463fed225c5c98d800bdbd205598
-
SHA1
306364af624de3028e2078c4d8c234fa497bd723
-
SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
-
SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
SSDEEP
384:7py18oahashajPmIYInUJggBOZgAHhUKijb:7py18oafmeggBOCAHpij
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
d070f3275df715bf3708beff2c6c307d
-
SHA1
93d3725801e07303e9727c4369e19fd139e69023
-
SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
-
SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
SSDEEP
96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_tauri_utils.dll
-
Size
29KB
-
MD5
8def0196223484f8aed4106148dd3f08
-
SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa
-
SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333
-
SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7
-
SSDEEP
768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q
Score3/10 -
-
-
Target
JJSploit.exe
-
Size
10.5MB
-
MD5
e59012474c711e0db071950d859bac42
-
SHA1
2a1839c61829b70874aaecd41d76a03b8c6cb5dc
-
SHA256
5bd65131cad50c58ae916818d54abe44c014854db770aa71a9933293939ad576
-
SHA512
61e94c2949d9f08d2ce37dbe5687cc8ff68b274e2ee56d530870a977773a1e04ac58bca4f550887790f0d31534d862cdc869a90621c03ebf030cf73b41fd5774
-
SSDEEP
98304:cmnvcwo6FMJAAqD+YJTmUmGs0ITIECta99bUHp1TdZiyAIxlh/H:xUHrdqeUGB9bU3dZH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
libcrypto-3-x64.dll
-
Size
4.5MB
-
MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e
-
SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9
-
SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116
-
SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073
-
SSDEEP
98304:Ml+f+K26t8Te5zUeP4xA1CPwDvt3uFGCCQ:4Ctt8Te5zUewxA1CPwDvt3uFGCC
Score1/10 -
-
-
Target
libssl-3-x64.dll
-
Size
802KB
-
MD5
51b0d5f42a82f6fa8739b403e9b8b81c
-
SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865
-
SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b
-
SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814
-
SSDEEP
12288:Mzjte0Fevo3VS1npHEDHLqjRmqWSTzt7opiTdEVB3S:M9e5o3VVZVSPtopwdEVB3S
Score1/10 -
-
-
Target
resources/luascripts/general/aimbot.lua
-
Size
80KB
-
MD5
54bcd5aeabefcf23be6cd1c2a96ceea7
-
SHA1
82e5906ed450085146a56df499c9239a66f9bfce
-
SHA256
c7e9f86ae5fe8787b3e690e13b463b00fe5d56aff2c1ed029c64183aec48db34
-
SHA512
ca52d63420acd2aa9b704554f79dbe039266a3a0ba1165e9d16d8259665c82d8c91ee97b6a0bcdff524677bedb86a7d91012363a60188807dcc02faa4a8d6372
-
SSDEEP
1536:vKnVOB5LmvK0d9DQ2JjYhOFW3ajLCSCtWT0y:voO92HFW+LCSM6
Score3/10 -
-
-
Target
resources/luascripts/general/noclip.lua
-
Size
1KB
-
MD5
d6a6ee15ae62c9922ebfa6db81263288
-
SHA1
0e3526210d72a9a4da4591095ad797933a02b7a3
-
SHA256
9f4efc279d94977f92bd52165dfda141a43aff9149e044ed44742f7ef39cfe4f
-
SHA512
c1faea983c3b6bd7372195a65184c2a93d9703dff06aebbe62d05c731866cb325f85afa915334e5f49f1bdf38fe91e3df86c7eb0913a215b6b1764fb3d2b17bf
Score3/10 -
-
-
Target
uninstall.exe
-
Size
74KB
-
MD5
fcbc4b016ca7164b57d332d4012f3b85
-
SHA1
b1f8ca1824216100edba1bf52c4a953335e277fd
-
SHA256
11a861694c2a3cce1e14020ffd46aef7dbcee861763203c5aebe8f4fa1cfba3b
-
SHA512
5b5569ab94108f535345d6b71c105222daebbe34d2132ff1f03df84151c3b7488f0f6cda7bb054694bbc58234e709a6069bfdd9239076395b4a823f2d8848b3a
-
SSDEEP
1536:XmsAYBdTU9fEAIS2PEtuugdLeAyNxbKPVe9IrSJuMtO01qb:WfY/TU9fE9PEtuuceACc6gCAb
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_tauri_utils.dll
-
Size
29KB
-
MD5
8def0196223484f8aed4106148dd3f08
-
SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa
-
SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333
-
SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7
-
SSDEEP
768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q
Score3/10 -
-
-
Target
xxhash.dll
-
Size
46KB
-
MD5
249a5f6ca047df2a2f802782696c7f80
-
SHA1
6a1d96be0f497d689fb55de70284af83cac61f52
-
SHA256
2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671
-
SHA512
d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f
-
SSDEEP
768:zziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3QimeSyygGz1K:zziR74kgDn2rDRuIrN5mAvgbTgi3SylI
Score1/10 -
-
-
Target
zstd.dll
-
Size
638KB
-
MD5
21dfe873f6ed38f2f713ecd43ad1ba41
-
SHA1
7648cb043587da0e85743f9da8dca8be621ccdf0
-
SHA256
2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997
-
SHA512
67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919
-
SSDEEP
6144:XbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4eTTzp:XbauYGT5BYMxjDHMk0petRCEyb9emHW
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
5System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1