Overview
overview
7Static
static
7LPv.dll
windows7-x64
7LPv.dll
windows10-2004-x64
7MSCOMCTL.dll
windows7-x64
3MSCOMCTL.dll
windows10-2004-x64
3MSINET.dll
windows7-x64
3MSINET.dll
windows10-2004-x64
3MSWINSCK.dll
windows7-x64
3MSWINSCK.dll
windows10-2004-x64
3MonsterBattle.dll
windows7-x64
7MonsterBattle.dll
windows10-2004-x64
7NPSCAN.dll
windows7-x64
3NPSCAN.dll
windows10-2004-x64
3monsterpk.dll
windows7-x64
3monsterpk.dll
windows10-2004-x64
3npgmup.dll
windows7-x64
3npgmup.dll
windows10-2004-x64
3npkcrypt.dll
windows7-x64
3npkcrypt.dll
windows10-2004-x64
3npkcrypt.sys
windows7-x64
1npkcrypt.sys
windows10-2004-x64
1npkcusb.sys
windows7-x64
1npkcusb.sys
windows10-2004-x64
1npkpdb.dll
windows7-x64
3npkpdb.dll
windows10-2004-x64
3General
-
Target
4fe0fb4e3c634a4933c0f5aa37862ca9_JaffaCakes118
-
Size
3.6MB
-
Sample
241017-avafsasbkf
-
MD5
4fe0fb4e3c634a4933c0f5aa37862ca9
-
SHA1
251f0b3447b22bcb3838c351ac36d023493bfd7d
-
SHA256
3d58752d9201e3bc58d32c2ab930287f6776e70ff316e59edea4ce2179a0cc0e
-
SHA512
61c41343bf14c7b4e58b3203ac890c68c8bd22411741217d9efe834dc072de342a367a132472bdadf1fd2179184404748e6f62ac7a0ac8d04ebb34c955254c13
-
SSDEEP
98304:Gs6PG+xOYTmsN6ia9ZujWr4A4cA6gM5x6r:oM8RML99oM36r
Behavioral task
behavioral1
Sample
LPv.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LPv.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
MSCOMCTL.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
MSCOMCTL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
MSINET.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
MSINET.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
MSWINSCK.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
MSWINSCK.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
MonsterBattle.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
MonsterBattle.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
NPSCAN.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
NPSCAN.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
monsterpk.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
monsterpk.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
npgmup.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
npgmup.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
npkcrypt.dll
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
npkcrypt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
npkcrypt.sys
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
npkcrypt.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
npkcusb.sys
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
npkcusb.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
npkpdb.dll
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
npkpdb.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
LPv.dll
-
Size
1.0MB
-
MD5
82f4f15b5f2710f0ae0308180ecc42c7
-
SHA1
420e14c7868dc79d01ce795d8414f0109c31be86
-
SHA256
a90ad1ae1e25bbca8115d07dace09ff66cec4e3779b300f7c453b38b519080e8
-
SHA512
c98ab45f7eb70dd077d8f6049079cfb15c786a70765ffd27b9dada75260e9066068143e4980bbecc4598892ccb94538dfa826428daeee71b7b01ed869c2e2407
-
SSDEEP
24576:JMumJWvkxJNvyIni+5rbcg+NJ9ZVL5KQd:JTavy4JrbcnbVL
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
MSCOMCTL.OCX
-
Size
1.0MB
-
MD5
ecc7d7f0d3446de36045d1d9e964fafe
-
SHA1
da6b0ec081d628c33b150327f3bd16d3b7fa4729
-
SHA256
bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4
-
SHA512
443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632
-
SSDEEP
24576:s0LiK1d6dxOehwsj5dC33M/jYVRDSfaF0gg1CVGO7oVtNKG:n6dAehwaY19G1u7+Ln
Score3/10 -
-
-
Target
MSINET.OCX
-
Size
129KB
-
MD5
90a39346e9b67f132ef133725c487ff6
-
SHA1
9cd22933f628465c863bed7895d99395acaa5d2a
-
SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2
-
SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf
-
SSDEEP
3072:R5JTZQu4epojdkYv55RCezn/T81B+ySRdL:RLTbP85RCezbwm
Score3/10 -
-
-
Target
MSWINSCK.OCX
-
Size
105KB
-
MD5
9484c04258830aa3c2f2a70eb041414c
-
SHA1
b242a4fb0e9dcf14cb51dc36027baff9a79cb823
-
SHA256
bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
-
SHA512
9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0
-
SSDEEP
3072:R7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrb:RNkVsuaRaU6mHGb
Score3/10 -
-
-
Target
MonsterBattle.dll
-
Size
831KB
-
MD5
5133d98fe9b7bccedce99a8bbe8cfed8
-
SHA1
ad7e8efe4b22f5b833269e35be846bf1a2c30917
-
SHA256
8905e18d5ceb13bef8972660a360431e5dc424961377e7cff14dbf80af386853
-
SHA512
289f6f49ebc674fbde08a21d444d28a36de1105600629f344457c67767784fa9c397978e349ff95ca0298406afb5821a4e8fcd771ed784e4ac579b18becc2295
-
SSDEEP
24576:8sRrjrNEZJn26sL6UAiTwbxtfnjTWtjjrATdH/KjmWtFecL9h:8K9EPnqLNFTwTbTW+dfsmmFzLz
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
NPSCAN.DLL
-
Size
261KB
-
MD5
ac1d82ada728a79886b5b5ad5122554f
-
SHA1
2fedc1e798ef18daad3f472617c8200434680c73
-
SHA256
4bd79bbfea7c4b97ca4fceac814fe39003d22ed6a2bacf81f72a1107ae79cdc8
-
SHA512
0912f97ce7042c848719b74bd1db9c38c29a8f0bb6cb3dc88fce02d11fceab6b0fb88e98e7341717e2d5fff1fab1ef90b5d9e9aaacf7b0f21b796de157808ac6
-
SSDEEP
6144:IHXRRnrSFwWRvHYYh1suFLO/+exURTNVQIENySVHR/Yn3F:IHXRRneFnpHJ17BWyVQgSVHR/Y3F
Score3/10 -
-
-
Target
monsterpk.dll
-
Size
251KB
-
MD5
59206d3baf1d2bd175867f7bbf47fea7
-
SHA1
e823064b0586e44f550e066926e19a20c69b388a
-
SHA256
6ffdab7f2d49d1e24e7f3b12c82869c8ec17ba412bf94534029ea0adc0c9cf16
-
SHA512
1ffc5f75df7b939ecbab489f7f252a955d753d8f7bec7096a8597a10f23e2eca0834ce6e45b33835ff858533b4dafe62b6396ecd502b11490237d4c287fc3d6a
-
SSDEEP
6144:YHJIlEajXCYu83c8qLCVKJEv8xvJFF1Vp+0CBwc:milEav3czMFWp+04w
Score3/10 -
-
-
Target
npgmup.dll
-
Size
63KB
-
MD5
0e5ca0586b4798ac8e8a10b3f3f25569
-
SHA1
110e120b403de69c8294d10e234de8786e3008f7
-
SHA256
777312f8e78517693bbfd9915c1e787212dd2ccbfc0daf41f20015c89852fdea
-
SHA512
5ee56134616d16c0aeaa25dd94e7fdfed68b3b606f30f54693a26062f570aacdb35658c5846f952b0b4defe39a41eacd7b9019f818bde75b009a3b5c0d6b0293
-
SSDEEP
1536:B7qgsrpT5F5gvOQ5HnAgeyFATpGMQL0lWaQ2hjBqk2PXNq:B7qgsJH+HAgeBcMQLZatjBqZ9q
Score3/10 -
-
-
Target
npkcrypt.dll
-
Size
236KB
-
MD5
e3fa2cd23814b44ea8f1aa76ba95b557
-
SHA1
bff20ce7f972746fcf16c8f7d2a733eaf1e4da82
-
SHA256
fd5a97ae28ee2f111551023a1dbbd6ed5824f4dec4faf531d47b756ea0e2e0d5
-
SHA512
8aa66c6877c1d3413346ba07f0de83462d3a4a84829a4a38525c156e4a34c74978252ab4ce981f319df88c76ef8cf37be3e295cf01326f1e954e2f78c0cafe3c
-
SSDEEP
3072:aXOrVEJFGWkUo5r2pryB0f3ejXwJPtte9iLmhj0wASFgn6bgLo2npUbWO9Elf:aerf0o52YBWeDwYkaAR6b0Ucf
Score3/10 -
-
-
Target
npkcrypt.sys
-
Size
24KB
-
MD5
8bcb281a2540e7aff0cd00f9878fe21f
-
SHA1
5b4b615221fbd6220700237c9fa4fe7a56482526
-
SHA256
0b93205a6dee189d9c38514bc48174a2682fe024805ea2cffa408bd1a55b17e8
-
SHA512
22b6c8bbaa2cae9fe9a6f4266001baeff1b2bfcc37f47332596f8687bbf27166cb26792df4166472c9d8b174c378dfef08c5d58891c56edcc86145bd6050e918
-
SSDEEP
384:i4pU7EkGCl0MHalpAg4GlvpiK1K/d7ipAxBv98G9/iBmnZW39aM0PbaA96W61f2i:e7EkR0M6l2P1R9YAj96W66ffVK
Score1/10 -
-
-
Target
npkcusb.sys
-
Size
36KB
-
MD5
9d26933101f655f0d21118e561708239
-
SHA1
b1aaa33b950fcb744bdba18a2a6048b3a1fd1b48
-
SHA256
c6b176700ba6983286278bb9f30148dca97f053dedd00e6f16a1e0f9bf29c40f
-
SHA512
cb0e74db07765f6af13a066300623e0bd47ab76808c263611138bccaf052051ababbe2109b72743b65cbf2959ca6d5ffc4a19cab12d47fda23558e41e72c4c55
-
SSDEEP
768:BFwUHvAHkIXjb+htU2584gxh8Auet1UXukbYBW+uYl:BlHvAHkIktU2589R6mBW+Rl
Score1/10 -
-
-
Target
npkpdb.dll
-
Size
52KB
-
MD5
1fc78ae657b3f3a5cee688071ac2878d
-
SHA1
8756b1429e45095b8510b43f4a3644ce9d1092a1
-
SHA256
47744c95349d59f82ea6fbf2d90d352bd0bdc2fc5c83b00e45a08ae8862cf849
-
SHA512
b60f3bc9a461191303b98d4007364fa7364e0f147ae162b0076b9df3e8354fe56c23fb135c3207c915c4a057448657629d1bf3f0c9deb11fd2eb5570a87eee04
-
SSDEEP
768:mXB5K8gIMTLh67Ki68wVLgtR6UZT6noj8z:mR5cVTLQO9O6ewojq
Score3/10 -