Overview

overview

10

Static

static

7

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2025 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_30a80093ffdd77cb26f2c7558846d5b0.exe

  • Size

    2.9MB

  • MD5

    30a80093ffdd77cb26f2c7558846d5b0

  • SHA1

    8dd5e4b51d88e550033377ce26de0e136ee45a4e

  • SHA256

    381d92bbafee8c7a8e7b42ce2904812e5f652295eac97a262d7f1ad223eb5168

  • SHA512

    f152a76ea4d264b8a184ef9e741e413bef8f219a5f3e38f3be425b168b448fb264f86ff6f99eb766baec03053abb093e7f574983c14ab1d0b2baf76e28b1c69f

  • SSDEEP

    49152:D3+/DXxsNB1IS37mzt90YuKYJz1ZYHN5qIE8EBveV5dnVfp3HzI6+75BjvoujHp0:bvBJ37mx98RJot5bEBvK5JVNB+75BjvO

Score
10/10
cryptbotdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Extracted

Family

cryptbot

C2

veongt57.top

mornoi05.top
Attributes
  • payload_url

    http://tynqes07.top/download.php?file=zwoag.exe

Signatures

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 20 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_30a80093ffdd77cb26f2c7558846d5b0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_30a80093ffdd77cb26f2c7558846d5b0.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jxGAkiDwsJj\LGtnRQGELodsu.zip
    Filesize

    52KB

    MD5

    bda8d772afe4e24333c437af276faf03

    SHA1

    24df0310c91abce754e1030d0df7d20192207279

    SHA256

    84b64b48b296b5743704356b3a5a5820bae7b84b308fd057123b25f51017f17b

    SHA512

    ae422f667cf0f3ef9e767b961835f4a8a667829655a2fc9a92d9627429b6790c7698bc49e13b8c7c870f8b7f3a0e1eddcec78efd2289008cbfc9ade68ff42f6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jxGAkiDwsJj\_Files\_Information.txt
    Filesize

    4KB

    MD5

    a98840f26d140d63c45429be1612688f

    SHA1

    424398ddc1f4643230f8848189bd42c576f6f30f

    SHA256

    2a97c0b94cdde0f7043205bc389e0430a2cd07524934561c3540df68bcf3d15d

    SHA512

    4f6d032fcf4ab12091796aa4869d3fb9f0b8cf5c079c10802a5e1cf693bf7c160fd3bf14f6b06195c67ae4311b9e08966ebabd3787c51c4448c57c47f0851ca2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jxGAkiDwsJj\_Files\_Information.txt
    Filesize

    5KB

    MD5

    92410db6877dc2691476cd35ddc9158c

    SHA1

    58712fd7bfe1e603067ee91d99ef000f310401ea

    SHA256

    a0155ececebf7eadbeb1244414f11ffe5685105e58c6acdc5615b952b86cd110

    SHA512

    5614dda787e8dcc16667550a9842e1690047faca11a172a7294aac80cc0f79771e717e1df100f318dbc62b3408d92fa9021375830f0113318b775e91f2e3dc90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jxGAkiDwsJj\_Files\_Screen_Desktop.jpeg
    Filesize

    57KB

    MD5

    ddcfc8d4696c12fd0ce37e0249935167

    SHA1

    0e850214aa10c54bec054b68626b38e22cffc334

    SHA256

    461eab0cccc03f7e8d86a74b1530e4f593961ac87b507ae5a96510e9c418b28c

    SHA512

    44a9d11792f708883e9c99f049535328b314a1e4440258be33545faff830802c755b40784a8521e496678de38cf4e08ac0120655c7ef4973c878461e4f992912

    Download Submit

  • memory/532-129-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-2-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-4-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-135-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-132-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-119-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-121-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-123-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-1-0x00000000776E4000-0x00000000776E6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/532-126-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-0-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-5-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-3-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-137-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-140-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-143-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-147-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-150-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-153-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-156-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/532-160-0x00000000009B0000-0x0000000001101000-memory.dmp

    Filesize

    7.3MB

    Download