Overview
overview
10Static
static
31825c3ea4b...18.exe
windows7-x64
101825c3ea4b...18.exe
windows10-2004-x64
9$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3InterVpn/b.../3.exe
windows7-x64
9InterVpn/b.../3.exe
windows10-2004-x64
9InterVpn/b...pn.exe
windows7-x64
9InterVpn/b...pn.exe
windows10-2004-x64
9InterVpn/b...sy.vbs
windows7-x64
8InterVpn/b...sy.vbs
windows10-2004-x64
8InterVpn/b...ns.exe
windows7-x64
10InterVpn/b...ns.exe
windows10-2004-x64
9InterVpn/b...-2.dll
windows7-x64
3InterVpn/b...-2.dll
windows10-2004-x64
3InterVpn/b...-1.dll
windows7-x64
1InterVpn/b...-1.dll
windows10-2004-x64
1InterVpn/b...sl.exe
windows7-x64
1InterVpn/b...sl.exe
windows10-2004-x64
1InterVpn/b...ui.exe
windows7-x64
1InterVpn/b...ui.exe
windows10-2004-x64
1InterVpn/b...pn.exe
windows7-x64
1InterVpn/b...pn.exe
windows10-2004-x64
1InterVpn/b...rv.exe
windows7-x64
1InterVpn/b...rv.exe
windows10-2004-x64
1General
-
Target
1825c3ea4b59cadb7d59f6ab4dfe9bff_JaffaCakes118
-
Size
11.2MB
-
Sample
240505-r17f5sga58
-
MD5
1825c3ea4b59cadb7d59f6ab4dfe9bff
-
SHA1
9b11e5637df36df74a99049594c9441f068c0707
-
SHA256
3a4fdb3a9b8a659cc336159f9473b70d747c22a357920e8052b9621f2a789310
-
SHA512
bbd1fda0f3e73284a7a11dfa8c44c512a1588cc20f88a67ab403bb608321840855d30752a053b29e40b4c86828b63e6d0370eb7cfcf7858ad88a2133efcf2f48
-
SSDEEP
196608:ATSHflKvlz/1tcko57P7sbsdN91DT7p9kGRFLHeKCaYzYSb2DfanVpfR79fLgH88:ATGflK9z17sEqrfdTFLHJYzofMpnTgHH
Static task
static1
Behavioral task
behavioral1
Sample
1825c3ea4b59cadb7d59f6ab4dfe9bff_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1825c3ea4b59cadb7d59f6ab4dfe9bff_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
InterVpn/bin/InterVpn/3.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
InterVpn/bin/InterVpn/3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
InterVpn/bin/InterVpn/intervpn.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
InterVpn/bin/InterVpn/intervpn.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
InterVpn/bin/InterVpn/qwesy.vbs
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
InterVpn/bin/InterVpn/qwesy.vbs
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
InterVpn/bin/InterVpn/vruns.exe
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
InterVpn/bin/InterVpn/vruns.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
InterVpn/bin/liblzo2-2.dll
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
InterVpn/bin/liblzo2-2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
InterVpn/bin/libpkcs11-helper-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
InterVpn/bin/libpkcs11-helper-1.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
InterVpn/bin/openssl.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
InterVpn/bin/openssl.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
InterVpn/bin/openvpn-gui.exe
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
InterVpn/bin/openvpn-gui.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
InterVpn/bin/openvpn.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
InterVpn/bin/openvpn.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
InterVpn/bin/openvpnserv.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
InterVpn/bin/openvpnserv.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1825c3ea4b59cadb7d59f6ab4dfe9bff_JaffaCakes118
-
Size
11.2MB
-
MD5
1825c3ea4b59cadb7d59f6ab4dfe9bff
-
SHA1
9b11e5637df36df74a99049594c9441f068c0707
-
SHA256
3a4fdb3a9b8a659cc336159f9473b70d747c22a357920e8052b9621f2a789310
-
SHA512
bbd1fda0f3e73284a7a11dfa8c44c512a1588cc20f88a67ab403bb608321840855d30752a053b29e40b4c86828b63e6d0370eb7cfcf7858ad88a2133efcf2f48
-
SSDEEP
196608:ATSHflKvlz/1tcko57P7sbsdN91DT7p9kGRFLHeKCaYzYSb2DfanVpfR79fLgH88:ATGflK9z17sEqrfdTFLHJYzofMpnTgHH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
bf712f32249029466fa86756f5546950
-
SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
-
SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
-
SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
SSDEEP
192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
c7ce0e47c83525983fd2c4c9566b4aad
-
SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e
-
SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
-
SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
4ccc4a742d4423f2f0ed744fd9c81f63
-
SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc
-
SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
-
SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
SSDEEP
192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
132e6153717a7f9710dcea4536f364cd
-
SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
-
SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
-
SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1
-
SSDEEP
96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ
Score3/10 -
-
-
Target
InterVpn/bin/InterVpn/3.exe
-
Size
2.2MB
-
MD5
310c47fc2621fba27cf40e8e36cbc309
-
SHA1
7803e69c337dd95ff2a9deac481900bee145be2f
-
SHA256
4b59beaf177c98e55c7d9823db670ff8cde45e8953cfc5147a96fdf09de15ace
-
SHA512
6a655bef5aad9bc86aee5b9a31c62a83d8d8fe7fe4d874bbc28e61c6c89255dd343cf6470c3e3545ed8b236d200937a47eabfe7cb3505842f3cce3fe2289b198
-
SSDEEP
49152:1MtCvUb973JNAL7ebYlEyOxvsvZbyTvuB77kYlPz:1O73JeL7e/avZbGs7777
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
InterVpn/bin/InterVpn/intervpn.exe
-
Size
2.1MB
-
MD5
2d382e4cb15523b31681fdc833532ede
-
SHA1
3a4a56e0133b858afbb05e2496d1b19c6729b8c4
-
SHA256
bbeb9eb45e5dfef3ae4eb42e009e1e420d01f5ecad3a715ecac4f357ef41df22
-
SHA512
3232521e26b8bf95db219655848ba0798180b057736f4660072c863c5f478b87e47a36c6dd13c90c48c38ee6cf7c7992d8e3244647c46f3dd42ca01baafa243a
-
SSDEEP
49152:N0e95YoXj5B8yVM/JAiJYa/ZEIkz7h6h3hgmbyv:Nj5YMjzVsWaCIE7khfu
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
InterVpn/bin/InterVpn/qwesy.vbs
-
Size
126B
-
MD5
fdbd7d32368ea4853f5405f41b581c95
-
SHA1
8fde7d4aaa07860bc42f477b75e4065839dfe8cb
-
SHA256
0993886554b84d9c1633659e08da86a90a7da266e92aca15d5fa71ed9dd2589a
-
SHA512
db760f966ddc1a776efddbca7cdac79137c2afbd71c5263d5cb53e6ee8786969dbb024abfc9a15725fef6b4961710f687dfc4209f0cb1f8c55c9e36ed2aa3ecf
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
InterVpn/bin/InterVpn/vruns.exe
-
Size
2.1MB
-
MD5
d011b64103258b914404530d269eaf04
-
SHA1
45344ab34550a06600940d913dbe669fc520f3ea
-
SHA256
0ef43634f9b97b0198757717a0bde79c7f3d3e2234811efef0da13664784f13f
-
SHA512
cada28be136d2d8dea87bfa95e7eb1268e73a5d121d97003c9f42003d882b9af38dce0fc73ce71c5709f4fbdfe676c475ca2d6d6aee91abaa4b35b8e284c92e3
-
SSDEEP
49152:t4uGtUOSJDg33id1dy4G2vn2cwgG9shhBYFNqc:euGylEid1dpv22ushvE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
InterVpn/bin/liblzo2-2.dll
-
Size
170KB
-
MD5
748c9e77053d3dec8bf238ae9c56f2ca
-
SHA1
eb2d6b4c0188bbf9a587c46e4de30c6e72133153
-
SHA256
a14881455c37240928d4ed3d95c44181675f685bc201ea97733dff346c34d97f
-
SHA512
31b744a57105d122d2150b5ab793620b73dbc28788be8484fa682e1cf6857f01102034e220b63d5709f6baa44b547df94e2c8aad6b5124b91e105e42d258e40b
-
SSDEEP
3072:qFJHDA3pJjFczZLhvZVxxC98SVUrSlUCV7rSJk/LFEc:p3ZIwEc
Score3/10 -
-
-
Target
InterVpn/bin/libpkcs11-helper-1.dll
-
Size
109KB
-
MD5
63b23a24778f3ef27bd53afa3115f901
-
SHA1
49fcb47e8ab2dd180dbb946df580794890f5292b
-
SHA256
cc9ec9f9a54706d02f63cc4f46ca567812c1f0669451e94096f5358b00893be6
-
SHA512
bd7339e3911ab75ddf805555e0f59e65927f1539a5561b22456e25f3d1868fb42d89cd95eaa96c3335fef7d3ec2a21ff7c53f04961fedc5e374f43f4070df58c
-
SSDEEP
3072:iTkZbJ/CqOFvICeSPUbT3Xf0j4smxh9QQU7kVTAHluobjrHEN8gE:PaVVeXT3XfVxh9QQU7kVTAHluobjrHEQ
Score1/10 -
-
-
Target
InterVpn/bin/openssl.exe
-
Size
839KB
-
MD5
c83c031e79b4610f1ce6810c3af3e749
-
SHA1
60d327ae70ca7ddf93a5d14412be3b21493172c2
-
SHA256
90d258ea786e831b8089abf0d98c9a756f62d62b87a6b40f7da9c8881ea0b3cd
-
SHA512
49d274c5f4ccddda28751a1a6271888c32188a192b9ad9c224832b51af0b474225d75c6ac51e61438b7a9f956b1ba78fef7a5392759a3d38fc4ddd1d7772e464
-
SSDEEP
6144:BPkFXcecHYKlRvECAce+kTICfNE8+Gxafe4WvmlN2Zs5FEWBOOL/HADxU2w6trJs:BccgNSoeAA8wsJwkKBKibN
Score1/10 -
-
-
Target
InterVpn/bin/openvpn-gui.exe
-
Size
420KB
-
MD5
d60536a568fcfdbdf5ffc46c1e22e7fc
-
SHA1
7779b4ad53d6f162b11c22cfc0e6788c872a2979
-
SHA256
f0a19b073992899ba05b91317aa6522d36344eb0caf5dc09adc11c24e020fb92
-
SHA512
dab26e87d66d65e727733e16f3234585f44f8ebbf969c9fd20d4fc55a973820cecfb6218e1b5da98eecdae111473a839cab7b128687808676801bce25558c4c2
-
SSDEEP
3072:BM3+qI2lj15GL+RIfOARQw5e4oD6yDpYFG3d0+H2LbYDynkDt2an/8eVvscN2z/5:mhoCb4oKSzK6vyjdNtP
Score1/10 -
-
-
Target
InterVpn/bin/openvpn.exe
-
Size
710KB
-
MD5
cfd7d6bf137c7f68845fe771927201f0
-
SHA1
2bfb07e8d5f39a706cd47ae03deee7d2eb4303a0
-
SHA256
11d1d48f0994cde7b3bdd273d9bc35f3d5cac7783f75ef81bdd323fe88746f6e
-
SHA512
dfbad890037291a534da7c534b49ec70ecc9a044ee0d8508654696819d88b5b4845b81b2e1aecd5475dc62e0d9a0d1c147524c70940a4e96c4e1530e257758d6
-
SSDEEP
12288:Hlf0GQe7i+1XwxoKP36gS4koE+ujDoYIWCufSE3iTJ93krUFUmg8fegt:axtS4ko88CCufSE323krUFBg8fegt
Score1/10 -
-
-
Target
InterVpn/bin/openvpnserv.exe
-
Size
31KB
-
MD5
ad4eb6a3fb038c2e215bb06262d4009a
-
SHA1
9410b1d326a47b166e36d38436ef6fbb6bda572f
-
SHA256
778e25079650d094337df094f4c262528c7d983ead52194795b4b033c17686ae
-
SHA512
6dc640730a5724de687b805699e51595a1f08b16bc1596564b89cd580deee7478113a4296c3de677f96d4501f4f40a4e36d7d4c1f6993d4dbb7199b0e6edfa14
-
SSDEEP
384:jWZZlmdx9bg7uB2iqfs+xCVaqBCikOGeafT3s7fDWuMBDKBrjQF+CvST5tvDGbK0:jWrlmlbx2XOzAlfra8BD43uwDGbKg1v
Score1/10 -