Overview
overview
7Static
static
3Bypass-Too...l2.exe
windows7-x64
7Bypass-Too...l2.exe
windows10-2004-x64
7Bypass-Too...02.exe
windows7-x64
3Bypass-Too...02.exe
windows10-2004-x64
3Bypass-Tools/U952.exe
windows7-x64
7Bypass-Tools/U952.exe
windows10-2004-x64
3Bypass-Too...p2.exe
windows7-x64
3Bypass-Too...p2.exe
windows10-2004-x64
3General
-
Target
1c19a0df5abe6a6b978e23c32c7b5a54_JaffaCakes118
-
Size
8.3MB
-
Sample
240701-xdtvesxcmq
-
MD5
1c19a0df5abe6a6b978e23c32c7b5a54
-
SHA1
9e6ca5b853f5f6771939bdf7b3d4493c0ae2a8f4
-
SHA256
31307fd48576c3d1a61fbc70e6f7a63d39d903dea4b1a8d47089ad15ce3632a6
-
SHA512
d92cfac8410f9d0d69989b9806c653758cc52ab83c6c0649533319c46e794cdcec024bcc73e6c72bc62ded3fe8b33434b8235c783d2e34aebe0541895a427b31
-
SSDEEP
196608:i4XXRWPLSYA9QL0ev7+fuM+lA8oHpD8l3QNE/aNd:i40G1QL08+GvlA8o2l3p/Md
Static task
static1
Behavioral task
behavioral1
Sample
Bypass-Tools/CGWebInstall2.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Bypass-Tools/CGWebInstall2.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Bypass-Tools/GPass-4.1.02.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Bypass-Tools/GPass-4.1.02.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Bypass-Tools/U952.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Bypass-Tools/U952.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Bypass-Tools/fg679p2.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Bypass-Tools/fg679p2.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Bypass-Tools/CGWebInstall2.exe
-
Size
730KB
-
MD5
bd11d302a86fa12e2032621554326bd0
-
SHA1
be4a4d74b3b5316e46ef6d813031ca99c2c12b49
-
SHA256
9894d651b7700ffd0992c0a310cfb867b84d32d644574f6571ea540d189a088d
-
SHA512
59c0243cf2577c13ea3467e6e421a3f174c6f16623d125f69a608ad7d54977e57b471b31cbe7a79ba5c13f0296064bc172a9da41fe9379f977112fcc219cd400
-
SSDEEP
12288:ONYr78QV1q6XEHjxa84YQ65FQLcCxB2FgUBVDZbU4xC78P:O64blYEQwuKBVDZgr78P
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Bypass-Tools/GPass-4.1.02.exe
-
Size
1.5MB
-
MD5
7278e678da87ef182749106b2eae69f6
-
SHA1
e3512c10ab9d63733e01d21b613c28d387481718
-
SHA256
b237d98792921adb8638c37b0c688d96851f5e686edab3e83070985d47fc3b32
-
SHA512
2464772d7778af02051d480007c9dc23bd065ac99ba9e2c732546376d9ac2a8c850f6faf226165bb0719a768bf27e114796f303a7c260cb97cfd8675dcf2c7cf
-
SSDEEP
24576:7WktzDLe1+JviXVLCxbvKMcszr6vW2e+wL7V4bZgtWi6hmPftRUNYuEmB5:ltzG+UXVLCxbvKMcT0/LAZgtWint6NAo
Score3/10 -
-
-
Target
Bypass-Tools/U952.exe
-
Size
481KB
-
MD5
bb621c35f2bccc16874fdbeb4bb3fe91
-
SHA1
d68138e1183320e08baa42c7e7b9f57ea868cb3d
-
SHA256
cbc3ba3c40a9c28ac01792fbf06256176bdfbcd9bcc11963d3bc44528924a4a3
-
SHA512
9c0a5a77a9a2d001cc94e94b710e14a88f60f34f940a21e30655703133cf187111243a75f8e315445b20ef23a1d2a8cffde70c6b7638b7fe488c6426093d2a99
-
SSDEEP
12288:+YSoGZKu26s2vEZZH+MJyVg5Qy5sZ0kVd3dffu:R3GZKu2N2vEZZH+MUVqjyZFNfu
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Bypass-Tools/fg679p2.exe
-
Size
498KB
-
MD5
6a606cbdb8860ff486656e6b8ce786d4
-
SHA1
8513e29b1844c086d3fa3ae3d1d2169f5378a96a
-
SHA256
cb0d4788d6382a032c50c503fef59e8625affc65ec7aef0cdd4bf89221d57f38
-
SHA512
0badea06710b5413e8ad5f8dcc6dcb5785bed5428977de6d42a56a9729fd26b2b61f0f2ea5c049a0d0c9213560954fe669c35b9760a16466edc9ad0a83b597b2
-
SSDEEP
12288:mqAYK1RQmJc+1yedZOSQOs7YNCS+nGxcz2+aQTJw/XfPJI:xzmRQmJPyei/Sx+PTuB
Score3/10 -