ScrubCrypt - The Rebirth of Jlaive
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Software - T1592.002 Powershell - T1086 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 945ab3c3-ec9e-4db9-b135-1ec21a421ea9 |
| Fingerprint | 2d411cb1251f0796 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 19, 2023, midnight |
| Added to db | Aug. 30, 2024, 11:13 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | ScrubCrypt - The Rebirth of Jlaive |
| Title | ScrubCrypt - The Rebirth of Jlaive |
| Detected Hints/Tags/Attributes | 56/2/28 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://0xtoxin.github.io/threat%20breakdown/ScrubCrypt-Rebirth-Of-Jlaive/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 7 | ✔ | Toxin Labs | https://0xtoxin.github.io/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 22 | hackforums.net |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 149 | system.security |
|
| Details | Domain | 71 | aes.new |
|
| Details | Domain | 2 | pe.net |
|
| Details | Domain | 1 | rsrc.data |
|
| Details | Domain | 9 | cracked.io |
|
| Details | Domain | 1 | hurricane.ydns.eu |
|
| Details | File | 9 | pdf.bat |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 108 | 0.exe |
|
| Details | File | 1 | dlzbe.key |
|
| Details | File | 36 | compression.gzip |
|
| Details | File | 1 | v_aescryptor.key |
|
| Details | File | 1 | xsxllt.tmp |
|
| Details | File | 5 | de4dot.exe |
|
| Details | File | 1 | jucdip.tmp |
|
| Details | File | 3 | binary.bin |
|
| Details | File | 3 | rsrc.dat |
|
| Details | File | 1 | etw.bin |
|
| Details | File | 1 | xworm.bin |
|
| Details | sha256 | 2 | 04ce543c01a4bace549f6be2d77eb62567c7b65edbbaebc0d00d760425dcd578 |
|
| Details | sha256 | 1 | 05eac401aa9355f131d0d116c285d984be5812d83df3a297296d289ce523a2b1 |
|
| Details | sha256 | 1 | ad13c0c0dfa76575218c52bd2a378ed363a0f0d5ce5b14626ee496ce52248e7a |
|
| Details | sha256 | 1 | 814187405811f7d0e9593ae1ddf0a43ccbd9e8a37bee7688178487eeef3860c6 |
|
| Details | sha256 | 2 | 28d6b3140a1935cd939e8a07266c43c0482e1fea80c65b7a49cf54356dcb58bc |
|
| Details | IPv6 | 8 | ::cbc |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |