ID: 78954 Sample Name: Clapzok Cookbook: default.jbs Time: 09:56:23 Date: 21/09/2018 Version: 23.0.0 Table of Contents

Table of Contents 2 Analysis Report Clapzok 3 Overview 3 General Information 3 Detection 3 Confidence 3 Classification 4 Analysis Advice 4 Signature Overview 5 AV Detection: 5 Networking: 5 System Summary: 5 Malware Analysis System Evasion: 5 Anti Debugging: 5 Behavior Graph 5 Simulations 6 Behavior and APIs 6 Antivirus Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Yara Overview 7 Initial Sample 7 PCAP (Network Traffic) 7 Dropped Files 7 Memory Dumps 7 Unpacked PEs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 Dropped Files 7 Created / dropped Files 7 Domains and IPs 7 Contacted Domains 7 Contacted IPs 7 Static File Info 8 General 8 File Icon 8 Network Behavior 8 Code Manipulations 8 Statistics 8 System Behavior 8 Disassembly 8

Copyright Joe Security LLC 2018 Page 2 of 8 Analysis Report Clapzok

Overview

General Information

Joe Sandbox Version: 23.0.0 Analysis ID: 78954 Start date: 21.09.2018 Start time: 09:56:23 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 0m 56s Hypervisor based Inspection enabled: false Report type: light Sample file name: Clapzok Cookbook file name: default.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 1 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies EGA enabled HDC enabled Analysis stop reason: Timeout Detection: MAL Classification: mal56.win@0/0@0/0 Cookbook Comments: Adjust boot time Unable to launch sample, stop analysis Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sample Unable to start the sample

Detection

Strategy Score Range Reporting Detection

Threshold 56 0 - 100 Report FP / FN

Confidence

Strategy Score Range Further Analysis Required? Confidence

Copyright Joe Security LLC 2018 Page 3 of 8 Strategy Score Range Further Analysis Required? Confidence

Threshold 5 0 - 5 false

Classification

Ransomware

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Analysis Advice

Sample could not be started, try setting a correct file extension or analyse on different analysis machine

Copyright Joe Security LLC 2018 Page 4 of 8 Signature Overview

• AV Detection • Networking • System Summary • Malware Analysis System Evasion • Anti Debugging

Click to jump to signature section

AV Detection:

Antivirus detection for submitted file

Multi AV Scanner detection for submitted file

Networking:

Urls found in memory or binary data

System Summary:

Classification label

Sample is known by Antivirus

Malware Analysis System Evasion:

Program does not show much activity (idle)

Anti Debugging:

Program does not show much activity (idle)

Behavior Graph

Copyright Joe Security LLC 2018 Page 5 of 8 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Behavior Graph Visual Basic

ID: 78954 Delphi Sample: Clapzok Java Startdate: 21/09/2018 .Net C# or VB.NET Architecture: WINDOWS C, C++ or other language Score: 56 Is malicious

Antivirus detection Multi AV Scanner detection for submitted file for submitted file

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

Source Detection Scanner Label Link Clapzok 54% virustotal Browse Clapzok 100% Avira W32/Elmacz.A

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Copyright Joe Security LLC 2018 Page 6 of 8 No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

Copyright Joe Security LLC 2018 Page 7 of 8 No contacted IP infos

Static File Info

General

File type: Mach-O universal binary with 2 architectures: [x86_64: Mach-O 64-bit x86_64 executable] [i386: Mach-O i386 executable] Entropy (8bit): 5.084211406944398 TrID: Mac OS X Universal Binary executable (4004/1) 75.96% HSC music composer song (1267/141) 24.04% File name: Clapzok File size: 84794 MD5: 99fe5ad5ff514f5aaea8e501ddbaf95b SHA1: 48bc391b35a5323b70c6908c428917d08054744b SHA256: 03f2591771c4c04d7f69dd0f7e29f012a4836410e9fb2430 d880e38feafe2729 SHA512: c3bdfb40a8c0a6c86135eb4c27e68ad77f2b0b6c0701bff 0f7b277fe7977780a35254837f5a8f7bee746f0f4eb7b30b def99d923d621a07734a9bd31d59ca2d8 File Content Preview: ...... :......

File Icon

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Copyright Joe Security LLC 2018 Page 8 of 8