Overview
overview
7Static
static
3f5c77ef216...18.exe
windows7-x64
7f5c77ef216...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3SpyOut.exe
windows7-x64
1SpyOut.exe
windows10-2004-x64
1SpyOutLaunch.exe
windows7-x64
3SpyOutLaunch.exe
windows10-2004-x64
7SpyOutUp.exe
windows7-x64
1SpyOutUp.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3General
-
Target
f5c77ef21662451265e0828c66274852_JaffaCakes118
-
Size
1.7MB
-
Sample
240417-prk6fafb23
-
MD5
f5c77ef21662451265e0828c66274852
-
SHA1
5e479f7e68943f792e754fac4bea372c41fc8b5d
-
SHA256
02ed70ca5fc0e47d0cb7016a0959a0793853beaa8bba1e1d26b9fe9489c798fe
-
SHA512
02abf7e20f37041d0594deccc2daa59ffed761b0d7f898f2cccf93502c9719729abe03f7e67348b645c3107c7a0dc7db602eb67c40dbc103794f6e0bdf7069f8
-
SSDEEP
49152:itLrXclQ6jGV1C4MSRBSAXTdxd8rNPk45COkDwuFhnEo:itLgQBqoRBSAX58rG45COPuFP
Static task
static1
Behavioral task
behavioral1
Sample
f5c77ef21662451265e0828c66274852_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f5c77ef21662451265e0828c66274852_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
SpyOut.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
SpyOut.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
SpyOutLaunch.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
SpyOutLaunch.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
SpyOutUp.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
SpyOutUp.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
uninst.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
uninst.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
f5c77ef21662451265e0828c66274852_JaffaCakes118
-
Size
1.7MB
-
MD5
f5c77ef21662451265e0828c66274852
-
SHA1
5e479f7e68943f792e754fac4bea372c41fc8b5d
-
SHA256
02ed70ca5fc0e47d0cb7016a0959a0793853beaa8bba1e1d26b9fe9489c798fe
-
SHA512
02abf7e20f37041d0594deccc2daa59ffed761b0d7f898f2cccf93502c9719729abe03f7e67348b645c3107c7a0dc7db602eb67c40dbc103794f6e0bdf7069f8
-
SSDEEP
49152:itLrXclQ6jGV1C4MSRBSAXTdxd8rNPk45COkDwuFhnEo:itLgQBqoRBSAX58rG45COPuFP
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
SpyOut.exe
-
Size
1.8MB
-
MD5
a5396c316c0fe5831ec38feb82fcecae
-
SHA1
a1665a5b6211d71b23690d06cfcfa99acd9c4c1c
-
SHA256
d09943d5ae1a2ee088b5050f12a287461daa69bf56102f3f4e8b27c499e6f18b
-
SHA512
fdca6774d81eba00b724c0854fc4ab6963b05fc036af18122ee0e54d870e68ec5e23705ad6f352494adb992cf787887f313279771c985ef2f4861afebe6274e6
-
SSDEEP
24576:GyDY61d9bWTh/Pj0mlfgB9JfOz1Ci4iT70Mq02x0ZYFqAXUSmW5:9Y61d9bWlXj0ggy1CDhtj3XUSmm
Score1/10 -
-
-
Target
SpyOutLaunch.exe
-
Size
236KB
-
MD5
3e4daf1d1296da3d9cbfb9d1a334e1ad
-
SHA1
a5bbdabc7de6fb8eaae6f5b8775d16f22d718011
-
SHA256
f39229d4f54dbe68606018a58ed5e7e1869c67b6dfaf28b2baa27d43968ec9b0
-
SHA512
981cd39bd19323cd700a027b714afc7359bfb68c17a885e7af8a4c80b30236a7dede38647d7e4c1cd06f996867f695074d21ab50ef374f98d7226c284d8cbf34
-
SSDEEP
6144:mBmUYYMcm4dmAP4Xp+EQHKCUeFE/t+Do:MlWcm4dmA28EF+Do
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
SpyOutUp.exe
-
Size
416KB
-
MD5
668512b230a150b2b98da1ba889b24f1
-
SHA1
d348c96f53ef8401ad736148b0f009c156a325c8
-
SHA256
19e632355649d31642822c8d37a0a3a3bed2d424016dbac3f194045343804e27
-
SHA512
c04cb8f5d4683d89b966fcbc19142ea395d30bd2b43be44f7fcc7c61f82ffc951ffcb68d4eef46b43895cef38feab489bb4bc8255c1b4813adcf1c50d1bc2182
-
SSDEEP
6144:eQMgHzeagMs6ATZXRJtWF2QDbV+B4NDwUeFE/t+DozX:LMgTeagMzOZ1WFe3EF+DoT
Score1/10 -
-
-
Target
uninst.exe
-
Size
132KB
-
MD5
46841052d7e2a47af13f8845ea018484
-
SHA1
d6f5e38b803a2ffa654c681bd1244f77097769e3
-
SHA256
529830765e44fb8dabfb8fe92aa242005edc2ca83fbe13f4fc4d6cfa7d6b4a50
-
SHA512
0d68120e128caa6c47f11b318f452b7596600c9b6bf6741e761115e0be6f3010bc8fcf05a0b3c8ebba9d7919f87084d08f2a799f256812eab6026b6dd49be178
-
SSDEEP
1536:jQpQ5EP0ijnRTXJfiSFxYrZqa9WXkI8s3ofkP0r0eLuUeFEv8VeOF/B:jQIURTXJfiokZqa9+8qo6hUeFEv8v
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -