Overview
overview
8Static
static
3fb71a9372f...18.exe
windows7-x64
8fb71a9372f...18.exe
windows10-2004-x64
8$_2_/Ad.exe
windows7-x64
1$_2_/Ad.exe
windows10-2004-x64
1$_2_/Downl...PS.dll
windows7-x64
1$_2_/Downl...PS.dll
windows10-2004-x64
1$_2_/QQVip...er.exe
windows7-x64
8$_2_/QQVip...er.exe
windows10-2004-x64
8$_2_/TXSSOSetup.exe
windows7-x64
7$_2_/TXSSOSetup.exe
windows10-2004-x64
7$_2_/Tencentdl.exe
windows7-x64
1$_2_/Tencentdl.exe
windows10-2004-x64
1$_2_/bugreport.exe
windows7-x64
1$_2_/bugreport.exe
windows10-2004-x64
$_2_/curllib.dll
windows7-x64
3$_2_/curllib.dll
windows10-2004-x64
3$_2_/dlcore.dll
windows7-x64
1$_2_/dlcore.dll
windows10-2004-x64
1$_2_/extract.dll
windows7-x64
1$_2_/extract.dll
windows10-2004-x64
1$_2_/tinyxml.dll
windows7-x64
3$_2_/tinyxml.dll
windows10-2004-x64
3$_2_/tnproxy.dll
windows7-x64
1$_2_/tnproxy.dll
windows10-2004-x64
1General
-
Target
fb71a9372f7195356b87f195e68b534a_JaffaCakes118
-
Size
3.6MB
-
Sample
240419-3war6aag37
-
MD5
fb71a9372f7195356b87f195e68b534a
-
SHA1
08f7a9fa06a9cde87f38dff3aa8b57efed5a1099
-
SHA256
051a80a2a82dd18faa9d0738c5403f3f0dbd0926e0525a445596cc6ef2d7d754
-
SHA512
906e0b239b6de7a3f7ef9118355793dd342853501109b9328ccb284f9142c69f4081671795b3b80eff894b550b26e6bb6a0731134bbcfb0cc9d9a75d78ea36ce
-
SSDEEP
98304:KcXMbp8CtkFM8zRi8FSP4xnKjhFyikOfDiV7mR/eht2:RcTkeWim045ygiFfDK2/Et2
Static task
static1
Behavioral task
behavioral1
Sample
fb71a9372f7195356b87f195e68b534a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fb71a9372f7195356b87f195e68b534a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$_2_/Ad.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$_2_/Ad.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$_2_/DownloadProxyPS.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$_2_/DownloadProxyPS.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
$_2_/QQVipDownloader.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$_2_/QQVipDownloader.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
$_2_/TXSSOSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$_2_/TXSSOSetup.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
$_2_/Tencentdl.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$_2_/Tencentdl.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
$_2_/bugreport.exe
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
$_2_/bugreport.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
$_2_/curllib.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$_2_/curllib.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
$_2_/dlcore.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$_2_/dlcore.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
$_2_/extract.dll
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
$_2_/extract.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
$_2_/tinyxml.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$_2_/tinyxml.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
$_2_/tnproxy.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$_2_/tnproxy.dll
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
fb71a9372f7195356b87f195e68b534a_JaffaCakes118
-
Size
3.6MB
-
MD5
fb71a9372f7195356b87f195e68b534a
-
SHA1
08f7a9fa06a9cde87f38dff3aa8b57efed5a1099
-
SHA256
051a80a2a82dd18faa9d0738c5403f3f0dbd0926e0525a445596cc6ef2d7d754
-
SHA512
906e0b239b6de7a3f7ef9118355793dd342853501109b9328ccb284f9142c69f4081671795b3b80eff894b550b26e6bb6a0731134bbcfb0cc9d9a75d78ea36ce
-
SSDEEP
98304:KcXMbp8CtkFM8zRi8FSP4xnKjhFyikOfDiV7mR/eht2:RcTkeWim045ygiFfDK2/Et2
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/Ad.exe
-
Size
24KB
-
MD5
218a0f93c33d9da19beb9396e251ea58
-
SHA1
ba28b69133ee9e79dca3b0d478f1777af1a900f3
-
SHA256
7e6264a4d4e30a845dfff70491970a697c275d05bcd572bf484d3b821a8a95f5
-
SHA512
21b4c505f8c7b59b64ecb76551f051d035cb26af5d76c3818a5d00acc849686381b08bbba93fcd86353bb0c83a2a549ef7c7247a88c679c57c2e1499c24df386
-
SSDEEP
768:yiJRKDbEOKtIhxBKRGiDli/tmgkHO+QD:yiJRxOKtIhxR+lEmdO+Q
Score1/10 -
-
-
Target
$_2_/DownloadProxyPS.dll
-
Size
67KB
-
MD5
9c629978377e3edc8d0b001115f93eec
-
SHA1
c563aad2e04b0e69b3ceeb722f7f7e85dd3cb410
-
SHA256
1ce25ffc0d8671f5c44573ec190533860cc3bec823d2dcfaf4548a0bd76add50
-
SHA512
34cb1eafd31385094bc0f2f03da80fb94662a7a966dff7f9be974b5e850e2c588e82546edfaf244b7f20046fd63421495b7a429d50184d074b83208d86dcd619
-
SSDEEP
768:A1fVSO9ZV/algl30jcuPv114iNpdVtAcpg5n:OAOkeEcuXVN9tVpgF
Score1/10 -
-
-
Target
$_2_/QQVipDownloader.exe
-
Size
1023KB
-
MD5
65dbfaf76be7baf0369e1a202f8499cc
-
SHA1
542dca77ea0f20b91b8ebac80e326686dd507c55
-
SHA256
e997d69e9649210f79167f2a8501196ac2a62a23944b5d0d39b1e9bd7e3b774f
-
SHA512
0880bc2a3182708e3ac620f4028a85eb1683bda96f0246ea5751c9ad20c3ea2c1e9879751b4f57fea0ee16b41347a93be88ef0f87661583971204179b917b608
-
SSDEEP
12288:pDfAIZBLC7KNkg2BirPUTYLzD3zk2U5LZE+KGngCRyEi1QOCXSSY9p8s96+9AUys:pDfAIZBZkg2B4UsKKLEiGi9X0cAUSK6
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/TXSSOSetup.exe
-
Size
1.2MB
-
MD5
e9756141d085d3b332014d7f9b184480
-
SHA1
7527574eb3b415744815ec4c51ae423ee58494e7
-
SHA256
8aa5ad11255f7526bd924a14b2ad0f4511ec2abf9f80abc5d2ac3d147490088a
-
SHA512
20f6c37ca83d4fe3cc34fe0018d184447ec2c2c990930601eeb9e5f29e8da4cc1b172894deada85d0bdcbb7bb09e907a757aa2932aaaea46fa5ed19444a0a439
-
SSDEEP
24576:PBKYYrcWwGWZBxY/7jeN9B8dz8w47dywfUKIKvyqNJvbqaEaJe:2oWwG+Bx28odYy4UKl0dge
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$_2_/Tencentdl.exe
-
Size
915KB
-
MD5
7e8dfc56349967d134ccdc9de4cd772f
-
SHA1
80f9636e5f2b7509d50e3e865b5c0d921348fff0
-
SHA256
fcaf44a74ec98e9780ddded45729dab1dc292c3a1bfed1c1a7ce56f1fed9b604
-
SHA512
b25fa86519cc23157f253ab816e8f8dfab54c5eddb72ec2092ece5b33767131f2ebdb4c791a2e28688c3bbbddc0db1e34d046f309592f95bf4665f5f12617010
-
SSDEEP
12288:4QcPCATq82+oqwBPeOzXcYdQ05l2NAmTq5RAPeK17b163XfP6P:4QcToqsiYNl2NApvB0n163XfPo
Score1/10 -
-
-
Target
$_2_/bugreport.exe
-
Size
274KB
-
MD5
cae77f70a1dbc517f1281403f0a68c1e
-
SHA1
96fdd9317aa6236ccd396dd469c46eda564326f2
-
SHA256
18a53e047d0536e49385177d00d526f252de98d5d04e58e057c7684f820788c2
-
SHA512
b33c4e3de966847e280fd827c39c0dfad1e65a7c24f28b7572eb35aca0c36fc0544eab3e34d5b80613543bf7c644a1b41dc3d7886e1b4923a93077ccadb2799c
-
SSDEEP
6144:mtpUeG1HPZRRYBmH43UDCVyTBqFtfGJOENMcDN7Y7t7q9:mfGfYBmHEaCVyTsFkTMcp7YJe9
Score1/10 -
-
-
Target
$_2_/curllib.dll
-
Size
228KB
-
MD5
45882035d3e92e52b511c497432c0f80
-
SHA1
beebd03fafda345f2068c8892272d66bf7726ac2
-
SHA256
f79808272d03aa7a2e904438f97a63dee8d0d62fd4ed77709eb80ca3bdba6510
-
SHA512
4a00a0d8d0dd4fa3774722c5dad647e86127f1a1abe83df7b80388c6ef1aa69089402fc12a06a3fc4f800335db5ca99345b8d75b584a2b467f9a43254c303817
-
SSDEEP
6144:8AGm5prJ+hxfZZmfrnY4LwKFWj6sd+xAI9:8AGm5/++rn3W+F
Score3/10 -
-
-
Target
$_2_/dlcore.dll
-
Size
1.9MB
-
MD5
0ed92ed82d4d1b22fe231c177b45eac5
-
SHA1
d858a692e6c0a364137c4d0190816809b8c37f7f
-
SHA256
ad1425b8497cf8b5891adbd51371c3ceb0f977e6e417b6c3f3262e6b6f01e2fc
-
SHA512
8d7d60e84314ba2b5b1a9248e6ddf1f2723844ebde1953343ee5f825f1d3e30a5a9a504d028c9311f9aa82c17929c4927769b7ae6df986003b2c1aaef0be3aa1
-
SSDEEP
49152:JSGO70WM3G4HmQohT02dkqQsEhAtyhBFVTCzNG6TxD3mOXA:cf0WKGIQ0+QsDCO
Score1/10 -
-
-
Target
$_2_/extract.dll
-
Size
358KB
-
MD5
9da51d4506bd094fbfc7d337338fc872
-
SHA1
1b5799ef6b66ac9471842f17570813e7c42cdb27
-
SHA256
f2181e41d5950fcb762edf6b9cbb665e94004a7f1102b606c331690e6069a501
-
SHA512
07dfae7c04ea2815ed78af9e29313050338bfec5a8e08a8846c0f846d6d27b79b7bfe2c3b4dbf3758aa22f88342aadf5513dcbcd6a718b9dd939996d6ce9e044
-
SSDEEP
6144:xR1C/1D8BnHgvH/5udZip+IUOrJTbSfvyux0egTK3:xDC/1D8BH0HBvUIUOrux0ege3
Score1/10 -
-
-
Target
$_2_/tinyxml.dll
-
Size
99KB
-
MD5
e42fb6e8b70cef85bfaae7cd0e716e21
-
SHA1
463a423283b5c22056cca0c2bcad1969194e69c2
-
SHA256
0460e9e03edf807453e66f0332c84a4f8ea8ace16e25b8c2e62abe12a6b7eebc
-
SHA512
c30105e53c89756eab9d7c92d35e9934ece9ac9ecdec92cb56e63ffdf2b1ec3294dedc4942fd0dfae16367968f697786179534b9b0de7f2962e0c95a406a7056
-
SSDEEP
1536:R/ehBLJag+yYfuwjLPIGsvNY96EgQUx8J4LoNB4e0ee:REL4hfuwjLPIZNY96EgQU2fNB4eE
Score3/10 -
-
-
Target
$_2_/tnproxy.dll
-
Size
707KB
-
MD5
3bad47f1e11387358ba090fbc2682713
-
SHA1
e7e7843d3fd4f45fdb65ff40936bc28a10651589
-
SHA256
26c906e83d280f03e021a5730908cc40551f8ef98e048b9ae001354ec83ae736
-
SHA512
c00f7079746cc0ab961680ca784cac036ad60c2883e032fea9d8ac4791579f5cb952a341efb0068a38f81ab84c6dc870ddd8ae5ddb66d17a812a80fc8e1486eb
-
SSDEEP
12288:aY2sKZ+fh+jtdwPBAMvyAXlOsJhYV0J7OQf1LoP+MmIlF/w2MfNXn0K43qsvXB3p:h2sKAj5YV0J9UWrkxPHRzANe
Score1/10 -