General
-
Target
f9e590c5670be59c274262336e785703_JaffaCakes118
-
Size
3.5MB
-
Sample
240419-j83h6acf95
-
MD5
f9e590c5670be59c274262336e785703
-
SHA1
4890e84f2c1e079528fec2ee76b63a524f6dd57b
-
SHA256
6c21b0fb2c6bbb62b6a7de80eece5851beceb564497ed090e828ee0e394a13c6
-
SHA512
39c7a5afac426b6b599ffa824b6f2343395a85163e0a1abc521871c86c65e42df0d03e17c8f4990ab788afc624a7be1e6589ae39a4349378f2298fc5ad9a0747
-
SSDEEP
98304:KONNaffuN5kk8NNyoUnHLkGfJ/ykFYWPFuLvqMQ6Nn:PaeN5kkayoWHgGfQaYFw8
Malware Config
Targets
-
-
Target
f9e590c5670be59c274262336e785703_JaffaCakes118
-
Size
3.5MB
-
MD5
f9e590c5670be59c274262336e785703
-
SHA1
4890e84f2c1e079528fec2ee76b63a524f6dd57b
-
SHA256
6c21b0fb2c6bbb62b6a7de80eece5851beceb564497ed090e828ee0e394a13c6
-
SHA512
39c7a5afac426b6b599ffa824b6f2343395a85163e0a1abc521871c86c65e42df0d03e17c8f4990ab788afc624a7be1e6589ae39a4349378f2298fc5ad9a0747
-
SSDEEP
98304:KONNaffuN5kk8NNyoUnHLkGfJ/ykFYWPFuLvqMQ6Nn:PaeN5kkayoWHgGfQaYFw8
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/MakeDll.dll
-
Size
397KB
-
MD5
fd68431adc61fb54cb2adf6a5b1ce3f4
-
SHA1
6e3ecd1c0cd6eb520620a579044a5bc7e9951e2f
-
SHA256
76af724291f4db89ab6fd4684852e3dd86c26e2a057156e95a5702965ec9ecfb
-
SHA512
45a701de50a871a175f96fa21c6dfcad03a0eb627183ba048ac25d467e605f092f9869275b3b8a272f934a866732b3af61e64fd777a46d72fde54f84af7360b4
-
SSDEEP
6144:67ELuk4cTX1ARqPvCudXWy3oanscbvDJQk7e2q/H8EIINRBT9fNsaKfjemm0WRl:Mk48ARqPvVaQNrqNP8ER9lsaonjc
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
33d4a515252e42901fcd3230a749e92f
-
SHA1
168ccf18807f372d59c954425b23e3ba07b9e32f
-
SHA256
83817610e28c78c766a183e66d9fa47f1831b702846cae2ec51ba5848c9dbde1
-
SHA512
fcd40f466403d3243d8a8d2e98aae74f46d5b5e9e254d13485281e86022305a3e8d47c6411175a9f2f90ad8d10aa40614c71329969ef895a20d60688a649adba
-
SSDEEP
192:HPv+wTtD0MzoU7Fs0+/gcDmduwJQXzw+KtnvH0tKO/B75D/Vp6kn2HgsDw0:HPFT90MzRF4/Bj0v0tP9gk2ZDw
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
72f18eaa88886bd0d46de64a17d9720c
-
SHA1
e604c84de0ded023cf4c5e215c0534faf1d18227
-
SHA256
05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
-
SHA512
5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
-
SSDEEP
96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c6284e23cd7e4d11db8298deb4541083
-
SHA1
e338686c7579620383ab8cc5a51bbb8d846f60cf
-
SHA256
79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
-
SHA512
72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
-
SSDEEP
96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
40909a97db3a51fc83aaeff503128b3f
-
SHA1
9693d68a1fb11db70f61b8277e1195dd298abbab
-
SHA256
f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
-
SHA512
cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
-
SSDEEP
96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsRandom.dll
-
Size
21KB
-
MD5
ab467b8dfaa660a0f0e5b26e28af5735
-
SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d
-
SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
-
SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
-
SSDEEP
384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/registry.dll
-
Size
16KB
-
MD5
351f89337642c165a48dd763aa210023
-
SHA1
a5b204cbc51a0ad84248aa680b85be7824f3354e
-
SHA256
b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
-
SHA512
10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
-
SSDEEP
384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score3/10 -
-
-
Target
$TEMP/coopen_setup_100030.exe
-
Size
1.0MB
-
MD5
749ee29ff4b3e34ee9c7b1fb8575a126
-
SHA1
3ec56a9167f4e9e0724f106c03513ed498f7ca70
-
SHA256
f241a7da464510479bda1b1314d70e32b8e907efa15f71dea183810502d27af7
-
SHA512
461410a6960063acd7294de760b161c73c0370a88f7198ecfe6169cdbe1ba809c4388940ebb154cd1e6cb628c0ef3615e83476ea4cc9fcf54991dea89227de67
-
SSDEEP
24576:l160aJVJgAyGBdOE+m3u84uQhzRsSFIpjaL8UzhIM39uyKkb2iDvPXLiU:l12ciwEd/4n5RsSyjalhP8PijPXLT
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
7cb5d7847bed05bcd661f07d97727786
-
SHA1
ec62aba9ece5897ae037db3e4a98e5fe5edd3b6c
-
SHA256
3663f682b9e6fbc0650a729555d6fc432c146e352791ad00a19212d64cc7da27
-
SHA512
51b2b773a8fca7d3346b349c8dc4b0da6d6972350bd9754cf02ab6c093c61c95ee478d562db88c6d046fd341ef0a2d1b06148384c203037dba89abb3e9f5ccc8
-
SSDEEP
384:jKtc0vzG1ioSUspKthBTTN/o7Hleya9cM0Ac9khYLMkIX0+GCBgBTm:jucKiSUV3ZTNmFta9c
Score3/10 -
-
-
Target
$_10_/$_10_/HttpDownloader.exe
-
Size
125KB
-
MD5
a49a5f84d8bd99c0e994775c84750203
-
SHA1
2bb7ce2652c7f401609b2096ad20af0725deb588
-
SHA256
588f715528d49d6bec2e3b23862a351854cd9745c4eab2c7cc0887aee8a4668e
-
SHA512
070ab82e6a19cc2187525bd9fd62e9dc21d748f89d66456fa2373ebc114cd4c21db1136d225cc5ab24949d0b5d6f7096f79741fb9f84ab1701f631b6fa31a512
-
SSDEEP
384:pF9Z8VZeOTH+yuiAdoL8T10KJdAncr89du9y3K3iW0hdSAKNQ8LiiEUKDtPKDb/o:lZ8VZFTexTzPocWAwL3IGsJWMi
Score1/10 -
-
-
Target
$_10_/CCPMachineInfo.dll
-
Size
28KB
-
MD5
4448afc124d4c041a689606cc5c4ce86
-
SHA1
0cbadd5f0b0087e26910aa97f3074f8dd35f7fee
-
SHA256
e09d28d706602648537a0c80e655db60520ba4d1005585e01f4c4afe68205760
-
SHA512
2bc53e6e2a683ac095ffd453d01861ce428fe7a94a7586f6e40e826f75b67ff114f26d5f38209ac30d85b9f3eeddfbc79ce029e277d9ca6a0ca8f38ed5c12f13
-
SSDEEP
192:sz0vqiqlYXfmHtGJRSUaQTBoF15UZNqSm5EzX8S8X8USY9kyYUv7n:MplW4IJ1LBguWv5Ez8t8UeyYUj
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-