Overview
overview
7Static
static
7facecooker...p3.exe
windows7-x64
7facecooker...p3.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3ContextMenu.dll
windows7-x64
1ContextMenu.dll
windows10-2004-x64
1FaceCooker.exe
windows7-x64
6FaceCooker.exe
windows10-2004-x64
6IEContextMenu.dll
windows7-x64
1IEContextMenu.dll
windows10-2004-x64
1LoadSkin.exe
windows7-x64
3LoadSkin.exe
windows10-2004-x64
3facecooker.dll
windows7-x64
1facecooker.dll
windows10-2004-x64
1新云软件.url
windows7-x64
1新云软件.url
windows10-2004-x64
1General
-
Target
fb01afea17bd6bef75d3450556531320_JaffaCakes118
-
Size
798KB
-
Sample
240419-x6g2bsdd22
-
MD5
fb01afea17bd6bef75d3450556531320
-
SHA1
c4bb76bbd5b19602a9395a909a0d8a8b6f5c4f7b
-
SHA256
842a04069e15438786d883f1f14a1ca9370bbcc1bf75502c2b601fd3c299752f
-
SHA512
3bc015ddc0da1d36a4b80dd8c396c0f88b5f84f2fe7f6374b47d442d51fd259b9c9c58b44cb0605703a35ed6eeb7449eda7d9900d8c7725159e9baeecf660fce
-
SSDEEP
24576:pendzOPC5QNSgVvrHMchjvfYh4KjYx9M3jx:penZYtFVvrscq0xC
Behavioral task
behavioral1
Sample
facecooker_setup_p3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
facecooker_setup_p3.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ContextMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ContextMenu.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
FaceCooker.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
FaceCooker.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
IEContextMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
IEContextMenu.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
LoadSkin.exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
LoadSkin.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
facecooker.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
facecooker.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
新云软件.url
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
新云软件.url
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
facecooker_setup_p3.exe
-
Size
911KB
-
MD5
b8452be74d68ad2491eb50ec72499990
-
SHA1
a292ff0c084ade20e2a08ac7a570b0f53d207224
-
SHA256
18a347824262904b619869644d490aedefdf5ad17a3afa882735aa8757f178d8
-
SHA512
e4cfa9b4335ee5a607f63221065ed54786ad8fbfce25dce3dcd3a1d60e24eacfcb935610db5e7dee103ddf77463c0c789cca981cb92281b8be786a4e3f7960eb
-
SSDEEP
24576:Ahf6DM4v004d9l6IuhK5VH+nPfDkQtEnz0g:SC9004Gw5VH+PfDqnQg
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c6f5b9596db45ce43f14b64e0fbcf552
-
SHA1
665a2207a643726602dc3e845e39435868dddabc
-
SHA256
4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
-
SHA512
8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
-
SSDEEP
192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score3/10 -
-
-
Target
ContextMenu.dll
-
Size
43KB
-
MD5
addef0e19c0b652fe47a8552d2290370
-
SHA1
625b52a477643946b8efceaae1ac8754aed7cac9
-
SHA256
96c442ece5a7dbd3e65d9c419fe979db60d92e7a8434dc61ae73062ec1d1d074
-
SHA512
4a75c905814d3ec746da6a97243a2c2834bbb5f7e0133e557f1c268ccc9c900d519231d098752ac8ab098473f631094ded65846dac2bb9cee5cc82177f4e1f52
-
SSDEEP
768:xsxNBBbdpXqE4lF0GD6xsWFvWCzyPFX1lO1Fbr8z:xqnpXqE4XhWFvpCX1lO1FbO
Score1/10 -
-
-
Target
FaceCooker.exe
-
Size
370KB
-
MD5
77114bd839031621f476beee5d6eb453
-
SHA1
00040386537cf39468fc83f426b43b4c1cf3dcf6
-
SHA256
b6b12bc984079bc23460884daa24518ee5831b322ce40ad9cb4898270b413388
-
SHA512
dac8b78437259414485eb2645051d94634942da417519703b3d75fd84a2cce51da760459ce12405eb4d39da5ba2ab17f141a83fd3004aad1416c52adddc5a766
-
SSDEEP
6144:WuvJtpXA6/KXG6tmK4RGZb4dNamk18ljdYsAv3CRxAUu:/vJtC6/qG6toQZb4dNaElq7fC8L
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
IEContextMenu.dll
-
Size
40KB
-
MD5
c3ae8c15e1e7e5d6bf0bcf18457c8bb2
-
SHA1
65a37c44c936e0e6d004a4447b7e13640eb7b027
-
SHA256
95469179199a1fd59b3390e099d1fd579e753b644e8e08beca53cbdd065de5e5
-
SHA512
9da09fee4822d65eb886719904897eff888fd4688d7485606fc661e3e881e4f608ebe258f1b04b35d52ced6e8680cc94f604e7a7a4831467cb28edabe83b8d35
-
SSDEEP
768:FjBO/SVWeK6+GfsLvfMYCZbQixSyl3QlO1R2CP:3Fs0sLvpCZbTntQlO1R2CP
Score1/10 -
-
-
Target
LoadSkin.exe
-
Size
51KB
-
MD5
743b7dc2d319c63138475e04aa2c35c8
-
SHA1
867660f0ca12d30bd58467555e100359f6312e51
-
SHA256
df46db5dda7c23518a7fca7f6143790f200b32c8788e19ef59bd0aada55fcddf
-
SHA512
924539c43f87e456097f417d8eedb3a2708e8899ee8a739b591dc0f6b8b4533782cc4fe6c7980bfca9c852d7c40516ab04543a49c9c22c065826bac7a93f32a1
-
SSDEEP
768:40zwVpNpN160TJGwJxtLoI5kpXDJQRJkpXDJQR:45/pN80TJNPkp16Jkp16
Score3/10 -
-
-
Target
facecooker.dll
-
Size
85KB
-
MD5
86eaaeb6ed9d7517344ef9e52d8bb613
-
SHA1
88a34b82f7a9d168db984f0aef82c0f98672a924
-
SHA256
5b750d24d6103281c577f4b7cebcde514f19a6753f5027907607ebc542a937a3
-
SHA512
c9aafcdc811d8b0822bd1864d9ee3e2a08c05e3c68be472408779bb5d5e37726f9d20d5b4e8d926fc3526d595125cfd816922ee03ba1b6df78b2b4db2b8a5e8a
-
SSDEEP
1536:FjdMWCmQh2DiP04XwICTau8pWqQD5mLx9V9UCAUO:0WN4PVRpWqQD5mL19UCAUO
Score1/10 -
-
-
Target
新云软件.url
-
Size
133B
-
MD5
4f0017b3b346bd0626f0c3b915e6e734
-
SHA1
823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
-
SHA256
df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
-
SHA512
0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score1/10 -