General
-
Target
fb13ec7b06e71e25cc30942e0cc30545_JaffaCakes118
-
Size
208KB
-
Sample
240419-yxnm7aec43
-
MD5
fb13ec7b06e71e25cc30942e0cc30545
-
SHA1
b93e0eebdeafdd83fa21167c87c8663184b2e4bd
-
SHA256
32d39da9693346790b89a355d174c2106709e5ac67944f16856ed11528aa49d8
-
SHA512
00a01e70051c268a547e9594ed4c6254e3ba8181a0304cf972f5cd3451d26c181a04bf1fde9ff2acd47cfb4cb389084c14a6c380adfbbcd41811ea12b3547a22
-
SSDEEP
3072:tu10Th+5eHdaThmjyrrHlzYolfLPLzmdBtugCCl9rSSd5l2DUQnIgLLLolvnthS4:w0lzdg2QF7lfLPLCdBHrhngnLwPHPN
Behavioral task
behavioral1
Sample
autoclicker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
autoclicker.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
autoclickerhk.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
autoclickerhk.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
click.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
click.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
rinst.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
rinst.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
autoclicker.exe
-
Size
408KB
-
MD5
4658fa7a1917906acfb7c483164cebeb
-
SHA1
a244fe62947443bc0485b214502828afcaba3a8c
-
SHA256
64c89a6874843e3912475700ee122d6f37dffc478f9732bf078a7ff2007a95b6
-
SHA512
6db69db1d7b8f0d7b15a70175ca7ea527d1898929300be3e6a31cf749e9e7de3ec8a7d9d7cf46eea0728ad4b1354e5fededf12765292d4760c37988cf497d260
-
SSDEEP
6144:IoRfQfX61WuTpEA6F6m/mt2sO83JqfBGwxsV1BNFUrMGg5xod+n:IEYvEEF6cmtdt5qfL01X4MGg5xFn
Score1/10 -
-
-
Target
autoclickerhk.dll
-
Size
21KB
-
MD5
166f2c8d2091af52c39e2cabe6998e0d
-
SHA1
f861475c267ad4148e66068d702442800715caa3
-
SHA256
1ab70f1bbbe30244a8124e2625dfdc450313d5d30028d5ae8f18618fcbb7ed89
-
SHA512
a9dcb958a1b635f2a65505fdd95e5e68d15cfc78e4ef5939f8ef40cdb4372e29c095eb6e3b6735fc0fba7ce7f2f4ad06d6d297ec58a581236218a680ea133f4c
-
SSDEEP
384:lN54E+/n3pVI/vknldWHWn/CiDH7CfM81RrZpI0Vl/pMtHBM:D54Ew3rI/vklw0TDbCXljrpMB2
Score1/10 -
-
-
Target
click.exe
-
Size
26KB
-
MD5
43591e20c0a6220f9a50ff2991e2eb0f
-
SHA1
0f321be24d7633fd8a3f27c2172c6309b4082478
-
SHA256
bd79444d59f2a9f72e4bf58cc0ac93f9ad12050326b585f354f7752c31ecb0fa
-
SHA512
3341e0f64f07da37d728e1632f55e3582f59da5e2651dad0a53a76dc124897b07096e98e3e6f901f2a6727bce9b76776d1a0bd8b377e46b6be764fdef6b781bd
-
SSDEEP
768:fUhjWKnS71FwJ5ZrrqBo9whNUAlYtx2deV3Z/adN:8hjC7QJ5x94lYC24d
Score1/10 -
-
-
Target
rinst.exe
-
Size
22KB
-
MD5
9a00d512f9e1464ad793702cf2b1eda0
-
SHA1
39a47a90cd3dd132dbab9f5052dda38dbd7c63f6
-
SHA256
98d257f639ee9df968f77b1f66c78230d07d86e58a7ddf0d306a24af3873dc5b
-
SHA512
18604f20351db1d418f48f2eb023be07588754b428b5d6abb0a7c40d6bf174ce7dcab2ae6e06f22585e12f1bfdb6e408b17bf20e2a7ba137620002ac04b8b4ba
-
SSDEEP
384:c3PqIGR1uEtfWlXdbvoht0zsQHmr246v1hLqsHWuTqvhwp:aqZv3tfEbgIzsQHs6v1hLqQ9q
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-