Overview
overview
9Static
static
90099d476ab...18.exe
windows7-x64
60099d476ab...18.exe
windows10-2004-x64
6$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...cs.exe
windows7-x64
1$PLUGINSDI...cs.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/QQLi...ex.exe
windows7-x64
3$TEMP/QQLi...ex.exe
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3ADManage.dll
windows7-x64
6ADManage.dll
windows10-2004-x64
6ATL80.dll
windows7-x64
1ATL80.dll
windows10-2004-x64
1AsyncTask.dll
windows7-x64
3AsyncTask.dll
windows10-2004-x64
3BugReporter.exe
windows7-x64
1BugReporter.exe
windows10-2004-x64
1CefSubProcess.dll
windows7-x64
3CefSubProcess.dll
windows10-2004-x64
3ChannelMgr.dll
windows7-x64
6ChannelMgr.dll
windows10-2004-x64
6Common.dll
windows7-x64
1Common.dll
windows10-2004-x64
1D3DX9_43.dll
windows7-x64
1D3DX9_43.dll
windows10-2004-x64
1General
-
Target
0099d476ababd44886c8c6fe727721ba_JaffaCakes118
-
Size
35.4MB
-
Sample
240426-mydntseh34
-
MD5
0099d476ababd44886c8c6fe727721ba
-
SHA1
19eec2a4e89e23824b77be2d0a4c3c5d5f9b7f94
-
SHA256
97f316b567be836f302b4182037f02e17e2a8272534ce830a3d1d2ea15237006
-
SHA512
eeba8c673a3c0ccbac2e58e85eea03882254129cf0bd024aa168c864a26e7066523ac2d2dde5478370622eef641be4cf458f8b93d3bee007c04e4613dd06035c
-
SSDEEP
786432:8K8OqJ0zvGVbq9HX410v0zY41FeWkYzJLjjj0ek/zbqJvI/:8jOqJEvGVON3oeXY1jj+/wI/
Behavioral task
behavioral1
Sample
0099d476ababd44886c8c6fe727721ba_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0099d476ababd44886c8c6fe727721ba_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Statistics.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Statistics.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
$TEMP/QQLive/QQLiveSetupex.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$TEMP/QQLive/QQLiveSetupex.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/ExProcDLL.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/ExProcDLL.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
ADManage.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ADManage.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
ATL80.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
ATL80.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
AsyncTask.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
AsyncTask.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
BugReporter.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
BugReporter.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
CefSubProcess.dll
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
CefSubProcess.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
ChannelMgr.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
ChannelMgr.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
Common.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Common.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
D3DX9_43.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
D3DX9_43.dll
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
0099d476ababd44886c8c6fe727721ba_JaffaCakes118
-
Size
35.4MB
-
MD5
0099d476ababd44886c8c6fe727721ba
-
SHA1
19eec2a4e89e23824b77be2d0a4c3c5d5f9b7f94
-
SHA256
97f316b567be836f302b4182037f02e17e2a8272534ce830a3d1d2ea15237006
-
SHA512
eeba8c673a3c0ccbac2e58e85eea03882254129cf0bd024aa168c864a26e7066523ac2d2dde5478370622eef641be4cf458f8b93d3bee007c04e4613dd06035c
-
SSDEEP
786432:8K8OqJ0zvGVbq9HX410v0zY41FeWkYzJLjjj0ek/zbqJvI/:8jOqJEvGVON3oeXY1jj+/wI/
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/InstallHelper.dll
-
Size
327KB
-
MD5
fae98b3964df3827001407a2ae8bb547
-
SHA1
fe6e05a184c89c4e221158c1a1ed5142c08be09c
-
SHA256
92df0c8007da6a599680a21c9d5432be107de85a642412984a5ef32e66ccb907
-
SHA512
190cf9a196130bd66a64a9669c043ecdc743d879e8c8d4588acb762789b0c87c354757df1bf7f41622a07004b097b8d0924c8571d1a803e7b96d50006076ca37
-
SSDEEP
6144:z7L2Ic0SvVQblZ3KwDK2Zze1paoZKQdtx9tfIpBuFQIn56eaeyB:z7L2Ic0SvVQbjKwD3ze1paoZKQdtx9tO
Score1/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
30KB
-
MD5
d8df9e424481be84492899edb076b1db
-
SHA1
9cdaeadc840a99e6ce9509227fad73055cb7cd06
-
SHA256
365d129d3f3cfecff063286bf1f90524d0ffe2650ac288d14b90ab9241db9311
-
SHA512
55165dad7e1b7fd1688941d1107adef6b4635283c517b70a28f8fb614b070aa6be14b4ff8f0767d18ac3d152fff543df2b2be8786ca621a92cd1321a1fdd6613
-
SSDEEP
384:TsUHd9GN2d2iwl0impATIPdAj8Ov6LnYPLQRIA9eMQFNIAQY1ueHQAHKnE:DHdw2Z20tNVi6JuueOE
Score3/10 -
-
-
Target
$PLUGINSDIR/ProcDll.dll
-
Size
1.4MB
-
MD5
b7b3a4ef4a8592e6e7b39738ea411338
-
SHA1
f7bce9ad6fefa1ddf2ed078488091931d44ba146
-
SHA256
e89009adf98a1d946c11331be5068a71861608d39bb424bd9eab6a8216d742ee
-
SHA512
6a1f75c1f4fc273fa67de1280b692de28e6b1e39dc2f8f4d1db4638209ed73f60c3723fb008380f1d2a25fa824aaab85ec84f2e1a6bcd3a9c9fe7cdd0625c9b9
-
SSDEEP
24576:KWJ+BcHkaMM/X7SqNAm6ZIqUaAAMivtP0BzprKltFcuqDEC5yLg/2iSN6UvSWLRl:sBcjSDfkivtPktKiILgpiSWLR4A
Score1/10 -
-
-
Target
$PLUGINSDIR/Statistics.exe
-
Size
323KB
-
MD5
41e928af129c0583d2eb8c13a6caee64
-
SHA1
d7c6f623f941ff21d5e172ec599c9525e4bcf953
-
SHA256
24f1b40015760028743e03f2e0dbd6333f07fa43bcbdb37bb33a1b6626eb0684
-
SHA512
ca8dfb2318e4c7352497c3f664cf886b92c171567ca615e0a55a9cc89ca84a8a4c96b10bc5da3b8109aef8c6718da672fc106da95153860b8dc253ac5c98c6ba
-
SSDEEP
3072:cnImDls6hJ1QMjTBCT5LiR1oBYsLnEbVu/hqMivTqB2toa:AK6fXGPOihf9M
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
26KB
-
MD5
0c08bb15fbad882bd932a7aa0caefc4e
-
SHA1
4a54f6d7e9ed5d148c1dd5995efbe98fbd3695ce
-
SHA256
5051b25c37aa06bd432a0a16ec2ee9afcdcb4808acbe4743476c6e4d71e4a116
-
SHA512
8a3a67b6db35ae8f965158987b134ae6a0d82cd67e777fbdf2a70a3abc76d39157c7d49c4b26e6ce286b5e7867bcc1a9ad057001867c632b05a67b4fc474bd86
-
SSDEEP
384:hCP2HgN4GbeWmbI4Eybogia7yOqnYPLQRIA9eMuNIAQY13yfGnE:hCP2ACu54HogLqTuuGE
Score3/10 -
-
-
Target
$TEMP/QQLive/QQLiveSetupex.exe
-
Size
88KB
-
MD5
a4f2e9d3b0d2fc3a78347736ff2f84ef
-
SHA1
c82526d9e12809461891b01da1b60747def1434c
-
SHA256
7128120b344bd063934e5df924df4af75186fccad242bcc0875ea4ce3bc01bcf
-
SHA512
ff138d22ca470c29a47d9d160b06ba3c4ef79b09198b159b4d177234cdece4eb75f1bd665b74ad3464bd7180c53326bb3f31e8d09e2af1ac161fefa3d532ab88
-
SSDEEP
1536:bzu0c7MqiYxWZQWe2KYbqWgPnZe4Romu/BRYRO8lsqpTuGmq6IzDYfGf3b:Bc7MXYx4Qb5Y+WgPns45mYc83xzyGf3b
Score3/10 -
-
-
Target
$PLUGINSDIR/ExProcDLL.dll
-
Size
55KB
-
MD5
87495320b6bc4f54d129561d5a6011d9
-
SHA1
7c44a32a778483b8e807ab04863096648e4d73d5
-
SHA256
918625e67a13292ef53cdb807f39dc52dc98614c5add967cd65516bf6e50ad44
-
SHA512
7fafc35a6098ab3ca3aec144b25ed0e6d6c9df6fda8b92007be3332a6297f69126b33b52969567006e5c32f21f8507f39f7e7f48dc3edf5f585c9eeddd85ee3e
-
SSDEEP
768:A+E6M3ijAdUxvC4qVbcJCqZ3wNwYOA1ZmlqYO:A/xijAd+C4qVRk3wNFOAPmlF
Score3/10 -
-
-
Target
ADManage.dll
-
Size
379KB
-
MD5
ec04d52b23885e704e0a1a77e8b92bae
-
SHA1
c65fc02320feb100631afae28d9d6572b034be43
-
SHA256
d521af49dcca51dc5bd360edd6d39153a88fd86e0c45161a3b1caf2115b81f29
-
SHA512
71dc9c729c4a6a7513995a207792f92d23b4f34f3b2ecf9bee6d624b0706d54d0a144d74790bedc43325ec5e47a3e6ff701a8753fcfff6e06509e94572d6c742
-
SSDEEP
6144:UMtv3irSgPfIgYBpBSQUb3k8Px8DHLg7XWOqXhEJKTBRvdOAA5+T:UMtvSrSoAdBpMQUb08Px8Xg7XWOqXhE+
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
ATL80.dll
-
Size
95KB
-
MD5
3e9a33113d663d8bd5ed38858e669652
-
SHA1
1292dc7ffc35a1ef2b761672361bcffa7483169e
-
SHA256
63e1985a37d5993d170373bc28d067c13c1541ca2b63968b82e35eaacd927b49
-
SHA512
a2dcd0d5db662653d3085d2ab39e8697b25e096fd2093e3f5ca2edb3087356814adb9f99e490dc95293198e05551a3ddbb3fa2918b8ed5f76d84a22268bfbe7a
-
SSDEEP
1536:SskNTnYQzkuvliN+9sdYhfv3rkT+za16/rWmE9dV87mKxGXmwkbos3co9:S1TnY4kclz9sdO/o9dVMmXmwkl
Score1/10 -
-
-
Target
AsyncTask.dll
-
Size
111KB
-
MD5
3ae8f78d7c06b0241e6c11d5c005e773
-
SHA1
c5337030e7e6c0356dbf51b53098d855f258bf95
-
SHA256
b1b6771567ec1f860cd7eedacb3e5b3d7b3c1b97a05398388fd7ff0b9e7cf2ff
-
SHA512
b8cb3a1e4cae1407418526cefd4eb2b8e7e26c4ea225b4ba69d2be9cbddd5c97cf9c769ffc6597a266fba15d931681bcfb62b09b8bb5fdc5311755bf0e115e70
-
SSDEEP
1536:qxcNC1tesY0vCUcWX0qaRpPODktoBdGyAIdBsKAMW65Q:33acWX0D7PODktoBdGyAIdBsKAMx5Q
Score3/10 -
-
-
Target
BugReporter.exe
-
Size
115KB
-
MD5
ed65e33b4c16186bffd6d04289af435c
-
SHA1
ed83be4b3c0a089422f3c38bdc60af6bf5ee1599
-
SHA256
1ecdba9e18389a69b52eed13cd71b3e2a939d895f78df0b1786073ee2c468b01
-
SHA512
146fb8c5de0d6175ba8835692193f9b3cb4ba25d6b5a12f370ad7fd4a6d26ddc199d6c2f541457844f2522c86bc67521592371ffbada87bc871e7ad06a423bcc
-
SSDEEP
1536:p4F9C6k8Qyo35/Fiqv5YZcj8rvL6+XzmKbfhRj8rvL6+XzmKBFVy2t/Iv0OIMrPM:L3tFvilSTVt/Iv0OIkSr
Score1/10 -
-
-
Target
CefSubProcess.dll
-
Size
187KB
-
MD5
ce5bf71f10fbacd0b37f8ba147a7ad4f
-
SHA1
56d00cb56980bdaa226dee0f8a99b1441b7c0590
-
SHA256
fecfcd9bd33453ae4694dde00492a369b6656438f921356361d53b8eb14e814e
-
SHA512
1be9a5b9d3acef41132c835f4ee9d611f3ddeffd89072ab183b3ff8e72e6d3aaa33065b4511398928306c1f024357c46d4d95805464ad0246f94a5bdc50ff76d
-
SSDEEP
3072:azCa597ujkQEf1NcauDE5m5EQNqyco+RgI0cE5U8ktpRZGauC2KA/fmSySfB6qh3:G5Buj3YNcXDfEVyco+RgI0cE5U8ktpRC
Score3/10 -
-
-
Target
ChannelMgr.dll
-
Size
635KB
-
MD5
e9ccedd0f6a28cd1e7f538b8d5e2bf5b
-
SHA1
4c0b2627e2cfdefa0fa4c8abf8fa6e967a2dd573
-
SHA256
10d0bb6bdfdc630a2e7da839d6fdccb3b3f27d70a4b17d3360046eb5ec51f0a5
-
SHA512
779b8e2a4148018212f47c42b675fc374e32baca17136d6b6e2f90eaa31a75e89b9bfee33b16288067a0ff4b8d9226ef1a111254f1d492cc2b6e42708ce976b3
-
SSDEEP
12288:7zkPFd0Mz8uRLYeNB06e0fANtvrkt2ieAKoBCCiS4ZDxs:EtfBNB0Gj2toBCxSgDxs
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Common.dll
-
Size
1.9MB
-
MD5
db1af67e89a7ad08e662817b97853beb
-
SHA1
0c4c48c886ce65469eab05a442694d57a8b6ce7e
-
SHA256
1bc5454fd73a39a8daf8d0f378c378a8fb725efebf3ac38bf0ae0e472aee606f
-
SHA512
96a5540ff2519f8ec3ef29e55ed0ff0ce708993d07dd3fdd92db052f3e2c79bded54e82edbe65dbb9339d68db21e0f05dc8e3b7ab69f6d548c93605c09f96fba
-
SSDEEP
49152:1tJJaXasZonirHVJN9zgssDbOEEt4cepXL:rJJ/sZEiLvCbOm
Score1/10 -
-
-
Target
D3DX9_43.dll
-
Size
1.9MB
-
MD5
86e39e9161c3d930d93822f1563c280d
-
SHA1
f5944df4142983714a6d9955e6e393d9876c1e11
-
SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
-
SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3
-
SSDEEP
24576:8UtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBs:8566l2u45BiNYFrz31Cv3D29kd6kWa
Score1/10 -