Overview

overview

7

Static

static

7

CCC/aspRwW...il.vbs

windows7-x64

1

CCC/aspRwW...il.vbs

windows10-2004-x64

1

CCC/aspSpy.vbs

windows7-x64

1

CCC/aspSpy.vbs

windows10-2004-x64

1

CCC/aspx.js

windows7-x64

1

CCC/aspx.js

windows10-2004-x64

1

CCC/phpSpy.js

windows7-x64

1

CCC/phpSpy.js

windows10-2004-x64

1

Customize/...ze.vbs

windows7-x64

1

Customize/...ze.vbs

windows10-2004-x64

1

caidao.exe

windows7-x64

7

caidao.exe

windows10-2004-x64

7

readme.vbs

windows7-x64

1

readme.vbs

windows10-2004-x64

1

CCC/aspRwW...il.vbs

windows7-x64

1

CCC/aspRwW...il.vbs

windows10-2004-x64

1

CCC/aspSpy.vbs

windows7-x64

1

CCC/aspSpy.vbs

windows10-2004-x64

1

CCC/aspx.js

windows7-x64

1

CCC/aspx.js

windows10-2004-x64

1

CCC/phpSpy.js

windows7-x64

1

CCC/phpSpy.js

windows10-2004-x64

1

Customize/...ze.vbs

windows7-x64

1

Customize/...ze.vbs

windows10-2004-x64

1

caidao.exe

windows7-x64

7

caidao.exe

windows10-2004-x64

7

readme.vbs

windows7-x64

1

readme.vbs

windows10-2004-x64

1

caidao-201...il.vbs

windows7-x64

1

caidao-201...il.vbs

windows10-2004-x64

1

caidao-201...py.vbs

windows7-x64

1

caidao-201...py.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    017bc56a952d2ba5c5dd2381f0524b2c_JaffaCakes118

  • Size

    1.1MB

  • MD5

    017bc56a952d2ba5c5dd2381f0524b2c

  • SHA1

    30108ee39950f98a15004ae007dc13e09c5cc020

  • SHA256

    4bb8653083c27ee61195d4de3285b0191a34aae6457ee3bead963211d34ea60b

  • SHA512

    4c5965862a5dcbc7480d14309cbec27f989d4df460c32ad7899a65590fc565b45b3b3089ca58da4103ab09232ef85fcffbb20fcc0c86be482f78c1dca79883ef

  • SSDEEP

    24576:AoH5iVlqKKQpYwsc/j5Z9QYAbYZSMPOlt402eDHB94XjJ4790S1qz6GqTG1639tY:v5iVl4Qp+c/j5/Ib/52eDn4iqz6+M9PC

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • 017bc56a952d2ba5c5dd2381f0524b2c_JaffaCakes118
    .zip
  • caidao-official-version-master/MD5.txt
  • caidao-official-version-master/README.md
  • caidao-official-version-master/caidao-20111116.zip
    .zip
  • CCC/aspRwWithJMail.ccc
    .vbs
  • CCC/aspSpy.ccc
    .vbs
  • CCC/aspx.ccc
    .js
  • CCC/php.ccc
  • CCC/phpSpy.ccc
    .js
  • Customize/Customize.aspx
    .asp .js polyglot
  • Customize/Customize.cfm
    .vbs
  • Customize/Customize.jsp
    .asp .js polyglot
  • caidao.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • readme.txt
    .vbs
  • caidao-official-version-master/caidao-20141213.zip
    .zip
  • CCC/aspRwWithJMail.ccc
    .vbs
  • CCC/aspSpy.ccc
    .vbs
  • CCC/aspx.ccc
    .js
  • CCC/php.ccc
  • CCC/phpSpy.ccc
    .js
  • Customize/Customize.aspx
    .asp .js polyglot
  • Customize/Customize.cfm
    .vbs
  • Customize/Customize.jsp
    .asp .js polyglot
  • caidao.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • readme.txt
    .vbs
  • caidao-official-version-master/caidao-20160622.zip
    .zip
  • caidao-20160622/CCC/aspRwWithJMail.ccc
    .vbs
  • caidao-20160622/CCC/aspSpy.ccc
    .vbs
  • caidao-20160622/CCC/aspx.ccc
    .js
  • caidao-20160622/CCC/php.ccc
  • caidao-20160622/CCC/phpSpy.ccc
    .js
  • caidao-20160622/Customize/Customize.aspx
    .asp .js polyglot
  • caidao-20160622/Customize/Customize.cfm
    .vbs
  • caidao-20160622/Customize/Customize.jsp
    .asp .js polyglot
  • caidao-20160622/caidao.conf
    .vbs
  • caidao-20160622/caidao.exe
    .exe windows:4 windows x86 arch:x86

    d3e2f4b245b18b525051c15456ef2be9


    Headers

    Imports

    Sections

  • caidao-20160622/ip.dat
  • caidao-20160622/readme.txt
    .vbs