Overview
overview
7Static
static
304210d6c97...18.exe
windows7-x64
704210d6c97...18.exe
windows10-2004-x64
7$PLUGINSDIR/PW001.exe
windows7-x64
7$PLUGINSDIR/PW001.exe
windows10-2004-x64
7$PLUGINSDI...FC.dll
windows7-x64
3$PLUGINSDI...FC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...86.exe
windows7-x64
7$PLUGINSDI...86.exe
windows10-2004-x64
77ZipBuilder.dll
windows7-x64
17ZipBuilder.dll
windows10-2004-x64
17zxa.dll
windows7-x64
17zxa.dll
windows10-2004-x64
1BugTrap.dll
windows7-x64
1BugTrap.dll
windows10-2004-x64
1Crux P2P.exe
windows7-x64
6Crux P2P.exe
windows10-2004-x64
7DocumentReader.dll
windows7-x64
1DocumentReader.dll
windows10-2004-x64
1GFLImageServices.dll
windows7-x64
1GFLImageServices.dll
windows10-2004-x64
1GFLLibraryBuilder.dll
windows7-x64
1GFLLibraryBuilder.dll
windows10-2004-x64
1GeoIP.dll
windows7-x64
1GeoIP.dll
windows10-2004-x64
3HashLib.dll
windows7-x64
3HashLib.dll
windows10-2004-x64
3General
-
Target
04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118
-
Size
9.6MB
-
Sample
240428-ce98kseb3y
-
MD5
04210d6c97e3cc1e7a343d92be684ee6
-
SHA1
59c7a4c842faf91d26f4a98d33b92595a06e713e
-
SHA256
121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a
-
SHA512
c5d6843a8ce0e87fd5b2b1df9a1314955be8f98179d00868fbbf6c7889e897e2049aecd11ae5fcc9bd016f9e7b89b839b47f9171e376abb01ba7c6de46c8a158
-
SSDEEP
196608:QQON6Gif26Z5Ayrb9TTg7ReSxDkN02Nd9KYZ4u7rHc7vMZX0H3MUWUu6dXfr1:pIkbAyr5qkSBk224WoMZX0+sZD1
Static task
static1
Behavioral task
behavioral1
Sample
04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/PW001.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/PW001.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/SimpleFC.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/SimpleFC.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/vcredist_x86.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/vcredist_x86.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
7ZipBuilder.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
7ZipBuilder.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
7zxa.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
7zxa.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
BugTrap.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
BugTrap.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Crux P2P.exe
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
Crux P2P.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
DocumentReader.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
DocumentReader.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
GFLImageServices.dll
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
GFLImageServices.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
GFLLibraryBuilder.dll
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
GFLLibraryBuilder.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
GeoIP.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
GeoIP.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
HashLib.dll
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
HashLib.dll
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
04210d6c97e3cc1e7a343d92be684ee6_JaffaCakes118
-
Size
9.6MB
-
MD5
04210d6c97e3cc1e7a343d92be684ee6
-
SHA1
59c7a4c842faf91d26f4a98d33b92595a06e713e
-
SHA256
121b577a7dac22764c8d5e89c1b0504edf7803fdf6c5ed15c0c432d9605b4f7a
-
SHA512
c5d6843a8ce0e87fd5b2b1df9a1314955be8f98179d00868fbbf6c7889e897e2049aecd11ae5fcc9bd016f9e7b89b839b47f9171e376abb01ba7c6de46c8a158
-
SSDEEP
196608:QQON6Gif26Z5Ayrb9TTg7ReSxDkN02Nd9KYZ4u7rHc7vMZX0H3MUWUu6dXfr1:pIkbAyr5qkSBk224WoMZX0+sZD1
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/PW001.exe
-
Size
894KB
-
MD5
14e8afb1eeccf97178b645f49d2ea7a1
-
SHA1
4ba319f46201d7af9c01b28cfc53ba7975c4bc3e
-
SHA256
1c52b0c39ae1f8405f09fab77e2ff02cc5083b0b329d06c979f4ca4f2eb1f934
-
SHA512
2e3a78b5d2794c03b672eecc8e30e3d17fcf9119102859eb02cc5d918b2bd3b8cf59b2e5bffd0b304dc8ca6d6ad5149114e964950d720812d062fc029cc6f137
-
SSDEEP
24576:fG50ZfFK6MLYptRReZ3kTE3S00B1RxjBnYy+olZhDvL1g:fG5UfgVYlMRkTEiRBPxJBVZhDC
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/SimpleFC.dll
-
Size
175KB
-
MD5
d38543fc9ae37d188a23e06ee11d3504
-
SHA1
174fe778f66db4a527fddf21b1c23e1bc1ceceeb
-
SHA256
72f33da081b8d579f437e7aa2ba8d9cb9602270b88093ff9411ac6316b52fc6e
-
SHA512
43d1874e5821d8e5530eaa34d42b76aa867528368779fadcfd2691825297accf04e94bd34867442a76c25d4729edefba9469de6500acfe6f665949f11878c54b
-
SSDEEP
3072:l2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVn5O4z6ULfLb6Cu:Us4zIg+rKTTmnhfAoSxZ5OVu/
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
bf712f32249029466fa86756f5546950
-
SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
-
SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
-
SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
SSDEEP
192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
24KB
-
MD5
1fc1fbb2c7a14b7901fc9abbd6dbef10
-
SHA1
4d9ed86f31075a3d3f674ff78f39c190a4098126
-
SHA256
4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e
-
SHA512
76d8ff7fc301cc5ff966ad8be17f0f3f2d869ef797c5a2c55a062305c02133a842906448741bf9818ec369bbb2932b9a9c2193ebc59835b50e8703db0090fdb2
-
SSDEEP
384:ya3Bj/GAqvdXP4P4IVlht8zNHxKNSJvor9e9dQTIHzOZwceyeZwd6TJdpq:yRtqLhtqKNS5sAvQTIB86T0
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
4ccc4a742d4423f2f0ed744fd9c81f63
-
SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc
-
SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
-
SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
SSDEEP
192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score3/10 -
-
-
Target
$PLUGINSDIR/vcredist_x86.exe
-
Size
2.6MB
-
MD5
5c82be7ad1775b67916ee19c15b99331
-
SHA1
7dfa98be78249921dd0eedb9a3dd809e7d215c8d
-
SHA256
eb00f891919d4f894ab725b158459db8834470c382dc60cd3c3ee2c6de6da92c
-
SHA512
2c505476c81ad32a4904d57d9214bbaa805891c261e010b08055896dca32cfd426f4d13d14a96022fda9a5d8ecd638d65bc37baefed216a2517f07e9acb6939d
-
SSDEEP
49152:7XOOTQyCR1e8HkA7pFomV4d4QN3uoxFit39/SZrPfLHkAZ0oI006q/HVFlQE+QD9:77EzzzJp0+ojyFALE4hIP/HRXP7x
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
7ZipBuilder.dll
-
Size
78KB
-
MD5
ae58a65957b0582620f602158d2b022f
-
SHA1
ae2883a00420c3cd8a0cc922e1f594a5c879fa17
-
SHA256
807d62849083fba827c54f3461f820dff32033e666f2f6845c61ea22ca341a4a
-
SHA512
b5272530793dc5ef502e6388c848368aa71eee803be3e5779acbeb1f4c2452d5e157bdce0ae848f82ebde892eb0bf1b70b12fadff3efc725e07fa8e7baa0d372
-
SSDEEP
1536:4oJPWvozDqtbkJEtPH/PsmA+7DbK7r14nm:7tGofqtQJi/PsmA+7DbSb
Score1/10 -
-
-
Target
7zxa.dll
-
Size
171KB
-
MD5
1cf011c4c0aeb50a46ce6d04ec47adf2
-
SHA1
80edc3f772084a8cbec182f1c588cd9f6f9c7df4
-
SHA256
d86b46836fd0a1d7488d1f8a01dbd831c5301c2a7b733aef584de7891cf2771a
-
SHA512
095f340db7c279832711ac4ed3bd932fe809f3d30d72ee6dc1357ffe4d77c6a68825967eaef4a33763bd1bfc1b476314dac44bb0552fac152ba6acd73d0660b8
-
SSDEEP
3072:Gc1Cwwna6ODBgYc6MDV3WX+87F0z19T1BoFOysbK9IKFFZpGCGklyIAv:GtaHDBgYP0wB7F03xysmBEC0Lv
Score1/10 -
-
-
Target
BugTrap.dll
-
Size
245KB
-
MD5
05c7a07dee252bfebbd8da6d6c33a5f8
-
SHA1
2d006834bb45ce6fa3ac07a0a871323b9d60137d
-
SHA256
80fac535f67fa93304bfd181cb77be2cdd7a263b34e19d477b3c6f1fb974d03a
-
SHA512
1bfcd25386fe8560ff842a346f51b27d900498e029e0a047ea0d3151960a42b41557d621d028420c6ce8ac2c1250de8f4f8b839d8d55371adeae9b33ecc2e42b
-
SSDEEP
3072:Vuj9UeV71NBHRSDUPxfCFRFYFE0szgzXyILt2vD0qcxrParYEctBYWBL17dK:Vues7pHgDUPxfCFRFYFrsiXykF9asdK
Score1/10 -
-
-
Target
Crux P2P.exe
-
Size
4.3MB
-
MD5
08c716898f568707c4514bbb485142a1
-
SHA1
b210be49e57c9da57b9e7762ba11023e9a4f0527
-
SHA256
e96b17d8b68aa6aaa20621c086d9cc4562832c5d8f2cc91e0e5484e1b5be44bc
-
SHA512
940ac0fb7eee08eba0ecb395920b5814729e2b8e7f9d7ad2a366aaa2561e28659ccb59b81ac304c3d5b1a74d442aa503d025f1cf07c95480291f33ed359c895b
-
SSDEEP
98304:HZadBHHx3WuEWAYJvO094J1ZcDKxclTQ/3XjUtCLvfHunLoxHVUA/bSGCQOm4bdt:HZQRx3WuuYhOuKaE0PJ/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops desktop.ini file(s)
-
-
-
Target
DocumentReader.dll
-
Size
133KB
-
MD5
57a119e53a13833a2b17a66c283d60a4
-
SHA1
6de7d3a844e8157b71e9fef01e9ce00140c73c14
-
SHA256
d1b76d39ee0358407025a4214a8e8b58ba85dcc807f29294fb56991b02c7d50f
-
SHA512
bd93faedc07475881c737f1ad2e23f70fc4681151b1acfa1532c0b3eeb9f76717f92da27c8a86485fea06dd0e4dd63224dcd2318852d3ad6fba272251f263b84
-
SSDEEP
3072:ASGlTEZNIr1KqsnVA5OctzRD+T0XO+mu:ASQhV5xrtX
Score1/10 -
-
-
Target
GFLImageServices.dll
-
Size
92KB
-
MD5
7f490c0df4f4b406f885e33871f16303
-
SHA1
7c138c8740823f8f17b5cfbf64515881332096e6
-
SHA256
eb67c04ad1fc64e16d3f34a19194b321b6736e42a3a9975522b0570e399679d5
-
SHA512
f82f884fdb4b5692a9d37361c804f595e329e63b3cc366b9c3cb7cb39b49f0d7266ffc587d4a0fb39b78ade483462d82ec96c4e5ce38772dd90677866f889c86
-
SSDEEP
1536:swrH/GZD0ctEyrt1R4KnGhglPjCVHSDTAn6KOxjEY+f6E1YuX:sSOZoSEyJ17GhO/iujEY+f6E1z
Score1/10 -
-
-
Target
GFLLibraryBuilder.dll
-
Size
94KB
-
MD5
94c436a39c7a0a5b5a2a67dc33d8b6b2
-
SHA1
691afd5f8d88ad6ac6de6f38be9d8389e8c7d28d
-
SHA256
4f552fe9d1752a3e83fefacd51432e87d7f03082bd49105634e02372ae5a775d
-
SHA512
fd0f169520dcdf0d924b68bc1694f860f24676f00d2942000898321e08b4dfdb5d6b18dec4cd15a92799d7c8da9fa697b86a1be2b43a8562e58930add50b6d88
-
SSDEEP
1536:Va2bA5dMuyhOfgr/BLkv5onLKR9CinKy+Twtogh4tDIF:Va2s5dQSgrITfCiKy+TwSSF
Score1/10 -
-
-
Target
GeoIP.dll
-
Size
95KB
-
MD5
18acbac35973dd1a370eb084d3248a1c
-
SHA1
06d9b1011e8da4d32966f3f9b99d09914937c956
-
SHA256
7c9bc79832d4d95bacdcc7c3d3b9a09e907b0486a83f2b51ba97379ffb8b107f
-
SHA512
169e6d70e552d487bb89987beba8b15d0e3086ba484c436494f189c3d780b3a680e67d851ce31bbb63fe86c88ace464123752a3f649be36937e0a0a4155d02a4
-
SSDEEP
1536:JvYtAjfQa/bvEB7dD/xFUyYW0AVGURtgty90Dxp+Clo:SPaI7dlFUac+gW0Df+Clo
Score3/10 -
-
-
Target
HashLib.dll
-
Size
85KB
-
MD5
d4c56b38c61b62cd4fda14f9e46a4a3d
-
SHA1
e63a2cd59ff19042fd5fece5a9812f10e426639e
-
SHA256
6c5356f08f65135ae30e7208f91cf87f1e89731794ca5d0b5e8464efb5b82ffd
-
SHA512
e71ff82a905ba903726f05e0b18a403d0bb7bf769d4dfbaa01092c41a9d03c89303daa1363ab00c81b9b4cba81b4fe24fb326e828f6e0a2f4cb5c3499ca6fcb9
-
SSDEEP
1536:ou+QKy8A04dWZVRxyMfKpKQwOmu2JiQykO8hvELviU0:kdA04RbZ2J9ykOT6U
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1