Overview
overview
9Static
static
91a7e7c3045...18.exe
windows7-x64
61a7e7c3045...18.exe
windows10-2004-x64
6$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...cs.exe
windows7-x64
1$PLUGINSDI...cs.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/QQLi...ex.exe
windows7-x64
3$TEMP/QQLi...ex.exe
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3ADManage.dll
windows7-x64
7ADManage.dll
windows10-2004-x64
7ATL80.dll
windows7-x64
1ATL80.dll
windows10-2004-x64
1AsyncTask.dll
windows7-x64
3AsyncTask.dll
windows10-2004-x64
3BugReporter.exe
windows7-x64
1BugReporter.exe
windows10-2004-x64
1CefSubProcess.dll
windows7-x64
3CefSubProcess.dll
windows10-2004-x64
3ChannelMgr.dll
windows7-x64
7ChannelMgr.dll
windows10-2004-x64
7Common.dll
windows7-x64
1Common.dll
windows10-2004-x64
1D3DX9_43.dll
windows7-x64
1D3DX9_43.dll
windows10-2004-x64
1General
-
Target
1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118
-
Size
31.9MB
-
Sample
240506-dq9lvsfc3s
-
MD5
1a7e7c30455fe01bb74cc1beac9c20c1
-
SHA1
f019ba09eba872bf9c7713612caae114ba060eb8
-
SHA256
80d28b14d2172c2a3a76a718b604d120ff2a8e80424d68790afbe0bd267ee064
-
SHA512
c80f096cf8422d2d47a59e1dc2d150542f87c6167b8701a77fa43ca9e240ec85bc5485ee5f56efe3ffd27debe6ec0d7aafe064df3598845638f6444116895114
-
SSDEEP
786432:dbf97HMYUtdEXaSNFqZNVg2G0TzsVGYptBI+xpF7:dLZsRPEKS7sUw/sVGY3B1xpZ
Behavioral task
behavioral1
Sample
1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Statistics.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Statistics.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
$TEMP/QQLive/QQLiveSetupex.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$TEMP/QQLive/QQLiveSetupex.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/ExProcDLL.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/ExProcDLL.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
ADManage.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ADManage.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
ATL80.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
ATL80.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
AsyncTask.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
AsyncTask.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
BugReporter.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
BugReporter.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
CefSubProcess.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
CefSubProcess.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
ChannelMgr.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
ChannelMgr.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
Common.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Common.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
D3DX9_43.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
D3DX9_43.dll
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1a7e7c30455fe01bb74cc1beac9c20c1_JaffaCakes118
-
Size
31.9MB
-
MD5
1a7e7c30455fe01bb74cc1beac9c20c1
-
SHA1
f019ba09eba872bf9c7713612caae114ba060eb8
-
SHA256
80d28b14d2172c2a3a76a718b604d120ff2a8e80424d68790afbe0bd267ee064
-
SHA512
c80f096cf8422d2d47a59e1dc2d150542f87c6167b8701a77fa43ca9e240ec85bc5485ee5f56efe3ffd27debe6ec0d7aafe064df3598845638f6444116895114
-
SSDEEP
786432:dbf97HMYUtdEXaSNFqZNVg2G0TzsVGYptBI+xpF7:dLZsRPEKS7sUw/sVGY3B1xpZ
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/InstallHelper.dll
-
Size
308KB
-
MD5
b5cf41119267aa29d51cd0bb2027c1aa
-
SHA1
bb1251b652806fff5c093cbbcefb8f62eac4a3ae
-
SHA256
5328a65448499a882cced9487db3e989384b9e2bcb65873095cfa45bb99be752
-
SHA512
41334a29d982eb99a0811ae942d057ffbaeb6cc7ce84d2b7d1276b2b26b4e0aed084b9dc75e5f2deebd04555eebded11c577afc911c332a5b7a53f457e2dd090
-
SSDEEP
6144:Q4EMC0YB+Z8singQFp9psio0PBenCICnACiWbaSF6e2:Q4EMC0YB+esingQFp9psio0JA2ABfsL2
Score1/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
22KB
-
MD5
7941f7efe8a32740e1ce93ad0a444418
-
SHA1
5c5e03c343cbfd1df2a7dd250c42b3bd39b83c0b
-
SHA256
128643d68393e9dd1e5752d55930a9342a432496912206bbc68850f72be9a4da
-
SHA512
9db88a0bb6e44ab5605298e9216767918efcf7405f60922d52cd4ccc36f3a0aad3a07d6ef07b9409bcf02a7ef6cc3e117005adda0d404d036ce5daeac00203e2
-
SSDEEP
384:/sUHd9GN2d2iwl0impATIPdAj8Ov6HnYPLQjyIANweMvS:fHdw2Z20tNVimd
Score3/10 -
-
-
Target
$PLUGINSDIR/ProcDll.dll
-
Size
1000KB
-
MD5
889686a649b80f6025f246ea6e778021
-
SHA1
4ca2cb0117dd6fd63dc197707970efb19144ed56
-
SHA256
8a0ebf941c15a69c9a7978aa8b17700dbcf0790768c372cbb16cc8e64611b54d
-
SHA512
ea78a522e046166666989f7b41cce14cc96ea0156277ffe45c77b5190ad90236e107f725e063552177bb5225f4cbef064363256a7e90e58d617e8653e1a9bf2f
-
SSDEEP
24576:gbyR6M5YFefN/9kA7ewYbsPW/YfR/ad4:gWxyI1CwfR/ad4
Score1/10 -
-
-
Target
$PLUGINSDIR/Statistics.exe
-
Size
268KB
-
MD5
8cd1ca96e2d6202be5d19fcefa35bbb9
-
SHA1
87f363b889b6ddf7cce6f7de981a36e5d600909c
-
SHA256
49cd107a52f0c7a7ea546ae1795b7044628361dcf6884b4a57f4c6e1fda109c5
-
SHA512
239a7549c596c6b9f670b38eda1bafa2cb62db46deab53ab20afcc01f85481766744c3578230d13d82e5eaa7c40104555bb4fb85d7d22b02a9cd426162bb5144
-
SSDEEP
3072:P4Y5LO/EWnWIAUfjY5dCF9MLilNlJ8un7zQumOt8:mc226jNYfP
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
18KB
-
MD5
92fc9e50e8511609257cb59f633f13d6
-
SHA1
f95f0df12deb5dc4b281732d983bb2c103c17b56
-
SHA256
953ba87a30cbe067408e75bba9fe750c0e60270607aba1ec953bd730c337fe3b
-
SHA512
fe4a4d3e6ba6ae0bb2194f7667443dd5be591ef2e9b1f792d80d7ed3ad1685858dbb856548f01d5a73e80cd9cdb144f24f4d517f8f91b2eb376606c325041093
-
SSDEEP
384:hC42HgN4GbeWmbI4Eybogia7yO+nYPLQjyIANweMxK:hC42ACu54HogL+a
Score3/10 -
-
-
Target
$TEMP/QQLive/QQLiveSetupex.exe
-
Size
80KB
-
MD5
7a516ee64081f8f6b49438e46da1a877
-
SHA1
c30112e9095c9c50c686af1647ca2119f3739844
-
SHA256
f4c57ba172b81979defdfbc0ade6816d1ff80ceaced239bb3342618ac8f1f2c5
-
SHA512
b4706f9094a41c3b610a05240fe09cb04e51f6985266aaf7752be0cd81e0c581a651f9620f0c56462e708f4697d26a4d973add267d5ce187f7d91e2bc220b713
-
SSDEEP
1536:/zu0c7MqiYxWZQWe2KYbqWgPnZe4Romu/BRYRO8lsqpTuGmq6IzDYfGf:tc7MXYx4Qb5Y+WgPns45mYc83xzyGf
Score3/10 -
-
-
Target
$PLUGINSDIR/ExProcDLL.dll
-
Size
55KB
-
MD5
87495320b6bc4f54d129561d5a6011d9
-
SHA1
7c44a32a778483b8e807ab04863096648e4d73d5
-
SHA256
918625e67a13292ef53cdb807f39dc52dc98614c5add967cd65516bf6e50ad44
-
SHA512
7fafc35a6098ab3ca3aec144b25ed0e6d6c9df6fda8b92007be3332a6297f69126b33b52969567006e5c32f21f8507f39f7e7f48dc3edf5f585c9eeddd85ee3e
-
SSDEEP
768:A+E6M3ijAdUxvC4qVbcJCqZ3wNwYOA1ZmlqYO:A/xijAd+C4qVRk3wNFOAPmlF
Score3/10 -
-
-
Target
ADManage.dll
-
Size
367KB
-
MD5
98c7f160210ac08734ffb2efc205a925
-
SHA1
e8ca9c080b625c6ce34909f57b9b924b58b1914c
-
SHA256
ecdde5be953950b8a7dba9c92c4cd5f5dfe958429104defe71f9ec3bd2ed82ac
-
SHA512
8f748a68f323ecf2ad2551ebfb478d2d51db8c51c666a5c77f8fa4b83027ec54069e5e6393d777a75d7402d6bd1069535c8067060a4cbf09bfa290e762c518ea
-
SSDEEP
6144:NLJ3FdhG1Ou2IDkpREH2tZFX+06VmbPgrp/RRuqTBP/OAAiKyz:NLJ37w+IDsEH2tvX+06IbPGTRuqTaU
Score7/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
ATL80.dll
-
Size
95KB
-
MD5
3e9a33113d663d8bd5ed38858e669652
-
SHA1
1292dc7ffc35a1ef2b761672361bcffa7483169e
-
SHA256
63e1985a37d5993d170373bc28d067c13c1541ca2b63968b82e35eaacd927b49
-
SHA512
a2dcd0d5db662653d3085d2ab39e8697b25e096fd2093e3f5ca2edb3087356814adb9f99e490dc95293198e05551a3ddbb3fa2918b8ed5f76d84a22268bfbe7a
-
SSDEEP
1536:SskNTnYQzkuvliN+9sdYhfv3rkT+za16/rWmE9dV87mKxGXmwkbos3co9:S1TnY4kclz9sdO/o9dVMmXmwkl
Score1/10 -
-
-
Target
AsyncTask.dll
-
Size
111KB
-
MD5
6ab7eb62057d4ac317cacd8ba44f91a7
-
SHA1
34649a667c5de64dbece699828bed50aaefbfec5
-
SHA256
3eeb4dda1d618488fd9d46517f4112e6edd19dca65ff07374062b19470b09f35
-
SHA512
8a21007c88b73b32f3528b94e5d376bc82f2529f75c6dfced155fa673e8e7e13c03fa4460517e87f83fe63942bfc6abc6bd4e4596fd45a24c2f9710c047a80e4
-
SSDEEP
3072:wbuMyb8PIwTPODktoBdGyAIdBsKAMteeJ2x:nzGrODTHLehx
Score3/10 -
-
-
Target
BugReporter.exe
-
Size
107KB
-
MD5
7cfc3a5f14414a96ec938044e47a0ea9
-
SHA1
4a1814f51a3e3f0d5bfcc2f58219715a1924866c
-
SHA256
16409089b44451c45b56295a54c86b24574c27f8228ea344f91dfdeae1870933
-
SHA512
5e244f25c515796f56fa34c3b464d24891010348bbaed5ca360a952b1a4f841872454b24b22b0daef15a8620a5705b287120cdf9297de2611aa1c1b9cbb50c5c
-
SSDEEP
1536:yCyauF2IJbox3MJaQn8rvL++Xzm6H/hPn8rvL++Xzm6EhuAnWIq0OergjpL2k:+Jb+8aD5gAnWIq0OeropL2k
Score1/10 -
-
-
Target
CefSubProcess.dll
-
Size
187KB
-
MD5
591699755978298f7c8ceb687109e913
-
SHA1
ff338969d75f887b8563052cc51db94ff3a39267
-
SHA256
8c67d95570059507eb94ab9f4882421c9a9e1ffca40315d73345012dd6459e0a
-
SHA512
310fce3514ab6059b68650e533c67ec87adaf04b4d2d8179bf8674cfa730a5105b5614c4acb9c52cc6820604d93d4e2c4dbdce1c3bb105391a187096cc91c6e5
-
SSDEEP
3072:FetZuw+XkcU9Ncq6fId+WQ1mVH5rkazMRBJO8jIF4bn7YPTOj56twpnf9Ht02s:4tYw+XDkNcjfEHVZ0ZOx4PY7Oj5XFbs
Score3/10 -
-
-
Target
ChannelMgr.dll
-
Size
555KB
-
MD5
159080d668d047dbc7457c6e38905b12
-
SHA1
785018946914e05e7ffd6d0207920ebfb0ff6f70
-
SHA256
51d6636ec84888498f2abbc686aa20d0cef9ac0ab3eeb476363996941fb482e6
-
SHA512
f397b34da4d75f364edb7bff5e3a907eca2e0a04c2257a80f88c640fdb7f4884d07dae25fb9249b65ad91f20fd1839f765b77a3e79c84b3454a4038b956e4df5
-
SSDEEP
12288:EiYPmwEZQLHrx205aPMJ1oQPO9cKLchrAT:8EC6PMvoQPOz8AT
Score7/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Common.dll
-
Size
1.9MB
-
MD5
b9fcbd8fddb981d89e259f7c90ec4180
-
SHA1
579f2275e37505fa0a5d06ca7d611cd9ebae7928
-
SHA256
5484b30d3d96b02fdba8193162ee67b0c45f02c5a09b049e190bf0d4dc4aa060
-
SHA512
c809f371b0caa0f0804951795307b69d4b7f15641f98e4842b5ef75c4dfcb48e7bda35e9eb3fced8650afe0332bf5e731946b8a8dfea32aba8b39b057285e2d0
-
SSDEEP
24576:y2L8jR6DlsMNvWQpov7nGGdAY7tNx5SfTAgPUjoGmKdOyEFHwPeZxNjbUqU8uerf:y2L8NzMVNq6bYRNcyHEFHwP8xqJeX3L
Score1/10 -
-
-
Target
D3DX9_43.dll
-
Size
1.9MB
-
MD5
86e39e9161c3d930d93822f1563c280d
-
SHA1
f5944df4142983714a6d9955e6e393d9876c1e11
-
SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
-
SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3
-
SSDEEP
24576:8UtU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBs:8566l2u45BiNYFrz31Cv3D29kd6kWa
Score1/10 -