Overview

overview

10

Static

static

3

21f13b750f...18.exe

windows7-x64

10

21f13b750f...18.exe

windows10-2004-x64

7

$1/$OUTDIR...er.exe

windows7-x64

7

$1/$OUTDIR...er.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

1816850460.js

windows7-x64

3

1816850460.js

windows10-2004-x64

3

211632070006.html

windows7-x64

1

211632070006.html

windows10-2004-x64

1

about.html

windows7-x64

1

about.html

windows10-2004-x64

1

api.js

windows7-x64

3

api.js

windows10-2004-x64

3

begin_pass...2.html

windows7-x64

1

begin_pass...2.html

windows10-2004-x64

1

begin_pass...8.html

windows7-x64

1

begin_pass...8.html

windows10-2004-x64

1

frame3.html

windows7-x64

1

frame3.html

windows10-2004-x64

1

gerenxinwe...6.html

windows7-x64

1

gerenxinwe...6.html

windows10-2004-x64

1

index1259653512.html

windows7-x64

1

index1259653512.html

windows10-2004-x64

1

jquery.pla...f95.js

windows7-x64

3

jquery.pla...f95.js

windows10-2004-x64

3

login390722190.html

windows7-x64

1

login390722190.html

windows10-2004-x64

1

lvyouhuodong.html

windows7-x64

1

lvyouhuodong.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    21f13b750f2c71bb815816866eee55b9_JaffaCakes118

  • Size

    284KB

  • MD5

    21f13b750f2c71bb815816866eee55b9

  • SHA1

    2a025f153c032eecb4043e938a3eb9752263c08c

  • SHA256

    5201de522308ace02a374a6fffe2ae81187d7267f12a553e9c3c4e3bad4c2558

  • SHA512

    16aad710c2e96350ca41b911f40713479df96d73c2affc0c0cc02e40fc12c814d89a9a6220d85f3b52197a4c168c6f3e5004cece9205699c016b109457a49faf

  • SSDEEP

    6144:wW+7+eMX3wKOtPPIFBr/7ZDbASO9Mgn9OSue/nxcVmCd1dSTLqLljzJzbGuMbm5U:wR0wtYFBrZDOezS1x6pbO2jFn9qm5U

Score
3/10

Malware Config

Signatures

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • 21f13b750f2c71bb815816866eee55b9_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    e221f4f7d36469d53810a4b5f9fc8966


    Headers

    Imports

    Sections

  • $1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
    .exe windows:4 windows x86 arch:x86

    e221f4f7d36469d53810a4b5f9fc8966


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b233fd95d297fbba0563f3f6eae042e0


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • 1816850460
    .js
  • 211632070006.html
    .html
  • 2SlkPj3nYv0HFhRh.r1l
  • NEFSFIi8.xn
  • Syscom.GM.Web.Asset.axd
  • about
    .html .js polyglot
  • api.js
    .js
  • begin_password_reset1581078162.html
    .html
  • begin_password_reset727114948.html
    .html
  • css_lXIaAo3nqey-8OYQ2oDUFQvt9hAyuF_tzfLVnXayWGU.css
  • frame3.html
    .html
  • gerenxinwen1732464246.html
    .html
  • index1259653512.html
    .html .js polyglot
  • jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
    .js
  • login390722190.html
    .html
  • lvyouhuodong
    .html
  • mockups-people-focused-mobile-communication
    .html .js polyglot
  • quote-request
    .html .js polyglot
  • world_news.html
    .html .js polyglot
  • wp-json240770447.json