Overview
overview
8Static
static
7207af6c7fe...18.exe
windows7-x64
7207af6c7fe...18.exe
windows10-2004-x64
7$APPDATA/M...er.exe
windows7-x64
7$APPDATA/M...er.exe
windows10-2004-x64
7$APPDATA/M...er.exe
windows7-x64
7$APPDATA/M...er.exe
windows10-2004-x64
7$APPDATA/M...me.exe
windows7-x64
7$APPDATA/M...me.exe
windows10-2004-x64
7$APPDATA/M...sk.exe
windows7-x64
7$APPDATA/M...sk.exe
windows10-2004-x64
7$APPDATA/M...me.exe
windows7-x64
7$APPDATA/M...me.exe
windows10-2004-x64
7$APPDATA/M...de.dll
windows7-x64
3$APPDATA/M...de.dll
windows10-2004-x64
3$APPDATA/M...rt.dll
windows7-x64
1$APPDATA/M...rt.dll
windows10-2004-x64
1$APPDATA/M...er.exe
windows7-x64
7$APPDATA/M...er.exe
windows10-2004-x64
7$APPDATA/M...ta.dll
windows7-x64
1$APPDATA/M...ta.dll
windows10-2004-x64
7$APPDATA/M...vc.exe
windows7-x64
1$APPDATA/M...vc.exe
windows10-2004-x64
1$APPDATA/M...up.exe
windows7-x64
6$APPDATA/M...up.exe
windows10-2004-x64
6$APPDATA/M...er.exe
windows7-x64
7$APPDATA/M...er.exe
windows10-2004-x64
7$APPDATA/M...en.dll
windows7-x64
7$APPDATA/M...en.dll
windows10-2004-x64
7$APPDATA/M...er.exe
windows7-x64
8$APPDATA/M...er.exe
windows10-2004-x64
8$APPDATA/M...er.exe
windows7-x64
7$APPDATA/M...er.exe
windows10-2004-x64
7General
-
Target
207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118
-
Size
26.5MB
-
Sample
240507-nzeg7aee8t
-
MD5
207af6c7fe675ee4d6b0be1c1b6d6709
-
SHA1
6e3c59bd75c091d79fbe3381a5617d6e62a73238
-
SHA256
e197e28bd08c56c2ab5abc663ce11d56221bacdda99305e1cdb614300340d5e3
-
SHA512
8a455d0e25bd2364b9b1867918aa72c7554883132d98520eda95ede03c3f3dfa96e4710ae8bc8f0ca45d5a8c334b4383f85c6367e11a3b290fc1b7e2b8fd2772
-
SSDEEP
786432:6UUe68MlS+Q0++07l3sHnXkkezz5ATAzREx:6UUUkxQ0+RSnXkkizUURq
Behavioral task
behavioral1
Sample
207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/ithome.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/ithome.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mytime.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mytime.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/node.dll
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/node.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcdstart.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcdstart.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmaster.exe
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmaster.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmastersvc.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmastersvc.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmaster.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmaster.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
207af6c7fe675ee4d6b0be1c1b6d6709_JaffaCakes118
-
Size
26.5MB
-
MD5
207af6c7fe675ee4d6b0be1c1b6d6709
-
SHA1
6e3c59bd75c091d79fbe3381a5617d6e62a73238
-
SHA256
e197e28bd08c56c2ab5abc663ce11d56221bacdda99305e1cdb614300340d5e3
-
SHA512
8a455d0e25bd2364b9b1867918aa72c7554883132d98520eda95ede03c3f3dfa96e4710ae8bc8f0ca45d5a8c334b4383f85c6367e11a3b290fc1b7e2b8fd2772
-
SSDEEP
786432:6UUe68MlS+Q0++07l3sHnXkkezz5ATAzREx:6UUUkxQ0+RSnXkkizUURq
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe
-
Size
507KB
-
MD5
aaa065c5bdf547c2ac0c8e752f0e3832
-
SHA1
a6ca04ee56cf82f8eaff1f43980d8794fc82e256
-
SHA256
bd6b83ce42688b444226e9eb7f562287060ffea9d4e08c69402bfe376694d841
-
SHA512
161810a01cbe1c446d56f1fcbaa9e7a9e613b5b3cfb8ec210dbadad40d11a4846738728c7d8af33f90ecb6e34e8fe5ed90b8fff155302170b2a8b3e1df9d525b
-
SSDEEP
12288:Eq54MlzflFRMFvmKpdo6MkQK8Bw9sEfhBgX:dPlBFYvfdo6Mv5+sShCX
Score7/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe
-
Size
642KB
-
MD5
8e88bed1e8162ef9a6e373fbfcfaf53c
-
SHA1
a5ce70e309aa3e05bc44758e8eefb6c53ca1c5ae
-
SHA256
19eed4402a8e24277292f0d03b9600e18d907435682479ffc85475c82f3b42a0
-
SHA512
81b3bba3c4c5ad8df8ddb13ef82d1e044c09b28178c960daceba4f9cf49a3695e67ae73874a48755a286573b0b37ecc000a97070d71dafdfde1d4ebee94baf82
-
SSDEEP
12288:43as2NyCU13ZwW//HpK6dK8yUR+NmlCpZr3QAKTZfzYuRh7ts9OO4FemBnzXCvYA:cKyp1OW//HpXKOsNml4rAhVfMexvO4Fa
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/ithome.exe
-
Size
537KB
-
MD5
94653c958221e49644e591bdcd8b2638
-
SHA1
c01887f3cc0904610271bb24051b8e583fb740f1
-
SHA256
18b7e965aeef9423a327d8e2561094b2b7b2deca3114f0279eb30344bcdb77a6
-
SHA512
c9659fff1487cf42d22f6c2abde6ec4acfca74113a972f2c962b7fd550015109ee745ab90c735db727b173620ae5d7e6c598d48892479886044f1f82cd064bda
-
SSDEEP
12288:raQOVg0fs+uTZTXCCCCCqCCCCCCCCCCCCCCCCCCCCCCCCCCCCC50:IfkxXCCCCCqCCCCCCCCCCCCCCCCCCCCl
Score7/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe
-
Size
1.4MB
-
MD5
80ce6d708d329ccac4d47f2973097b48
-
SHA1
8e59ea99ed6755fefaceebe15ac6e57bb71428a6
-
SHA256
4dde490055881a9a2ef0d3bb98fdba5dff735b6926df17e26921cb5c6c2eae44
-
SHA512
d56fb04b873ed18374e63ddb70032200f14953c923ab0191d4b6d4d728308e83e657b1edb6169240e8ce2ad91982a0c2689a18651e24695cd87be581a8492709
-
SSDEEP
24576:UtwTUc3EhMuOYDRYD0OwcCe1ZRDUpICRZgcQgqy7JMMok66z3kH8jgD8ZFQYxpKf:UbcqLpDCgOwvMZRgCWgcOyVN366zUH8y
Score7/10-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mytime.exe
-
Size
11.2MB
-
MD5
348a8c1cb190f8e35131b93628e9a8a0
-
SHA1
e57c4eb35bc8d862f9773aa78a1c6ebf0ab391a4
-
SHA256
59ecc9a2eb1ac3937f2b35cf6aa6c734d9cfc814f9512d23e45a90aaeff7f55b
-
SHA512
e4778faa841c23fcd084239401dc51d1da409f671777ffde01d29bda855ebc94c681b901939d5f2cb0b2719109d15c9dad59b1537c3b245dd7d6bf6be3acdcd0
-
SSDEEP
196608:VZefJH5NYvwxsUScT5ebMURxn368lgzhgPq+QI0ie8B:bef15NYEDon368lkgPqk0ieI
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/node.dll
-
Size
16.9MB
-
MD5
200de56040ebbdedae7224ff7e98a1ae
-
SHA1
f6ee87bb989aa6e765e16ab0f80d28b17f53b8bd
-
SHA256
725e252be7395d9d0a3dfd372c247f39c4bae4fbef94a80fa077451e4da7e783
-
SHA512
03f5aa02e0b1d05dabbcc801c53ce7e93b26e984dfcdb8961c4f5023c95bd336c6b61e7720b9b76f5c12db18475c932aeca6859aa11788c8531dfb99856cf9a6
-
SSDEEP
393216:LKuvzYgFeKyFCJvWiXwfssXJKHq305yLl7n:euLbeKyFCJvWiXoXQHqd
Score3/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcdstart.dll
-
Size
347KB
-
MD5
07028efd7499c4a897580819cd541972
-
SHA1
62e42b1f18b9570dc217b469032643920c018e73
-
SHA256
5ca5dfd7495add4b0a30276dc0d0cb4f60b69cdc4e82063942af2309db12e6c0
-
SHA512
a9dc9814fe7bdc9355ee5290b0fa99559a482b229e9bfbf0244b25c98cf195032f005478672278f8a7ceadb6b679ec597e512d14baef03a26621e9ff5a0e9656
-
SSDEEP
6144:XDfAdqYyuYq8jEiG7RX2xjJ0GQhAluytjXxW1Q3F3ahSh79HFlm4X1fAY:XcdT8jEiORX2FnQhCuWW1C3YC7lFlmI9
Score1/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmaster.exe
-
Size
6.9MB
-
MD5
dd263a7e06da82897612f4348442703b
-
SHA1
43242e2fa1bdec6711601fafbb220e3e3f64974f
-
SHA256
8a770b4d23ad9ebd4c35b4f95cc340263efcfdf0ae2b3f4e0da0e3f1bca49201
-
SHA512
f7ffdfc3a528d7a20870825f255454ad96b04c3c3a5237e5a6eded46da9b27c8f3e4bab0ea8077cfc0e304808111dd75b681df7a38d358584818477824bd3458
-
SSDEEP
98304:M4sDs+zhpv5+HAOpDfG6RCEa1LZWv3pFMghZyxLf8vhRPuuZgixe07uKPZMLydUY:eneAefDuLchpyJfeRPXFnSL88jlhFULt
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll
-
Size
290KB
-
MD5
83700123f572d5eae3214e2fb632e4e9
-
SHA1
344f94e69b10cd44e5caba1316ed0c51242f2964
-
SHA256
7d4b05f5b926fc5eff87cfbec1246a4d3af35d9233b03fb9c571e8eed3215f12
-
SHA512
4642da8b67163d97f291538c229eac15cfad75f794153ea11d023e91216dc51cff0bb1a0803f191f7900c1c57418398b57a789daec12e81486c102ce45adf363
-
SSDEEP
6144:GwWsLOj1jb7cEdk6mkZm2yoNTDrn4HLqnI1dq/L:G1kojUEdbmwhyYn42I1dq/L
Score7/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmastersvc.exe
-
Size
207KB
-
MD5
cee91c7a623d98fa3f2663d0d2cba582
-
SHA1
2801c34f8f579240572398e5de1933d230f4da6f
-
SHA256
2fe76db967411cf5cdc8edb22d158ec5ee1b0ff38a349c87c3485420521abe13
-
SHA512
342a4c47ca28f9302d80b8a82ccbbf9a9af6a6638272483f65329d5dcf4251021847dc8dc1c77d143e733662f38b73051f5c22e67b1f002d76d350c29629f532
-
SSDEEP
3072:voH/LVYQPUnGccnx/UuctA5syLGScXk/vvzTxzKuwM3QhCNklGEMYaXonYrolxwe:gfLRYh8x//L1cXkXBTRBSx7
Score1/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe
-
Size
812KB
-
MD5
c6df640c06bd450585c74600c5b67d4e
-
SHA1
31f2d96c02051c3e59c94bf25516e507827d880f
-
SHA256
390effe54a4bbf6fb42b62610900f2a0dcc5efe20925ac867bd2b3a6c6da9532
-
SHA512
44ce1753a80030caeb82d1f54bcfa1edc936d6c108585abce7f5f8e325463220b7f8f846ea92a89503242f00b126cc12d02ea4d25700be998aaa8d2e7cb69842
-
SSDEEP
12288:jWja3wh2V5bXsuxSGg0WRGXp+4H84f55eJaRa2SizE2Wx8XPEXi1k/FtnUC:jOOXTnH84f55zEeXPEXi1EFFN
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmaster.exe
-
Size
5.0MB
-
MD5
896bc886d1f71a8dfaacffb4d45d381d
-
SHA1
d263eee85b5cf09787bce4a46069ee729ff4b571
-
SHA256
67f5fb161125e9a6d412dcfa1431bec874bfa001f0ac3645bf5bca393ff48340
-
SHA512
1d0f49f9805d329f3806fac6827a52b0a28aafc4d82f43ad28a0f82d4287855950c8976a21be8d00a2bfd490e3e83a1079f3808fa3f16935600656bcb7c36e56
-
SSDEEP
98304:KizXZH0pyu4HoagLht2ZEM47n+jEtLk4+7DOSOWHBN:K8Jbsk947nsuQ4+7DO0X
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll
-
Size
72KB
-
MD5
fd241ac838dd9f59ab74aa2fd1c5edb7
-
SHA1
5b981e422b4670ff04fce3f0f6ad5d031e2a7e45
-
SHA256
45a169a45936c7010852208307d0acb950042a5f4407c2f2452455e40a1a503f
-
SHA512
236c7e63e4e64050dc88db946d33854e3d76f1d70a3269d3fe5b927b54997d8697e00cd8dbe4776c53a19d2d4aeadfc31c9ab4b7e51212dadc1520036470fe44
-
SSDEEP
1536:j9FIT1VnybWdko5tW0RGyz4Sd0mQ9+YsAVUpIoGY:j9FI/ybGqaGyzHFiGpIoR
Score7/10 -
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe
-
Size
394KB
-
MD5
492818f32d319fa417c4d71c8ca8b492
-
SHA1
4a67bda289fb9d4ac852fd8b0bc7461e99c08731
-
SHA256
426dd9ec1511b855367cbf868dd49f18770d15003b731a829bffb86bc1f699d9
-
SHA512
7af838ce8872e68de91dadcddff386b322abe8dc8d88041f45f76137f6121bfe8cfe853d6f8b4b930d5400f0d7e26e60b7efe6b670241c63692b076d2fd289ac
-
SSDEEP
12288:rKn08qTV/XGvFYfgOdbjEdiRBe3TlRhMJaDmKf:HjV/XGvFYYks3TbGJ7G
Score8/10-
Drops file in Drivers directory
-
-
-
Target
$APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe
-
Size
595KB
-
MD5
ef77f7b055ed80058679f0b0f36361aa
-
SHA1
63c0071058db2869d259b74401441e91416cafb1
-
SHA256
71add548b0684c3c16d3a46280e6dcbb8338b4c5beb86ca654dd3e43c5933c69
-
SHA512
b7e1921e78cd27a2dc8113f91d3fc1efb5a55d23f3e034e6ff47a41ba1623ffc11b5c358c8d792d7daeaeafdf5340cf99544a23352942dae446ddc0f133a0f91
-
SSDEEP
12288:vuHV3oEYndgOgPslgw5yM3fwZGzqPxdFfUC1c5dOMTSgc+3l:2HV3udgODlLyM3f3eLhUC1c59TSL+V
Score7/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1