Overview
overview
10Static
static
3309aa62b90...18.exe
windows7-x64
10309aa62b90...18.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
325.html
windows7-x64
125.html
windows10-2004-x64
1catalog.js
windows7-x64
3catalog.js
windows10-2004-x64
3constants$...100.js
windows7-x64
3constants$...100.js
windows10-2004-x64
3cua700985938.html
windows7-x64
1cua700985938.html
windows10-2004-x64
1cua768556328.html
windows7-x64
1cua768556328.html
windows10-2004-x64
1cua811702334.html
windows7-x64
1cua811702334.html
windows10-2004-x64
1gkamus-uninst.exe
windows7-x64
7gkamus-uninst.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3navigation.js
windows7-x64
3navigation.js
windows10-2004-x64
3writing.html
windows7-x64
1writing.html
windows10-2004-x64
1General
-
Target
309aa62b90a286c54ffcae887aadbf0b_JaffaCakes118
-
Size
347KB
-
Sample
240510-xv8d5scf9x
-
MD5
309aa62b90a286c54ffcae887aadbf0b
-
SHA1
9194f50d1c11e0bbc7e8b3697ba2f3fac42ee853
-
SHA256
692878ac81e6439a2af9d3e558b4456a5abae4c029a196b62e8b5b316fd3571b
-
SHA512
e28840eca6e3c82b5808faed56c7a332515f9fe9ddd7af25b839f6fade25f6a3319e4f8b514d66a10ff1434906bc42a9e2fb18c28acf36ce3e970787a1eea09f
-
SSDEEP
6144:YZ/qRrMhvBX9YuyY3qj8Qlb5D6WWhJAqDhUNEH09XA4pMj:YBZhvd9Yu5aj8Qld25wcv4pMj
Static task
static1
Behavioral task
behavioral1
Sample
309aa62b90a286c54ffcae887aadbf0b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
309aa62b90a286c54ffcae887aadbf0b_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
25.html
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
25.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
catalog.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
catalog.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
cua700985938.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
cua700985938.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
cua768556328.html
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
cua768556328.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
cua811702334.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
cua811702334.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
gkamus-uninst.exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
gkamus-uninst.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
navigation.js
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
navigation.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
writing.html
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
writing.html
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
309aa62b90a286c54ffcae887aadbf0b_JaffaCakes118
-
Size
347KB
-
MD5
309aa62b90a286c54ffcae887aadbf0b
-
SHA1
9194f50d1c11e0bbc7e8b3697ba2f3fac42ee853
-
SHA256
692878ac81e6439a2af9d3e558b4456a5abae4c029a196b62e8b5b316fd3571b
-
SHA512
e28840eca6e3c82b5808faed56c7a332515f9fe9ddd7af25b839f6fade25f6a3319e4f8b514d66a10ff1434906bc42a9e2fb18c28acf36ce3e970787a1eea09f
-
SSDEEP
6144:YZ/qRrMhvBX9YuyY3qj8Qlb5D6WWhJAqDhUNEH09XA4pMj:YBZhvd9Yu5aj8Qld25wcv4pMj
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VirtualBox drivers on disk
-
ModiLoader Second Stage
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
477b78e5db22b4e651b6bec39d5c1acf
-
SHA1
418038f8d4db22471f55206aa8eb372f3f133d0d
-
SHA256
80d84f6c405f4e7b51d3e0c7c10b06ce60b28a43451bbe0e6e464d5e4783fc35
-
SHA512
6658a0718a6c15a6f0767d87d604ced9d2f3a1494eb6e44d39507687b9e675a05d026b68a7ef8a311b10863e229a963c8ea6f6efb1d92b0657b32ee836adfe21
-
SSDEEP
192:oB8cxzvTyl4tgi8pPjQM0PuAg0YNyPIFtSP:oBxzm+t18pZ0WAg0RPIFg
Score3/10 -
-
-
Target
25
-
Size
18KB
-
MD5
2f13168269e986740b06d20606e1f184
-
SHA1
ccddbaf2d68da81f8ef73112720ac739ea13e8d0
-
SHA256
29db1544eb0078b68f92c1dd9a7d4d42691f3662711f2665435cee3e5932a513
-
SHA512
874f0ff853c41197394fdd6f4d1b6813ce5ef033283d78e48e58ffd6c39663bc2489388e5562ff9888e6e9a75f0a533c6c673bcb7f20e584c5e99afe0de3f1d1
-
SSDEEP
384:dAEupuEmbK0wmKEYKYSKIIKKhS+53S/Pu:dAE/EhX5S/Pu
Score1/10 -
-
-
Target
catalog.js
-
Size
232KB
-
MD5
0759e460631a88f2f46f36b0954d24bb
-
SHA1
dd924ba22da028c3857e2b8c432837298b60e11a
-
SHA256
0026486014599cbfa992b89ab7c8e878577647145834a67b1be43f2e5eba925e
-
SHA512
5e7cddc223ad1dabb6dcac43e40c47027013431e654948c73021509e6953e2c9443a7e60a91441c71794eb5b4fd52c23861137dedf664ecc4f8a1ad5385eb26c
-
SSDEEP
6144:t56ZvBQaU36p4MqlnaE23TQORbNMbWqKP:twZ/1uBaJbCM
Score3/10 -
-
-
Target
-
Size
17KB
-
MD5
3961c07ede89c2c21256afbbaf4564fd
-
SHA1
d9233d2bdd0df4bfa897089faaf7d63a7853491a
-
SHA256
e746fe00bae0393218a42c108e0fcf23583c7968be7e42021d89d3b6681c4395
-
SHA512
71776d86c58e0bb8e5dee9f33ccb05b04cf07d5f52435cb9ee5d81d357e54b86bd8aab3d48654cab799d8b385822e586ce531fe616da87ebdaaab6aa23c0390f
-
SSDEEP
384:DzfaKLETZDSbS/BtCtR2az8QqNEth9VIqcoRcqjV5agyps5VffOROxCIi8sjR+r4:DraKLETZDSntRfQith9V1coRZRUgyG5U
Score3/10 -
-
-
Target
cua700985938.html
-
Size
10KB
-
MD5
32e1ef831f384a8248fcddcfb4b9fb53
-
SHA1
e18c83465a7e1936fcae87c53c7de94443fee50c
-
SHA256
129efa33173b666dbfb023fcc62c27d20df33c1ff409fee480f9d901b4ed7881
-
SHA512
61327f3ff4222101ca3563c36b51fed2f28c89422edbe0e50be5d02d6076e715243712fd17640d8a369c46e9a41f9fd6a02f2bbe5e55105e924086c5ed5fd69c
-
SSDEEP
96:6svd1l+hpC+O8PG8vWSwICn+BntinVTKqNr2Z3NEvHgjF+inJi4FJASkrMY2:xd1l+hpCMwIC+Bnt2tivEvHUF5HFfBY2
Score1/10 -
-
-
Target
cua768556328.html
-
Size
10KB
-
MD5
46ba2fd6093bf7ef95d57782a37a895c
-
SHA1
6911b87db5e1b978e3158899275199bd1bf79049
-
SHA256
0ff31c1960f5fba0eb3e80f6d58c9ad7e46267e8472fe534a4f2abc89d2230ee
-
SHA512
feacfdf9166eb759eaedf5807ceba82825dc6074e740695aa9d5dcca86b007742178309fed97616de54adaaa8dcdf45188f0116942fed742473b6080c9d45199
-
SSDEEP
96:6svd1l+hpC+O8PG8vWS8ICn+BntinVTKqNr2Z3NEvHgjF+irJi4FJASkrMY2:xd1l+hpCM8IC+Bnt2tivEvHUFdHFfBY2
Score1/10 -
-
-
Target
cua811702334.html
-
Size
10KB
-
MD5
4a9527531ef78bda1e662e74014f3569
-
SHA1
29c076b36209c5166b4acc442c5a41b57706e509
-
SHA256
8886ce6cde355684ffab78f27744fdacc0cb38160e593cb466ea495e80ab5cd9
-
SHA512
6eb7896f13543a817880e8a24e8f3a58c65052b81b5f166399a9df1e8183180a1491b265996318d1a71717112c7d309688a75755756ed34ed25e142603dcac8a
-
SSDEEP
96:6svd1l+hpC+O8PG8vWSBICn+BntinVTKqNr2Z3NEvHgjF+i8Ji4FJASkrMY2:xd1l+hpCMBIC+Bnt2tivEvHUFyHFfBY2
Score1/10 -
-
-
Target
gkamus-uninst.exe
-
Size
63KB
-
MD5
6305547a12e0e04228d42228ad6a504d
-
SHA1
f0b4d68c40a5738acc4ce718e14751d67446b165
-
SHA256
1e9db3d7ce31b8804ed9768621de21cd1144c0a1b8ed7e916eeb91dca13475de
-
SHA512
ad5a4aaca3d5b70c7a0f0dd82f4f71b5f80193411720ad8812ede6a3f996efb786309566c7f22c5beca2d1b1985ade15b7fb298d24d15333756e6fe183b42378
-
SSDEEP
1536:BmZw+QfiexLgJ/RQGcrnfDjuNgdLeAyN7BcT3hoVz:BmpQFx8/qGOnfDjuNceAYcF0
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
-
-
Target
navigation.js
-
Size
490B
-
MD5
b4241d8dbda47fdeb0edd47f41b885ba
-
SHA1
9586723ba58539945d6702d903cf5e37b08be8b6
-
SHA256
ddc2807beaf2abf1fe34f4286bdc0c6cdc2c9077d37053045495708048a23aa6
-
SHA512
db0779ee7edd1e1d55d9adafabd2045679319f48e642f67e584a30221882697899065f487b1a0d4bd6be9790984c4266ce1f5da002c09ecd82171ef049bf96ef
Score3/10 -
-
-
Target
writing
-
Size
15KB
-
MD5
ae9ac06c9bb7ad6cc583199cb7ddddfa
-
SHA1
83ed092b0a0d622956b0560ec1966192a7a9637b
-
SHA256
61768702d1008fb71cf52446a92a5d18842357487c31c4ac7f019a09e5ce11e2
-
SHA512
abb5c1b9116b2274613ae7ca970b3bed85ce2d5c3b7370b2bcb99db17da15e850ba40345118b08e87db28437f5ceb36ac221ffdfd5f6524c57314250f8cae317
-
SSDEEP
384:RmzICDWiQqX/nzQ/W3w3cSOQdKSsyvEMI1bTqjjdyF1:nEzwxcMIlqjdyF1
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1