Overview
overview
10Static
static
10�...��.exe
windows7-x64
3�...��.exe
windows10-2004-x64
3$PLUGINSDI...on.exe
windows7-x64
7$PLUGINSDI...on.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3AutoPower.exe
windows7-x64
10AutoPower.exe
windows10-2004-x64
10Help.chm
windows7-x64
1Help.chm
windows10-2004-x64
1RunDLL.dll
windows7-x64
1RunDLL.dll
windows10-2004-x64
3SASHOOK.dll
windows7-x64
3SASHOOK.dll
windows10-2004-x64
3autoss.exe
windows7-x64
10autoss.exe
windows10-2004-x64
10disktop.exe
windows7-x64
1disktop.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7General
-
Target
34ea55dbbf4bdc14fbd074f0b6885d27_JaffaCakes118
-
Size
1.6MB
-
Sample
240511-q8jvdadd85
-
MD5
34ea55dbbf4bdc14fbd074f0b6885d27
-
SHA1
f0b888b3585d6d58f2bdfcdc92b23dbfdac5aca6
-
SHA256
2fd32685ea00eae9c4b1701a63807b27a8583a8cf266a19597105a8255d19fad
-
SHA512
d4d9b8c2012280854f679354722766ff58b005fe40aa86f8bd5f08853535b27430b87c67c601bba0f25c9b41cb07a97f641650e019a18c7061ee547cfbe33c0c
-
SSDEEP
49152:h1fDlrwGM8BPRoeCZFqbe+pauvmDv6X+QWoDt:xrwGZPqeice+me+QWoDt
Behavioral task
behavioral1
Sample
ܿػ(Auto Power On)v3.2ƽ.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ܿػ(Auto Power On)v3.2ƽ.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/autopoweron.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/autopoweron.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
AutoPower.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
AutoPower.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Help.chm
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Help.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
RunDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
RunDLL.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
SASHOOK.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
SASHOOK.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
autoss.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
autoss.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
disktop.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
disktop.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
uninst.exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
uninst.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ܿػ(Auto Power On)v3.2ƽ.exe
-
Size
1.8MB
-
MD5
34c106898919bff9359ce5cf99bf6ade
-
SHA1
bb986ebef961ece36fccb89345a7139c67794c05
-
SHA256
43eed68aa81badf0946ddb6cd710fae2bca84c691124e0e1c1609189e56c3978
-
SHA512
c96998e2cee6ebb3c011b7355e6382e9dfeec5e7a773f49cdad39b8abae3610203c802cd81f80a08ad517494f4a4cbefe415ed229530206ce6672e622e7d0647
-
SSDEEP
49152:saKc0f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FW:AitGrwSegS4et0MYW4FW
Score3/10 -
-
-
Target
$PLUGINSDIR/autopoweron.exe
-
Size
1.6MB
-
MD5
fc7a668a581fc7a511f54dbea3a2ab0a
-
SHA1
b5d783f2ef60a53b1168efcd42bb9bf4c4551fc5
-
SHA256
da4419f3cd770012d0a6be1f7f7330611dad237f156f446887cd6f11827769f9
-
SHA512
61c6384239324d06c89612eb364aef44b700f346f95eef8d6a07ef43a1ac39b60a73c842aaf5564a5a14480e3be3fc9d3c6ddb76c1dee4d3e5cf02c0f0491244
-
SSDEEP
49152:60f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FG:gtGrwSegS4et0MYW4FG
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
AutoPower.exe
-
Size
526KB
-
MD5
0ad902046991b2a1f566247c9276c665
-
SHA1
5c1e2be6f2ba40ec8dd935b851a4e74a8995b914
-
SHA256
ae5fdb6c9dece79b53d2140015d49c2063dce3f91194780c5af46ac5bd32ebb7
-
SHA512
e05d1bbaf2533cd77e5cba96df3bb54b4dee716a94ce4be2ce9f744a8139248058ea4303de3fa2e7a4d049a35087766d8f524e1f5f62818bda17bb82ce77df7f
-
SSDEEP
12288:Kc2PpRw2RpYfoxr/a7/PbmqPXNwrTFAp4oUHIXt:SxRDYfoxDIBVwrTO5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
-
-
Target
Help.chm
-
Size
155KB
-
MD5
10ab0709e3b1d21ef30601a14e14e558
-
SHA1
2556e70d17929d41c27e62b7a99b4adbcd7338a2
-
SHA256
a60d359f8b59fa335e6186c89e28b0b90961a2a83a3b45e48a4c89e616c98642
-
SHA512
0f35ac2962017892215b30c1014b1005c2a2ff5cbb4c4f1375f95be824e92775cf0ef3144ff5e3767dbe1adb9ff3630b81c784ffa700af1ce705c9ed3bc75a6f
-
SSDEEP
3072:BrJ9Iq3bGDs4ES3F3oe6TVNRhEMT4HkT0wvMyX0DnazQ67T4Vr9ZKmq7:BrJ91LGD7ESV39Q/bTKwvhCKQ6arHM
Score1/10 -
-
-
Target
RunDLL.dll
-
Size
90KB
-
MD5
3f1f6f320c3df5a4494924e9705028ed
-
SHA1
3b1474939fc2cc4c5396cfb0608fcba364b33f27
-
SHA256
db030ca1c54781fb0029dbe433bbc9de566350acc633ad3445ae81b56c0f2e8c
-
SHA512
1b066461a7329dfd54c78cb5c0538b065770abe64917d38f64177710b2bb2320c815f2115d26dfe5f7632cb6ac29da9687f774371e3c2fce04a2bb124d012726
-
SSDEEP
1536:+GEbOAarrqRAsNdkaHk13rMTHUEBDS8U+CSdr8AB55kDTNGcGHqxNC3Xty:QbOAamAgterMZe8Zr8ABDEoqxNC3k
Score3/10 -
-
-
Target
SASHOOK.dll
-
Size
65KB
-
MD5
c278352103ee28bfbabd18254d15a430
-
SHA1
9db1e8176f02b9c83ba4a7ec69efad35b4d0e37b
-
SHA256
79b40a60711f5687d20afe695074a535397ed87ca42df2e47ea545f2c0ebc3bf
-
SHA512
df59ff1b1023edd4d4a40a83a80a5706de74c28f4b04b47a122f1d1335b57e81d0cabe4160246a5b3f5aa38788e248bd9c045c85e0c4477c5078cc3ff3142e4e
-
SSDEEP
1536:C465M/t+I4qiROQF2huU4VN1y891bXhOrs5SQAGkGzWoc:C4LwvROQF2Y/g8pOriSQ
Score3/10 -
-
-
Target
autoss.exe
-
Size
2.1MB
-
MD5
da4e0703a34085c2fa77d86492273381
-
SHA1
6905a25afa412c21528fa601c121c957d0436248
-
SHA256
41064f46efbd85824697f4675ff6d70e9b47107891fcc5a966361deb370a70cf
-
SHA512
98d339c8e915f8d967641eafc22ee14216a9d5dd61e660d0aba557af622667b52eeacb9d54a043b04bae6079937986d4b7ad219077ceea348de328b6520d6327
-
SSDEEP
24576:IbYUSrlwjSVB9y81hXlEM2Iu9VYRj/1rRiVzC2:Is3zy4u9WD1twzC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
-
-
Target
disktop.exe
-
Size
498KB
-
MD5
6bf4a69d3f938496f36dc3fa2f7dda0b
-
SHA1
eedc94f5a8df9a4aa5eb58b3fc835448e2825ea5
-
SHA256
1f73df400d14b85e556a20d94b1e2ae85ce860dabe190c6bdb644c4c354684ad
-
SHA512
a9e3674a03a2b7c61353281a6c419901f9a9cb7210bf38b05729e2a7b21778b251502bb87f09d39ee89d2f6dd1b2fef8dacc0ab0ecc2345398eb2fb877de311f
-
SSDEEP
6144:sjrnm1kUXj+SkzpzRCv5HcPIloaxsEdAJqAHVgiTeYuH70KNXfreXH1wOA1yMGIS:srnjUXj+SkxWSEyXC3Yub1qXHrA1hKl
Score1/10 -
-
-
Target
uninst.exe
-
Size
88KB
-
MD5
bbc83c95d7a2a93b0f3a24e471f9bfde
-
SHA1
dff793da5932c33e39b031441149333a9fdb3577
-
SHA256
46380642a474308abd141b21e4b42b05725da9a6a7be8e33dd5e232f8c7bca32
-
SHA512
4b2fac36e5bf79694bba6f484f0b87a2fd697151845169fcd19b12c88c7fe834470df21c607e5e2e8ce1add3f69b782ea495e68802ff9da11ea37f0a38beeec5
-
SSDEEP
1536:FpgpHzb9dZVX9fHMvG0D3XJHgfn5GdujLoHWAEYnt3zM1m:3gXdZt9P6D3XJHCnAEo2APV
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-