Overview
overview
10Static
static
341b93173a8...18.exe
windows7-x64
1041b93173a8...18.exe
windows10-2004-x64
10$APPDATA/9...60.dll
windows7-x64
1$APPDATA/9...60.dll
windows10-2004-x64
1$APPDATA/m...pad.ko
ubuntu-18.04-amd64
$APPDATA/s...60.dll
windows7-x64
1$APPDATA/s...60.dll
windows10-2004-x64
1$APPDATA/s...te.dll
windows7-x64
1$APPDATA/s...te.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$TEMP/aspnetwp.exe
windows7-x64
1$TEMP/aspnetwp.exe
windows10-2004-x64
1$TEMP/planula.dll
windows7-x64
4$TEMP/planula.dll
windows10-2004-x64
4General
-
Target
41b93173a8b5583daaf090438fb05004_JaffaCakes118
-
Size
538KB
-
Sample
240514-q44zrahf8w
-
MD5
41b93173a8b5583daaf090438fb05004
-
SHA1
a0db1a8f024e95fbc5c4c4930a4f6f905bbcab24
-
SHA256
b87cfba8a4f2329b0b372326a7f169f5896459a6bdae0ad8857b576129722204
-
SHA512
a770ed85694301daa0b8f9c46dbc25207411b888d6d1a358a816590f0c3bbfad05bd438545554e6c3ce391be6b640acbf69819f38aab0dd235caf2d17962be57
-
SSDEEP
12288:kNi7Ynlwt1fL+RcGNh25nxXLZmW2PjlyjkvGha:kNk+lwrEcEc5nRLZj2PjlyTa
Static task
static1
Behavioral task
behavioral1
Sample
41b93173a8b5583daaf090438fb05004_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
41b93173a8b5583daaf090438fb05004_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$APPDATA/9.opends60.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$APPDATA/9.opends60.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$APPDATA/matrixkeypad.ko
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral6
Sample
$APPDATA/season/INDEXTYPE/emailAddress/directory/48.opends60.dll
Resource
win7-20240419-en
Behavioral task
behavioral7
Sample
$APPDATA/season/INDEXTYPE/emailAddress/directory/48.opends60.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
$APPDATA/season/INDEXTYPE/emailAddress/directory/IEExecRemote.dll
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
$APPDATA/season/INDEXTYPE/emailAddress/directory/IEExecRemote.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
$TEMP/aspnetwp.exe
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
$TEMP/aspnetwp.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/planula.dll
Resource
win7-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/planula.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
41b93173a8b5583daaf090438fb05004_JaffaCakes118
-
Size
538KB
-
MD5
41b93173a8b5583daaf090438fb05004
-
SHA1
a0db1a8f024e95fbc5c4c4930a4f6f905bbcab24
-
SHA256
b87cfba8a4f2329b0b372326a7f169f5896459a6bdae0ad8857b576129722204
-
SHA512
a770ed85694301daa0b8f9c46dbc25207411b888d6d1a358a816590f0c3bbfad05bd438545554e6c3ce391be6b640acbf69819f38aab0dd235caf2d17962be57
-
SSDEEP
12288:kNi7Ynlwt1fL+RcGNh25nxXLZmW2PjlyjkvGha:kNk+lwrEcEc5nRLZj2PjlyTa
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
-
-
Target
$APPDATA/9.opends60.dll
-
Size
51B
-
MD5
fb839da15dbbcfdb7afe5f082fe605df
-
SHA1
df238207efd6a81e55ed04498cd6effbe68c9ee0
-
SHA256
8cc0ad9c334dd6ab129c49c07ce7336f8408c7e8e86e933618ec1ddc459af54f
-
SHA512
bb3e796ad2810389be8dcdd8cbcbb9fe4d77d3e3e3b9979a88a295cdf3a3aad291ebd6f412926017e8514537722c08b87d6b5006db8e4a14c34441c4023a621d
Score1/10 -
-
-
Target
$APPDATA/matrixkeypad.ko
-
Size
15KB
-
MD5
29e9a1abbf95a5eefffab124fac646ba
-
SHA1
ecf02621d6340858989072a1a8f0866e3464d634
-
SHA256
18a2a49a4a6bdce6bfe434c4d37ceb614b8fc571b0de5c31dfd7f5afa07a26f3
-
SHA512
8fe5b339b4a4ba7a5ecfb18c8072719e288c0c60aad90dd68b5a91836e40248021859007be569b7291b32654ae894dedb0e5ac41757e450b7202bdc9933c20cc
-
SSDEEP
192:bWaLqt1+zFrSdxl2+1yyWDg0THUkdJLB0WQuP5JfGMKolBjWO:iEaemxlffW1rUoTJKmjWO
Score1/10 -
-
-
Target
$APPDATA/season/INDEXTYPE/emailAddress/directory/48.opends60.dll
-
Size
50B
-
MD5
9ac46906870e0f9527d5aceb32ae5abf
-
SHA1
0861872473608c0736949146218e92156ce21a6a
-
SHA256
408e73727c6d0131d371b459495102fb752c772a2335ff69a9237d0921fd3bbc
-
SHA512
f641b778b54c740c43b9dd8ea3354eddf07572aa4d430790cafee7e312ff547ea362d23a5b95d15fff13ef408fa1ac874bf1e23d1cd707926bbd213ffb9444d3
Score1/10 -
-
-
Target
$APPDATA/season/INDEXTYPE/emailAddress/directory/IEExecRemote.dll
-
Size
8KB
-
MD5
0d5fe1c95afe423b214f13e856d0f1a5
-
SHA1
539727bee5ba21bbf8591a4927807a7a42d9161d
-
SHA256
46862e0cd12555ac96a76ce1ffca06d6ef250b709e09e5c8441793d4c04e5a38
-
SHA512
d578184f1f37bca0cbbd893984b1159c4d541b290f7a1339759b9cd870f450edda76807e853fc6bd8da91d6186dd07ad05012218cfcb910cdae07f4180e442ba
-
SSDEEP
192:azEJySPTVhqQwRGC19x4VIJI13WyNNtrW/:NJySBk9RfNxJI13WyvtrW
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
9eb662f3b5fbda28bffe020e0ab40519
-
SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41
-
SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1
-
SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8
Score3/10 -
-
-
Target
$TEMP/aspnetwp.exe
-
Size
29KB
-
MD5
586677e260d59c0aef4787749bd22e22
-
SHA1
0362a9f12b333489d0881ad80487a5d70c6f6c53
-
SHA256
16f9671a4d62b9b6d58339d58cecd1cb1a57fb55b98e449a36520b6ae57fb3a3
-
SHA512
a7eea5ce32354e4d83a4c83ac743a9fb9a3d345ada34db2366259709e98606b8815cd588ba3c87efd3450d827844983670df10fbe252ea622c9a98d62371e7b4
-
SSDEEP
768:i2LK/zkfU+wmeQNm+1QNVB77TrfL3d/o+k:i2LKb0DwmeQNmwMpXfR/oB
Score1/10 -
-
-
Target
$TEMP/planula.dll
-
Size
72KB
-
MD5
6abeff0d3c52cf017e36e941f035c3e9
-
SHA1
ba0f193dd98a5502c29c4f5671ed066e2a3ae38c
-
SHA256
da93766a660b71b43492920bdb0478359fe86a17a3f51a0329cf6ac77e0852b2
-
SHA512
8b256cc4787c7aee904e36c3772916a5d06c5bde96e9bda3897ca1e7e7e1099d5e46e0d921bed64a1633a91508301ee8568211f02d7dac5dde9f84a57a5ac0a7
-
SSDEEP
768:RWGCacHgiB4722o+oOc2dIMSWwhC/ox1ozef/coG+izus+9dIt1t7RkUi4e9X:YIVS2o+c2dnSWV/oGe8n329dstlfe
Score4/10 -