General
-
Target
50ddda4d69153e81180b74be82a247a0_JaffaCakes118
-
Size
30.3MB
-
Sample
240517-w3qcvscg47
-
MD5
50ddda4d69153e81180b74be82a247a0
-
SHA1
cc890468ef7e810a01d523507f131c221e75c3ab
-
SHA256
8bbb55ab3cd37734c13c32ce6096fc353f997a850a4d175d1f7e3ad3c81c7b30
-
SHA512
8436b5b11a1e669aa95223b012efab94033de54d38a59c7629f0746e255ed55ce793323ee05c966dbf3662f5129f196aea6b4774eaa32d5066e094041867f9e2
-
SSDEEP
786432:y7hh1apbrvGZqJihNIhotHIECbry3gJvznBIWrFb7YR4lVkq:UvKn+ZqMn8bG3gJvz9xQR4H
Malware Config
Targets
-
-
Target
AudioQuality.exe
-
Size
303KB
-
MD5
f24b10ac6770f85cfea11fd54094f74f
-
SHA1
c5c82276700c19d4e5b6246d28f3f779a6390753
-
SHA256
a7e3c9e757cf479de5a598f3318000fc5cf5b6934eff181d06da41a7b8445183
-
SHA512
fcbd77404c97b65c6c2871e400e09e31cbb3be4fc33ab004196dcf8bd65d2a32d3f07c137f6f6d82de10d314be386e2f6e991c7e1e1e6b2bfd68ffecd2152d7d
-
SSDEEP
3072:Py0N8hFl0Z9LAQ7EMImitLuI1OsOy7WjcV0p1CpvHLa36DlNa0FNUITFB9dHltru:Py0NqWZ9UpXN9EsOsV0kdlNa0gI7FA
Score1/10 -
-
-
Target
CrashReporter.exe
-
Size
69KB
-
MD5
8875c4278a3af42e186be4f7360bceb7
-
SHA1
57f27ba146de6792a425b4ca9b54244eb16bd210
-
SHA256
922c1cdf9dc2cc802f5b63074ba32acb44012ccc84c9bebd9e3c7418594cf9c1
-
SHA512
17e373be5b819f2e90c774260ac4a1370ce9bdf3ca67a8aeb9e25e80d09acce701deb4220d5864ae015bf310cfae68e1889268797f25b2888e6774bc8f01e0f1
-
SSDEEP
1536:ZmXDKvU1DIF5nNP/WxUogOA/m7PnToIfSV+hlZcLwpny+:IO5nNnWfgOA/m7fTBfSUJpny+
Score1/10 -
-
-
Target
KGDaemon.exe
-
Size
261KB
-
MD5
fda40b1a90e7583d84c52a3be32938cf
-
SHA1
b97b4d8e099171fa1c557bfc2d0e958c10674987
-
SHA256
fd934817357e5c1f316998c9b475cd0485f48187cbfb6d05dad7a60e0e9ac6b8
-
SHA512
24e72438fc468c9573603e1fbc0d74a9cd3efce080b83d687b1ef669ec5d1d6538cab13e7c99e2d1c9af1e0ec72b3355090e15da6a1c7e75dda2f00729c262b8
-
SSDEEP
3072:5Kiw58jyNwWfYa3aLH7bB4jfg0B9N+X/MK4MMMRVsawGDcQpmDNV3qJEQZ:55djyNhX3Abwf0vMRMRZTDnpgV3qJE6
Score1/10 -
-
-
Target
KGFlashBox.exe
-
Size
75KB
-
MD5
c34b6ad0203cba865ce73403ce0c12ae
-
SHA1
0dc7fdeb51859b958ebec3c473742a8030098f51
-
SHA256
f177672673612d8d8a7164521f06e51f7ff5df46a66689bead51006652ba4053
-
SHA512
2278db1772b036b491ce5b83c7a34c357fe45959844486038c0182989ee227580f58553816da5b4223a3224cd2ecd8251674cafbe295442b8ac6b1d687679c09
-
SSDEEP
1536:6aYEnlFgh5tDoxa14oXc81qsWjcdYc4bjRemi:6aTlW5+G11YNbEmi
Score1/10 -
-
-
Target
KGService.exe
-
Size
523KB
-
MD5
8808978ec260041e8c8aa346f4f9b29e
-
SHA1
919a3f95867e50a998e712d00ca583e1ea52705d
-
SHA256
4233686e3e665cff4ad425d16dc54bb5f8a595a353f7832280787e4702468cd6
-
SHA512
889f662ded6a8091fef5cf6c15202eff9b5fdb1150bf48e1abea020a829dc377dfdb0666c07b1f0326590a23b9186a0d357c137f6ad4b31fc8d2832a18682368
-
SSDEEP
12288:tKYCb53jG7Z3T8C5RUWhdvO2w/zPTv2AOc3/Z:chl3jG7Z3T8C5RUWrWX/zPTtOc3/Z
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
KuGoo3DownXControl.ocx
-
Size
542KB
-
MD5
b358c3102f8434670ba573950210167e
-
SHA1
f147fa98e182eceaa337c746e7032595b0b78f87
-
SHA256
a6ae76fe7bb10aa7893de011990a859620baa74a6f87d5e78d6005e69e7e448b
-
SHA512
d4d33d1034707ca8a5469c85f787a30ad236881101119340a4f809da4d7f37a3fbd8c74252c94479a149a9a08a01b39d0ca1f3745721875950ad72b8411c6982
-
SSDEEP
12288:9fuE7mPgu3cYIsgiP7zO2f7kUJZ8jTLxfUe3T:MoC3tFgm7zO2fxJZ8jTNfVj
Score1/10 -
-
-
Target
KuGou.exe
-
Size
277KB
-
MD5
a89869dd06d42d4d399eb60aef51be53
-
SHA1
308778f462d44745fb7a13fcde17dcb5c8508d40
-
SHA256
b6a8f53f84b4d36df946f41e9d5658674bfa051db328ceb5b82a82b313f101c0
-
SHA512
bd65414a972a95a1cf34b9c30b168698cc1f2fa95f12fec3b17f0046e17687010922dadb06f99f10bfeb35efb1d7dbd763532d25b08b71fd3fd94c289e962f8a
-
SSDEEP
3072:92Z8caYbL+Sa9PGjsDMMl6EOMubFf7PpHn1gBDA+Eo+BDd7upZm5:92Zbak8ojPBf7+8+Eo0DFuXk
Score1/10 -
-
-
Target
MobileIdentifyDLL.dll
-
Size
214KB
-
MD5
465664b55d5baa1c122baf9c28cf122b
-
SHA1
dce92025d008c171e1d1e0dab2c1fc088b6fc872
-
SHA256
ce591290ad1b3b55b485d60e893a44feae4cf72590680a60921b71f323cbdfe9
-
SHA512
43c229bf77ab5309b6401d98f74af4a444b1c159a524cca13a79618b143c29d00789e9ec092a827ff2bd88b40d48158fc3681bb3580c2e7d0d53710b94b202fb
-
SSDEEP
6144:8x3fJhBlCpNRWOuxOhcXAUMBOC45tLXJ0JW0CaoaUq1uL5kjxcE0pm:8x3fJhBlCpNRWOuxOh/UBtN0H1uL5QQm
Score3/10 -
-
-
Target
RunGame.exe
-
Size
71KB
-
MD5
6cbf23d640553b01afb2bcd64e513603
-
SHA1
85553697fa8aa86bbc5de321c94b20664018ea28
-
SHA256
bdf45e650caaf214fadbeb8a534893bcdf45541e5d641d4beda97ce49317ee83
-
SHA512
232e910ae2f0fc551f8fa2b6157824b44f95389546b5f42797b225dec7a1c28a5ce89702d6393809cc4f3d057d31889b4bf12d9644e89207ed354fb8d157957c
-
SSDEEP
768:TUntxZvPzGB6rVz3gFobjZkVfW9HPCfv+I6rhPX3aH8+GbebcYaSMP5aGNSNg:TUtxhkFKjmVfW1PC+xhl+DbFarPfug
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
active_desktop_launcher.exe
-
Size
74KB
-
MD5
8a38816cefd99a8740e28b320f851213
-
SHA1
1481f7eb83d1778bce80254b17ac3dedd4696741
-
SHA256
39e72bf4cc74f95abec56f736d0203cb985e7ff0690eefd48895d64ead599468
-
SHA512
47697674e42bb268f8bf0deaf16a4f56954268fc2014fa03ce9e84044a5665ef5f6d9891015846bf666a239b9976a1aad59956d5fccf812b9bc831cd9a942a7f
-
SSDEEP
1536:0H8tImFvh/tAoX/V1d/jc81qsWjcduekxerR:0H8imz/HZ11ufArR
Score1/10 -
-
-
Target
active_desktop_launcher_x64.exe
-
Size
85KB
-
MD5
8cfcaa29af00510adfa40384a330d241
-
SHA1
b26dd4139124627ec9fe036dd71b50ffe7e30be1
-
SHA256
b47b7f6877767027ddf8508224d7670717b343f405fbf3389ffb2211e63bb6e0
-
SHA512
e94fc057d317187e1d53724b1022376eb40a9d4d4ba40313e2f3a6b3c269bd323699b9035d16481bca91bc9d25a8bb9a88dfe1276c41aba1167dd0ec5ae6941c
-
SSDEEP
1536:1LT11uyRFNsa9N/urOKwjAEHxPNgE71x48suYjsW4dnRRDQ+QfD:ZTzuyRFNN9N/wwjtHxv2uYsnRJQ+QfD
Score1/10 -
-
-
Target
active_desktop_render.dll
-
Size
213KB
-
MD5
7890f29cc1ff5d39ae57c8b39138bd8c
-
SHA1
7fb24261065d1e1fd9280c79ccae75dc958b0ce3
-
SHA256
b69f2623244471ef3f10439ba7610a8013a2a6e857f9a454fbf0e3031ec9070d
-
SHA512
9ed1882e981b096fd080454650bae0419bb1c2bfff6d57abe4941f9986045abfdb044f91da40c8fe1231c2c2df9d3fe6326b4dc44ba2efeefdb5a10d66bf337f
-
SSDEEP
3072:rWF+VYYYE17RmQvdKYZabdK36ilvRnrfMV33Uoaq9hx2l2p+KVjXTv21Y7ejE1g:lakVabE6ilvBMDaunrHAWYEa
Score1/10 -
-
-
Target
active_desktop_render_x64.dll
-
Size
248KB
-
MD5
562bc9bc43f11c50662709e74affab0b
-
SHA1
b87d209d6b3f004d766229ac2cc09e5f37fac849
-
SHA256
d6f9cd4942486aeb2561e2a2adc9642b8e9fcda0483b729377c6c845c5f921de
-
SHA512
a2ee85ec2d71a3e5c61247d7e4baf2d4afc9b69b696c8d1ffd620df0f1c33de325e7b37817104dc23a2fdc5fed72e65c8889af6c6bcd6b3071dda99027bd1870
-
SSDEEP
3072:7qvsf9DcYb/QWoIDTTmXateQ3fDfGY9D8OFY+M7hKnxXTAGUpL7Am2mvFGvM25K:Ssf9oWDTqXOjPDfGUDPFYRhgxdm2STOK
Score1/10 -
-
-
Target
cef.pak
-
Size
2.1MB
-
MD5
365c7bb59775e12bf8e9ce8195e2c763
-
SHA1
6b8ce546579154605a5a870f8996cc6f2bc81bcf
-
SHA256
25e133e5b35dd73bbb416f1be517a7b7a0cd7cb0c353605606e6d7b93497ef2d
-
SHA512
3467767a56e0b1eed72bb641c785016e35bb87af73be51c7a88eb5bbda72074a6869df1ce42d04a6c96716e92ace131239df3d8e0cb5f5138c79bf700eba5471
-
SSDEEP
49152:A+7Bye9VR5aVeVh9MWggb7xqk2UQLVGGG2pLTux:RMGGG2pLTux
Score3/10 -
-
-
Target
codecs.dll
-
Size
1.3MB
-
MD5
8d7e274eeaacb2d40d6b57ffbad05147
-
SHA1
b758a09dee46b49559a6156558de5ecddddbd3a6
-
SHA256
0ba64e4e19518377dadc18665dee3ca0574c6eddb79aecf958a73a366e0a5d40
-
SHA512
2b816045c7c3ffb4c0a4a7c881cdb96099b5f1d06e18cd02dd212a3416cc2de1203fc4ef9371d4ea610dca0ca0a94a3337a886bd35bad1c552ec22e4b162cde4
-
SSDEEP
24576:84ml94oY4eRvrkaCLkP66WKj4TEPmlXGOQfY18D90Rb6+kcQY6qqO3oNugs4Oy6F:84mv4oYzeuVr0TymlXGOWYKs26asnMG
Score3/10 -
-
-
Target
dataimporter.exe
-
Size
73KB
-
MD5
912e0761f532da697fb4040343f1d400
-
SHA1
c893710ecf315519d5f02c08fea1d08f8c5c0ca5
-
SHA256
0fd0aea57f8eefd064b18daede1535e78d386e775b37b4f230ffacf934b9331f
-
SHA512
03a8096bebbea2ebcbc5ef9ccab354cb50ccbe30f9a14296eab7736aad156c1279e7dba2eb7fbc78bdb97a9a2ab7dc40b0fd650b50fcef207bcacf188f12d7ad
-
SSDEEP
1536:VVpr+EFphMtloxb1j0P9c81qsWjcdIzcUReDH:VVpSEBMwA11SqDH
Score3/10 -