Overview
overview
7Static
static
369b9435033...18.exe
windows7-x64
769b9435033...18.exe
windows10-2004-x64
7$1/QipInst...ff.exe
windows7-x64
1$1/QipInst...ff.exe
windows10-2004-x64
1$3/$APPDAT...er.exe
windows7-x64
7$3/$APPDAT...er.exe
windows10-2004-x64
7$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$3/QIPApp.exe
windows7-x64
1$3/QIPApp.exe
windows10-2004-x64
1$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$R1/Plugin...ng.dll
windows7-x64
1$R1/Plugin...ng.dll
windows10-2004-x64
1$R1/qip 8.0.exe
windows7-x64
1$R1/qip 8.0.exe
windows10-2004-x64
1$R1/unins000.exe
windows7-x64
7$R1/unins000.exe
windows10-2004-x64
7General
-
Target
69b94350338b13014b0f6c4f51f70b6f_JaffaCakes118
-
Size
2.4MB
-
Sample
240523-e311xsdh65
-
MD5
69b94350338b13014b0f6c4f51f70b6f
-
SHA1
9590d21cb92ff8f4eaa4977dfa7d805d15421835
-
SHA256
23d18b987ed4162ab5fc624da3416a637b0f4c7451ccb4224be449e27b316c71
-
SHA512
71f80445403709e88e73a05f6981ec0ded669baa0059e0590023e7ef163de8d8218c7d5453c5f6c10e0d7dab1081f3b86bc939df5c1a5ad578d6990230732dc3
-
SSDEEP
49152:nSRWYWPag7CEInZDeB4ZrsRX9DrscltmiyRcVTz33k9zNglsYQP:nSRWYWPVmy7RtrscltksTzkElgP
Static task
static1
Behavioral task
behavioral1
Sample
69b94350338b13014b0f6c4f51f70b6f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
69b94350338b13014b0f6c4f51f70b6f_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$1/QipInstallerStuff.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$1/QipInstallerStuff.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$3/$APPDATA/QIPApp/uninstaller.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$3/$APPDATA/QIPApp/uninstaller.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$3/QIPApp.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$3/QIPApp.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$R1/Plugins/docking.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$R1/Plugins/docking.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$R1/qip 8.0.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$R1/qip 8.0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$R1/unins000.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$R1/unins000.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
69b94350338b13014b0f6c4f51f70b6f_JaffaCakes118
-
Size
2.4MB
-
MD5
69b94350338b13014b0f6c4f51f70b6f
-
SHA1
9590d21cb92ff8f4eaa4977dfa7d805d15421835
-
SHA256
23d18b987ed4162ab5fc624da3416a637b0f4c7451ccb4224be449e27b316c71
-
SHA512
71f80445403709e88e73a05f6981ec0ded669baa0059e0590023e7ef163de8d8218c7d5453c5f6c10e0d7dab1081f3b86bc939df5c1a5ad578d6990230732dc3
-
SSDEEP
49152:nSRWYWPag7CEInZDeB4ZrsRX9DrscltmiyRcVTz33k9zNglsYQP:nSRWYWPVmy7RtrscltksTzkElgP
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$1/QipInstallerStuff.exe
-
Size
158KB
-
MD5
93097a86a7cbc02dc080fc1871ef7367
-
SHA1
21eee8f427f268e52500eb8ddb0748b514dec2af
-
SHA256
d2f17d052819082b55cc2a54947f9acd6756c0ef0427182fdc65b049cdd7bdbe
-
SHA512
2b96822c8a14dbcf2582c4ac0e0b87f7d769afd37730808baf2e74c96d18786794ffe3ecc13ff73d0c3f805609c886de5bd8d1e5ed7625f1d6dd104dc632c3ce
-
SSDEEP
3072:+ffDHDYydKV4fUymvQ3Ag0Fugg3cIGTgGTCGzpGLpGppVHks9k2:+zHcydKVhC3AOpcICg+C6pepspG8L
Score1/10 -
-
-
Target
$3/$APPDATA/QIPApp/uninstaller.exe
-
Size
40KB
-
MD5
833317595f14b577825dcbd67b865dfc
-
SHA1
6e06fd1f73d71826b8f609cd04293762a60f0bea
-
SHA256
1426647a213839e3b09778dabb8879eb2ff8881634b82a78c85017ff88d90e11
-
SHA512
7289335c3332174e7a876f7bbc86f00e98bef044d96c70214ec08e38afb855935195762952bc67d579fc6c3e59546d4319d971a148e24dd67351a1a6ddceaa2c
-
SSDEEP
768:UJKOdm9o29rJYypQJ2JQJXJuKU+duC1ZHQ0D3LHSGiVNuoJRn1Ut:kTdm9B9lYypfMXvugHQ0DbLiNuYI
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$3/QIPApp.exe
-
Size
329KB
-
MD5
590e4a65a861ddaa20c091c256ee15a8
-
SHA1
a9737174dfd1ae37399cdcae587f1bf63a7005a7
-
SHA256
9f061df6a2cb2f488ecd844344e6ef5f4a7d2aec65368dd1871388babb38e906
-
SHA512
ea2ef57c7d951e0d5d6e0e59002638823cae0614b16c7dff6ef25044ca643170277e28a3a1f7993e5e5785028c14b77bc02013733d969e12e1dfb29bb699d79d
-
SSDEEP
6144:v/oJ3wyKrRVMPX+0Qq9q9q9q9rP4PxPCPUP4P4P4PQCZy94:vwJ3CNIm
Score1/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$R1/Plugins/docking.dll
-
Size
60KB
-
MD5
bf49f5ac4bcda179d3e2af86dd92ae7d
-
SHA1
715ad84d9eaf7ef52bcf97d5477d3cdcd4f07965
-
SHA256
cff686ad048c9d7db12113f2fcb0947ba03c0186cb6daefc1bdca9e2ea395e7f
-
SHA512
d5f9c60272dfea4609f9cc3e00aea4b36c1df716af015b58e2b1f5124039fccd9b879dce8abca0954b4b86c8ed748ac698e9837faf7c1d621b1fbfe2f23e2da8
-
SSDEEP
768:0O1uVg17CZCojegVKLxAwbITiXjugNgvLiws8U4n1p0L2D0DfOxCU:Nmm+ZCeVKLxfGiTu8gvLiwjU4kbDfOd
Score1/10 -
-
-
Target
$R1/qip 8.0.exe
-
Size
3.2MB
-
MD5
e0fb51ae556cb2c8d88a326705b2b602
-
SHA1
30031d0ea12cf5aa34f2222fdc4be3a3a6205b7b
-
SHA256
66a20bffe2e1e2fcbfddc8ee3a90418da636b833cbb7a075c743a18d54914437
-
SHA512
59a9488ce451351c9ac407f67364b07a8992b4b9e9e6a97f1dcd4f0933d1693ad574fcb56192b4776c92de021c1d0dfd83e9d5c969eb1d6208a2b0ad4ea7a346
-
SSDEEP
49152:KjjfdlGBAJIAAw0HAcQzTndgmZ1NGBbBIKgmAvlhhciTnLHwf2foam+:KPffGCJIAAPHAcQfRZ1NGRIhhgft+
Score1/10 -
-
-
Target
$R1/unins000.exe
-
Size
705KB
-
MD5
26ee6f06a21fbdf0de18cebd85853bbd
-
SHA1
e64a373a4c928e3f84174f9d75a286e038d259ff
-
SHA256
b916906a58e78b9b6c1a4672c12740549a81f57bc1b6bfe8ccef320013eaaa6e
-
SHA512
599ec361109b861d5cf8e87e20161d050e5a69c5e31bef2ed01d1a6ad441fd69eb21df8ee433a9e07889abe1ffdbb41a8f48182e0ea51c16711c91d679859522
-
SSDEEP
12288:MuA/arACiIrPe37lzH6A64EGYHuXsr5aER+gjrNAFR9FXsvy8duXEx9ZT:MN/arRiIrPe37lzH6A604cs1aEcdFXGJ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-