Overview
overview
10Static
static
36f76d0c1fb...18.exe
windows7-x64
106f76d0c1fb...18.exe
windows10-2004-x64
10$APPDATA/U...ui.dll
windows7-x64
1$APPDATA/U...ui.dll
windows10-2004-x64
1$APPDATA/U...en.exe
windows7-x64
1$APPDATA/U...en.exe
windows10-2004-x64
1$APPDATA/c...fswipe
ubuntu-22.04-amd64
1$APPDATA/p...mp.dll
windows7-x64
1$APPDATA/p...mp.dll
windows10-2004-x64
1$APPDATA/u...ui.dll
windows7-x64
1$APPDATA/u...ui.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/diaeresis.dll
windows7-x64
4$TEMP/diaeresis.dll
windows10-2004-x64
4$TEMP/name...pt.exe
windows7-x64
$TEMP/name...pt.exe
windows10-2004-x64
General
-
Target
6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118
-
Size
568KB
-
Sample
240524-w95fcseh8w
-
MD5
6f76d0c1fb88337cb281b250e2c178fd
-
SHA1
c7b1e09633191070ee87a3d5bcd8e2ff3eb48151
-
SHA256
0ab29a1c5c76e79998b45ddc32e3377d3f59bcd99a0f67f3e831ad02996c96b8
-
SHA512
c54029e5999b21b631f150469de6ee07c852cf232e51255cc720f14994edcf4e17ded7b1ba6284da9a3afe921cb41700bd718b4983dc6705ae3e9975b59394b1
-
SSDEEP
12288:1cUCnVQx9b6IRQGCvYC240ImI5b48EKlRg1TdyBurkF0MfkOMvlxiDF:1cUjfbHRQK/4vx16r5aRp
Static task
static1
Behavioral task
behavioral1
Sample
6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$APPDATA/USER/doinstall/strFormId/logo/msdnmui.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$APPDATA/USER/doinstall/strFormId/logo/msdnmui.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$APPDATA/USER/doinstall/strFormId/logo/resgen.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$APPDATA/USER/doinstall/strFormId/logo/resgen.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$APPDATA/credits/ntfswipe
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral8
Sample
$APPDATA/period/plan/frequency/clean/msddslmp.dll
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
$APPDATA/period/plan/frequency/clean/msddslmp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$APPDATA/u2/mailto/connectt/DbgUrtMui.dll
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
$APPDATA/u2/mailto/connectt/DbgUrtMui.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
$TEMP/diaeresis.dll
Resource
win7-20240215-en
Behavioral task
behavioral15
Sample
$TEMP/diaeresis.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/namespace/CMAccept.exe
Resource
win7-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/namespace/CMAccept.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118
-
Size
568KB
-
MD5
6f76d0c1fb88337cb281b250e2c178fd
-
SHA1
c7b1e09633191070ee87a3d5bcd8e2ff3eb48151
-
SHA256
0ab29a1c5c76e79998b45ddc32e3377d3f59bcd99a0f67f3e831ad02996c96b8
-
SHA512
c54029e5999b21b631f150469de6ee07c852cf232e51255cc720f14994edcf4e17ded7b1ba6284da9a3afe921cb41700bd718b4983dc6705ae3e9975b59394b1
-
SSDEEP
12288:1cUCnVQx9b6IRQGCvYC240ImI5b48EKlRg1TdyBurkF0MfkOMvlxiDF:1cUjfbHRQK/4vx16r5aRp
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
-
-
Target
$APPDATA/USER/doinstall/strFormId/logo/msdnmui.dll
-
Size
29KB
-
MD5
f217fe7e8cbbebc61930bd60cfaea1e9
-
SHA1
18532b33579033f04b661a196d4ad5c0887f3736
-
SHA256
8638015b2bbc5b04029749aeb78e14521b5928737ca5e03bbcc2c0ec1a47f6cf
-
SHA512
b1633fe45c85f0e63fd0f293a3f71a80f6a8f059fbb3e1d17feac1ea7e5fce5d5d08207f08a163dd4543228556570e9a0bf06f34ca73f17ef9efa60f5fd3059c
-
SSDEEP
768:A/MAM30cf+Mj4fIzdODwDp1Y94nqiRyW82CLorT:QHel+MFKEpqUqiYWBOq
Score1/10 -
-
-
Target
$APPDATA/USER/doinstall/strFormId/logo/resgen.exe
-
Size
36KB
-
MD5
fe249e495e6aefc8e5efb832a69f3f57
-
SHA1
a5b37c878fafd676dd1a1b4a752e5d2ddf0fdb20
-
SHA256
b8de815c5403f6e050222d3951e4ce24d2786db3e659a9bbc5c6b3e79b5127b7
-
SHA512
8e88c9965c6b0b13cfaa2dbe5e7813568bd92fdaca1101a9c2f54192d143793b87afd433277ebc81a6e6ffc3d8251d8629dc3021708a0c0af27c99f2d63e520c
-
SSDEEP
384:FMcI3qdirubUVbWxLGvI1XedIaWgX7lfpaVKlcOHz78c5K8NWuiokz196xuL2QP3:9I68VbWxyNdjrpFtQC
Score1/10 -
-
-
Target
$APPDATA/credits/ntfswipe
-
Size
46KB
-
MD5
b766c9874ec2bbc84f0aa56cdf5053ac
-
SHA1
453b45f3b43e22329b0a56dade742bb60cf344c7
-
SHA256
70b30e72d40a15cb186c8428c41dd1a9ddd37f107bb5bc549a4bb2140249fed8
-
SHA512
3ecb43f4d6204c8a97c2b4868aaa7b0e2f02b8ef02a3eed4b5a77a973435a9b56dcdebbe28053bbaa1d608fe45b77ea0744acc23508d32b4db33e721e09907ed
-
SSDEEP
768:V7vvrLdzYmHcEf6uefUnvubI+Df4ziQxLYyo1mVmI6RF6a3X2tk:l/iY7f6vvI+DAbMywF6a3X
Score1/10 -
-
-
Target
$APPDATA/period/plan/frequency/clean/msddslmp.dll
-
Size
40KB
-
MD5
ee526797868d4ef8407045a78dfb8e72
-
SHA1
c17ecf8ae4518c6120ad9f9e91ad66bba239ead5
-
SHA256
e457bf97dedc3a13e4d07665bb559edafde145798057d8d48cc892adc7ad1960
-
SHA512
6a849dad8efe88731b96d96947591c21530dea3484093275cbead0d163bd26bc460f8166a26778e201ac0fe54d6a25291d4a02079ef6d027a1a2e6902b293427
-
SSDEEP
384:C7rvZs15uzKmqlTnM4P9sVqv1LRKWjoB4s0vLdnS3BXvVMMcZ/byN2DHpQ6uEAWf:CPZs1wz/q5lG03jThvZuEg
Score1/10 -
-
-
Target
$APPDATA/u2/mailto/connectt/DbgUrtMui.dll
-
Size
28KB
-
MD5
59cef37c54dec0166472d7db7df56afc
-
SHA1
01a839ff2389e3b4e41dd474199efb1ecfba496a
-
SHA256
f92e892e0ab61777ccc108d258c546c4cc4cc9034d0e766654a96fd7cbfbaabe
-
SHA512
a96ab2309c28e37d54ed84f0f3d8fc88269c2b78dcdd52d94df39b4a317a8046da6a55666d27fa5d5a936edc16dcfb00d88f60befe2061dea3818e8eb8ab39be
-
SSDEEP
768:HyFwb0Nw3PqM2Wu5zIWTusGC2BxT4PrWeqLi+vXex5Yb3vP1Z46PtV:H2y/3Pfb8+sGCEIrWeBK
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$TEMP/diaeresis.dll
-
Size
10KB
-
MD5
51921a259471561b82e7b37b08cac3a5
-
SHA1
a3d991d42e1861f4db64438969116771bc8dbb81
-
SHA256
32dc82dd46ca4e4937b9f3c31988dde9cd1cfd4c907798d942b13394169f1bf6
-
SHA512
2446084e48688f37e60116c734dc9c8172e3692b2dde6e915c35f89bed7c383c4c62516680b4a701f3a8d29bcfdf7418f9846c302d4a64f042aabe000b07aa7a
-
SSDEEP
192:dWRKKJtAvnh/W+z0DPlZ8GRSkmBxu22HypO00XX:dwJtAf70pRgxdJO00XX
Score4/10 -
-
-
Target
$TEMP/namespace/CMAccept.exe
-
Size
20KB
-
MD5
ce9ec29c6b19dced820e0f2eea7c5237
-
SHA1
5ab22cf17095bc0d3ba18e753654cff4edfd0dab
-
SHA256
980a535ef48369fa83fe881e232c3f12ea34c93b06178b53ee441a73d54d7f02
-
SHA512
b6bae95f663e0fd9e3facd64719b650244d48b4afdb630ec8429654799200bbfc056f37c8ff506fb07c3c7e9f698447475e73ea852c4d0ca71167c17aa21c35f
-
SSDEEP
384:1z6qvCuzu45cE/lViXtz9bp3WNNW1Y1stEy1:1z6CzRNQh9bpKIEc
Score1/10 -