Overview
overview
7Static
static
77a1b7fd28a...18.exe
windows7-x64
77a1b7fd28a...18.exe
windows10-2004-x64
7$APPDATA/R...te.exe
windows7-x64
1$APPDATA/R...te.exe
windows10-2004-x64
1$APPDATA/R...20.dll
windows7-x64
3$APPDATA/R...20.dll
windows10-2004-x64
3$APPDATA/R...pi.exe
windows7-x64
1$APPDATA/R...pi.exe
windows10-2004-x64
1$APPDATA/R...rt.exe
windows7-x64
1$APPDATA/R...rt.exe
windows10-2004-x64
1$APPDATA/R...ub.exe
windows7-x64
1$APPDATA/R...ub.exe
windows10-2004-x64
1$PLUGINSDI...ol.dll
windows7-x64
7$PLUGINSDI...ol.dll
windows10-2004-x64
7$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
3$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...ol.dll
windows7-x64
7$PLUGINSDI...ol.dll
windows10-2004-x64
7$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3General
-
Target
7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118
-
Size
11.2MB
-
Sample
240527-w7666sef33
-
MD5
7a1b7fd28a1d853d454585f9a77d3b69
-
SHA1
265c0efbfc6147ae0f698473e348e62406d6750f
-
SHA256
6cf77d2dd24c9a1c1564a1af270943b5b885a80e727248c3b29f51e5fd26f877
-
SHA512
87cda1873c4e91907b84f8ad56306b7b39fc7d2cedbc1f7dc5fe8f4e5c98899181a4843fc0e1f8e66c0cce7d0f9cda4fa4165db76011b32d475c02ec9f297153
-
SSDEEP
196608:sXY0UVGNAAyy9wd89cu43mqc2NhHqMHU8lcsR9y3igMwSGd:sXiIKNy9OT3XNhKvOPPgMwJd
Behavioral task
behavioral1
Sample
7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$APPDATA/Restoro/AV/avupdate.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$APPDATA/Restoro/AV/avupdate.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$APPDATA/Restoro/AV/msvcr120.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$APPDATA/Restoro/AV/msvcr120.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$APPDATA/Restoro/AV/savapi.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$APPDATA/Restoro/AV/savapi.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$APPDATA/Restoro/AV/savapi_restart.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$APPDATA/Restoro/AV/savapi_restart.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$APPDATA/Restoro/AV/savapi_stub.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$APPDATA/Restoro/AV/savapi_stub.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/RestoroUpdater.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/RestoroUpdater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7a1b7fd28a1d853d454585f9a77d3b69_JaffaCakes118
-
Size
11.2MB
-
MD5
7a1b7fd28a1d853d454585f9a77d3b69
-
SHA1
265c0efbfc6147ae0f698473e348e62406d6750f
-
SHA256
6cf77d2dd24c9a1c1564a1af270943b5b885a80e727248c3b29f51e5fd26f877
-
SHA512
87cda1873c4e91907b84f8ad56306b7b39fc7d2cedbc1f7dc5fe8f4e5c98899181a4843fc0e1f8e66c0cce7d0f9cda4fa4165db76011b32d475c02ec9f297153
-
SSDEEP
196608:sXY0UVGNAAyy9wd89cu43mqc2NhHqMHU8lcsR9y3igMwSGd:sXiIKNy9OT3XNhKvOPPgMwJd
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$APPDATA/Restoro/AV/avupdate.exe
-
Size
1.9MB
-
MD5
b4e681c7a94989c585e20e94a6d190e2
-
SHA1
0135a34c15b292c1ddd76680de61d80903b1ecc0
-
SHA256
b5c5a11a2c79dd9ec21389c74c7c3fbb60c12db8b368433735918d4c027e4734
-
SHA512
0ba3e17085690eed7cc2dc14b838befb7fab73a490d03471d6d4fd8f072426cf1fc4b7bc369ee1d769a8cbe58f9c08bb4f8839062e48c6207ba28dac3c76e09b
-
SSDEEP
49152:vPyinyRbwgfROBzNmal9u7UXHTimaPAp1c0yfe:vKiyG6ROBzNzC7UXD3
Score1/10 -
-
-
Target
$APPDATA/Restoro/AV/msvcr120.dll
-
Size
948KB
-
MD5
034ccadc1c073e4216e9466b720f9849
-
SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
-
SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
-
SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
-
SSDEEP
12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
Score3/10 -
-
-
Target
$APPDATA/Restoro/AV/savapi.exe
-
Size
347KB
-
MD5
83a59836cce58fad338d8b6073acfaa3
-
SHA1
2a524dee5989b30fa0ab9e6f1f16218673fbfb2e
-
SHA256
c87c306f265ec4bba63eac865422fc924f044089bcf5572ccf96603ed26e37b0
-
SHA512
ee26b11113ff377d95cd4be477225b5a366031a0eaad54b6e45a21c131366aeb374906ba0525a6cc6c45b28816b0d72d7a4870f47225938186b56c46f8c808fc
-
SSDEEP
6144:jpCLGXpbRAPg2rrsGemB+iGGpf/3obGyQOima/ndzm2pmXZALMSnq0+ytpDsQ8cK:jpG9P3rsGemB+if/3ZBOdCm2pmXZArqX
Score1/10 -
-
-
Target
$APPDATA/Restoro/AV/savapi_restart.exe
-
Size
79KB
-
MD5
5642de8422a13f396457e9d46d45b4be
-
SHA1
b52a7a935b49a07c68855a2f1dcb254d93d7607e
-
SHA256
89acb4b9ea3425232ff065f8388ae27fc7628de378681b889aa1c3ff52e8a6f8
-
SHA512
5197cd1e15f82184cc8fde095d757f627b16a24d6c55c09479894819b392687c766f9e28bf193a63c56db073226db8c972cb456ca6bae760b9b830e72e3c8df2
-
SSDEEP
1536:SlCJsfaGIpynGLTApZHqwHXcHqhk5sWjcdRd//Pdg:SlpTvGnApZgwb//e
Score1/10 -
-
-
Target
$APPDATA/Restoro/AV/savapi_stub.exe
-
Size
81KB
-
MD5
d5e166d250289c7adf004a127fbaf563
-
SHA1
482c9e5c500ef0cbaf56469a787ebf7fa92ff6a0
-
SHA256
e93a1861e03a936cff71a730cf0df627b6febdbdd9f7958059e97f447fda5c05
-
SHA512
a9ed849bc866f6edbe3652e926e893eeebc9868f7252292d8bd44a67b128f843bd891441a84ccf5869771feeecee9ad23f0093f8a382b17ed863aefd381071f2
-
SSDEEP
1536:UtCfliQx+kc5mCKeUGbtC1q/HXv7U4KF4GgPxDDsQ8cN1UxHxSH:Utml3lzCP3I1uHXjUL0DsQ8cNoHxe
Score1/10 -
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
8KB
-
MD5
65d017ba65785b43720de6c9979a2e8c
-
SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9
-
SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
-
SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
-
SSDEEP
96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score7/10 -
-
-
Target
$PLUGINSDIR/DcryptDll.dll
-
Size
156KB
-
MD5
4c373143ee342a75b469e0748049cd24
-
SHA1
d4e0e5155e78b99ec9459136acece2364bc2e935
-
SHA256
b4b5772a893e56aa5382aa3f0fef7837fa471e3b3e46db70b8bc702f2037e589
-
SHA512
569f92c3ff9a6e105cf9b3806d8b696442a5679dfa5d7c9362b0649a67cbea2478ca28a5da6c3bd0edacdb634509d8584c6959a4cc13c38d596458f372832f61
-
SSDEEP
3072:etvFO3r5Unb7FQwdkb6ckt+bBwmhqKUuWxvt+9/dh:etvAtUn3ewWc+
Score3/10 -
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
0deb397ca1e716bb7b15e1754e52b2ac
-
SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
-
SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
-
SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
SSDEEP
96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score3/10 -
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
118KB
-
MD5
a75e3775daac9958610ce1308e0bca3b
-
SHA1
d83ce354cde527c2e20fb425415f6d4795dd4cd4
-
SHA256
fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
-
SHA512
48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
-
SSDEEP
3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score3/10 -
-
-
Target
$PLUGINSDIR/LogEx.dll
-
Size
44KB
-
MD5
0f96d9eb959ad4e8fd205e6d58cf01b8
-
SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
-
SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
-
SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
-
SSDEEP
384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score3/10 -
-
-
Target
$PLUGINSDIR/RestoroUpdater.exe
-
Size
602KB
-
MD5
24ed74775f870e8499ba4e8905ee4036
-
SHA1
947c7cf72adde8a14f615013a321f642e708dd11
-
SHA256
00c602e1a1d16f1cc4d313eccdb7c759e26eb5e53ddca4ec8393c65ed9e1cbd8
-
SHA512
2a4c957fd0c4d5cb691e54b13a39fbf9f9c63d77efa3a85cfb6d7ae933969bad236e6552c894d19c088c43b2d6f833b33d94af3842f377497b2d20fc06620883
-
SSDEEP
12288:Z0gkNM73RT7E9YzewxnI3yPefQdScTaIPelOq8s+p8T:2vebhE0pnU3uScuIPW8E
Score3/10 -
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
8KB
-
MD5
65d017ba65785b43720de6c9979a2e8c
-
SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9
-
SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
-
SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
-
SSDEEP
96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score7/10 -
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
0deb397ca1e716bb7b15e1754e52b2ac
-
SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
-
SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
-
SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
SSDEEP
96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score3/10 -
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
118KB
-
MD5
a75e3775daac9958610ce1308e0bca3b
-
SHA1
d83ce354cde527c2e20fb425415f6d4795dd4cd4
-
SHA256
fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
-
SHA512
48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
-
SSDEEP
3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score3/10 -
-
-
Target
$PLUGINSDIR/LogEx.dll
-
Size
44KB
-
MD5
0f96d9eb959ad4e8fd205e6d58cf01b8
-
SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
-
SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
-
SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
-
SSDEEP
384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score3/10 -