Overview
overview
7Static
static
37b3491e002...18.exe
windows7-x64
67b3491e002...18.exe
windows10-2004-x64
6$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/petronel.dll
windows7-x64
1$TEMP/petronel.dll
windows10-2004-x64
3WindNinja-...ll.exe
windows7-x64
7WindNinja-...ll.exe
windows10-2004-x64
7General
-
Target
7b3491e0028d443f11989efaeb0fbec2_JaffaCakes118
-
Size
809KB
-
Sample
240528-bmax1sac83
-
MD5
7b3491e0028d443f11989efaeb0fbec2
-
SHA1
e2efe60cb8bd67840f9a8bf92b57ade97e406a88
-
SHA256
f9c67313230bfc45ba8ffe5e6abeb8b7dc2eddc99c9cebc111fcd7c50d11dc80
-
SHA512
d9aa8ca4b073b8cfcd64993f63154e38bd0e7f29158c9b152cca9810f957ac2aba7092ee3ccbe2bdfeef3ebed20c30c476d7c6cca6f672bf3ceec103b13f5f3f
-
SSDEEP
24576:6j5M2MNQTkxLYHdDPO/p5gzBs+nTgn0fZKscuEfao:S5tMNQqY9DPUussTgnwVcRfao
Static task
static1
Behavioral task
behavioral1
Sample
7b3491e0028d443f11989efaeb0fbec2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b3491e0028d443f11989efaeb0fbec2_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$TEMP/petronel.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$TEMP/petronel.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
WindNinja-2.0.1/Uninstall.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
WindNinja-2.0.1/Uninstall.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7b3491e0028d443f11989efaeb0fbec2_JaffaCakes118
-
Size
809KB
-
MD5
7b3491e0028d443f11989efaeb0fbec2
-
SHA1
e2efe60cb8bd67840f9a8bf92b57ade97e406a88
-
SHA256
f9c67313230bfc45ba8ffe5e6abeb8b7dc2eddc99c9cebc111fcd7c50d11dc80
-
SHA512
d9aa8ca4b073b8cfcd64993f63154e38bd0e7f29158c9b152cca9810f957ac2aba7092ee3ccbe2bdfeef3ebed20c30c476d7c6cca6f672bf3ceec103b13f5f3f
-
SSDEEP
24576:6j5M2MNQTkxLYHdDPO/p5gzBs+nTgn0fZKscuEfao:S5tMNQqY9DPUussTgnwVcRfao
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae
-
SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b
-
SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
-
SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
-
SSDEEP
192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score3/10 -
-
-
Target
$TEMP/petronel.dll
-
Size
10KB
-
MD5
437b11c6cce872c4c7e94b30e5812997
-
SHA1
219f7dcf754dba48c53cf3cde5637cc4adceb3cc
-
SHA256
4a5164acce1c631285a09353b11e318426800801cac515bde8e76a10bac6130f
-
SHA512
11ea28de7d274a58eda40e2eda176de898558cea2cff4045b27f4282baa5d0cfed1cc1c4f49abb7bbcf79fa70585424e9ce5dd642fe5f98a7db948a21b2442c2
-
SSDEEP
192:oy0X5kKzSZAwVFhSv4gZRnRH6rfDkjkky:ot5kK+ZAwVFhkZxRHeQy
Score3/10 -
-
-
Target
WindNinja-2.0.1/Uninstall.exe
-
Size
49KB
-
MD5
ed04f76422a68aa282da0adf017f1a96
-
SHA1
63862b6d935ac184b4faef4649ac5be14ddf8505
-
SHA256
9f652f774eaeaa769f245bfc7e3a6d11b04068cc1618f49dc760eea3518b2bb6
-
SHA512
59f3f8d7fbda57ee7f735014c4a7c2ddbb97a35c48725392fe1528998db9cdb8d2a69fbb068bd20cfaf58b5b3ce79af34c270f9a2bcd6e89e7ee21afe3aa8255
-
SSDEEP
1536:WwJOoN1oYaoZ5iV685XJPChgdLeAyNJzF:WwJ52Y7ZoH5XJahceAUF
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-