Overview
overview
8Static
static
39da15fbc0c...18.exe
windows7-x64
89da15fbc0c...18.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$_2_/Activ...nt.exe
windows7-x64
6$_2_/Activ...nt.exe
windows10-2004-x64
6$_2_/AppUpdater.exe
windows7-x64
6$_2_/AppUpdater.exe
windows10-2004-x64
6$_2_/BDKitUtils.dll
windows7-x64
1$_2_/BDKitUtils.dll
windows10-2004-x64
1$_2_/BDMNe...fo.dll
windows7-x64
1$_2_/BDMNe...fo.dll
windows10-2004-x64
1$_2_/BaseDll.dll
windows7-x64
3$_2_/BaseDll.dll
windows10-2004-x64
3$_2_/BugReport.exe
windows7-x64
1$_2_/BugReport.exe
windows10-2004-x64
1$_2_/Drive...er.dll
windows7-x64
1$_2_/Drive...er.dll
windows10-2004-x64
1$_2_/ProtocolDll.dll
windows7-x64
1$_2_/ProtocolDll.dll
windows10-2004-x64
1$_2_/ReportDll.dll
windows7-x64
1$_2_/ReportDll.dll
windows10-2004-x64
1$_2_/Repor...ll.dll
windows7-x64
3$_2_/Repor...ll.dll
windows10-2004-x64
3$_2_/UtilsDll.dll
windows7-x64
3$_2_/UtilsDll.dll
windows10-2004-x64
3$_2_/bddlsvc.exe
windows7-x64
1$_2_/bddlsvc.exe
windows10-2004-x64
1$_2_/bdrcdl.exe
windows7-x64
6$_2_/bdrcdl.exe
windows10-2004-x64
6$_2_/dl.dll
windows7-x64
1$_2_/dl.dll
windows10-2004-x64
1General
-
Target
9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118
-
Size
2.9MB
-
Sample
240611-kv7fma1dqe
-
MD5
9da15fbc0c20586b6fa19a2fed2495a6
-
SHA1
75284f4cd932565f7f3a43968ae503f29c046f95
-
SHA256
fe941bcf1e0222579e29a5d305910cd2b96e72f46c78c6f3e3119620c9aeac52
-
SHA512
0aa2308966fc0e886695893c94cdcc3d27ba08a4ad6d8b94cdef7db8354fa15431eea2c84d89f028bc9e02da55fefc45639e7ad48a27679ad2cb52ac705daeec
-
SSDEEP
49152:HcGccpccUccL7cc2ccOcc9cc4VcbcoHcIykOA8ojMxY8ka/AcJcdTa32qb7OAWV+:HcGccpccUccL7cc2ccOcc9cc4VcbcoHO
Static task
static1
Behavioral task
behavioral1
Sample
9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$_2_/ActivityAssistant.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$_2_/ActivityAssistant.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$_2_/AppUpdater.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
$_2_/AppUpdater.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$_2_/BDKitUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$_2_/BDKitUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$_2_/BDMNetGetInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$_2_/BDMNetGetInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$_2_/BaseDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$_2_/BaseDll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$_2_/BugReport.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$_2_/BugReport.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$_2_/DriverManager.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$_2_/DriverManager.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$_2_/ProtocolDll.dll
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
$_2_/ProtocolDll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$_2_/ReportDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$_2_/ReportDll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$_2_/ReportRecordDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$_2_/ReportRecordDll.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$_2_/UtilsDll.dll
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
$_2_/UtilsDll.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
$_2_/bddlsvc.exe
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
$_2_/bddlsvc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$_2_/bdrcdl.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
$_2_/bdrcdl.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$_2_/dl.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
$_2_/dl.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118
-
Size
2.9MB
-
MD5
9da15fbc0c20586b6fa19a2fed2495a6
-
SHA1
75284f4cd932565f7f3a43968ae503f29c046f95
-
SHA256
fe941bcf1e0222579e29a5d305910cd2b96e72f46c78c6f3e3119620c9aeac52
-
SHA512
0aa2308966fc0e886695893c94cdcc3d27ba08a4ad6d8b94cdef7db8354fa15431eea2c84d89f028bc9e02da55fefc45639e7ad48a27679ad2cb52ac705daeec
-
SSDEEP
49152:HcGccpccUccL7cc2ccOcc9cc4VcbcoHcIykOA8ojMxY8ka/AcJcdTa32qb7OAWV+:HcGccpccUccL7cc2ccOcc9cc4VcbcoHO
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/InstallHelper.dll
-
Size
242KB
-
MD5
f951c36f0951a0204179a156031f132f
-
SHA1
7e4c553f7df6451bdfd6555d2ed6fb716823135e
-
SHA256
59207a9b0945dafb3d76737a9badfc133ea613ad80d2114944651b34826a3166
-
SHA512
08b11be5701a153fe5f264ada1f94917f1a2b4646aff98a3221d45da81fcad3c9ecd2678328442f1cf17e2d8fa33bf9fc5bcf7bebf9aa159bc241c7513cbcc66
-
SSDEEP
1536:mQARqh1D4gzYogvC5VM2kMbLBgBwaTIgPfRppxnnllm5ttEX1VT+i:0e1DX8UEwaT6tt0V/
Score3/10 -
-
-
Target
$_2_/ActivityAssistant.exe
-
Size
731KB
-
MD5
4332b65ce1107d12955fd9e04e24b566
-
SHA1
a4a701b890e5d54edc1b414712f7823b0c9b239b
-
SHA256
a0d5ee4b9ac82800ce91e365de8cbd1a98bb2e70f3b2e97185c201a6fd45f7ff
-
SHA512
a8672c507dc965a6d139e146b32e4fa90974a42b4f5c32170deb64b727f6fe97942b57a19e8e8c8ad36a5a332a7b01c1473b86583f3e45ce74a9139cc8d0f81e
-
SSDEEP
6144:JoT/ddj4tGIih8mtekdbWoVwAVxV9ELDYrWW0rW9gDaaaRkEgROS2XyF3GpXysOR:qddj4tGvh33wuxVy3Y0WmlBPyXm47U
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/AppUpdater.exe
-
Size
847KB
-
MD5
e277dda638a21783b46473c3b7cb69e4
-
SHA1
5c27a0547088978688c37d7a5f94e003614f6852
-
SHA256
478506304886280b737953530145a0fc9cb52cf7bddbaedc6dabbdf9db94beee
-
SHA512
e36002a0484e9b1b8802b34812c89a89c4a60f4985d0ae7f93de632118ded16f38635dcc0a3e11ef232e7bad5a680f305940d27d61e3ed693423c1f24f17d5e9
-
SSDEEP
24576:VmVd/8cXDG5rm2RuQfyNycGccpccUccL7cc2ccOcc9cc4VcbcoHcIyccGccpccUS:EVdJ2RuQ6NycGccpccUccL7cc2ccOccD
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/BDKitUtils.dll
-
Size
68KB
-
MD5
94ee23a4078d298f0821b69149d98e15
-
SHA1
5e3abc45c5bc80e97bd8eb1a8811b1f422ca3433
-
SHA256
d04d948dc391ce8868570c294b10b44d06288d84767d0ce99fd7ad2e5f2d5a3a
-
SHA512
257c94b7c5d358fc72325ec8caa192bc9059603628460df7322ede7d7f80475d039aebd5dcc7e0678c6bf6f158f645cf69518dd9e8de5d1e37468fcea39e8d62
-
SSDEEP
1536:UAFC4iLsy5bKZsctL3V8/cnONYsuIE6Ydyi:dFC7Lsy5Gv5l8/kONYsuIEvx
Score1/10 -
-
-
Target
$_2_/BDMNetGetInfo.dll
-
Size
324KB
-
MD5
581d31cb00e9c0eb2667c17441604975
-
SHA1
f87704bb99740313c5c1c58638927df62a4e503f
-
SHA256
6878c666cb88ec03b298054a54a3118123113d75c3dd42276a9604c60ed05896
-
SHA512
231f8af00d80884abd8b13958f56169eb36b0c9c4088809bdf846f2fde5c1ad95f01be3570b8c2fd876743935052216b321f68d67f8b5c6a029da24916e919db
-
SSDEEP
3072:7583c8rPTsOu3wG8nWnha8m9Utk5ELTln4s36iTO1bFMTkFq6Mk5M0gzeIliRgas:983L8+Whfkor36fbbq6f5MnGgaqZVL
Score1/10 -
-
-
Target
$_2_/BaseDll.dll
-
Size
1.2MB
-
MD5
907822e9f18bea93a88e5b3648913d7d
-
SHA1
dba6179232951900377e6db161168fa426243a7a
-
SHA256
0680a0ec3b893f4e8ea70537b271d6ff7804a94d802ab00b02eaf74e7744cd06
-
SHA512
93e0acb4e804a87d7de44c5e6f1a28c5ecd9c5b2ac2cf1982f57076167024ab34f9a64a2dfd9085f2dc38e8b81c8794e83f7ebe5a11a4df258c3a09bdcad8a38
-
SSDEEP
24576:VruqFJ8jhBltJ4wKWCRLbFD/56XxCCGiJTeXDEE+uITl:QM8jhsuI5+TeXY/D
Score3/10 -
-
-
Target
$_2_/BugReport.exe
-
Size
207KB
-
MD5
03f3200b1401abab779c05c010447f69
-
SHA1
f3bf5036171a50170d608f0ac9e28ea9750fcbef
-
SHA256
0f92c98ba21787b2b49ecddb154ea44c5648f9ec56e4dc36ccc3a4c903db1d6f
-
SHA512
fc04c39b5cc5b2a025eb490b263ac831fd4e12c524296f0cfbd6f4bdc2b203a6219ffaad98622512d6149249f7d13de5a5563c9cfd2c8b96c118a4dd1305f83a
-
SSDEEP
6144:dhTiiUZm/vvlTB3TArOJFcGccpccUccL7cc2ccOcc9cc4VcbcoHcIyH:dhbUZm/vvlTtTtcGccpccUccL7cc2ccv
Score1/10 -
-
-
Target
$_2_/DriverManager.dll
-
Size
186KB
-
MD5
2e93f5d93bece63e5ba0a50f2c375ab0
-
SHA1
71db9d3c1be97946b0529e20a9952cb2fb233c4a
-
SHA256
1238b34567f96a9a1eaada32e594169a530a1134714072ec70ad44a2f7786fb8
-
SHA512
312827d4bff0014e4cda4c82f9662ed70f4448e3397d35520ad67c5f674dd81a3edd5ffb338bbe38b16b34b8d5a1370b4a86ba79b65f1029632d0e3d56e43ee6
-
SSDEEP
3072:CB1Tn/8W1bP5tYLkpjDIxpztnWLDvO/iwZ7ZzZu8yOgYwDOXYhBn:CHTn51vThCztn0Dmnu8yOg6un
Score1/10 -
-
-
Target
$_2_/ProtocolDll.dll
-
Size
426KB
-
MD5
7a865be0292810b0e9549aca82cde1aa
-
SHA1
1e67ff3bffe5173b9d65d4d6b08eac1387a3735d
-
SHA256
d2c50b2bb55e61c3d6f5238c122d9a8e07c0c916640c48f224f5c1aaddb6933a
-
SHA512
252f3aa37f7949fc8d774908e983d368df7d949bdcca6a781b882cfbbce494c213325bfae3310367f5e1efc1e04320a50e4fad40fa3055bb5f6c23c8bb476b1c
-
SSDEEP
6144:VKGF+aVSgO3+EmnCC+O/RyiUaCIjL8Ho44Y9LBYFd1AmOckOg+BMkHk5H:kGF+acx3VmnCC+4RyiDjwH2Y9LbmXC5H
Score1/10 -
-
-
Target
$_2_/ReportDll.dll
-
Size
122KB
-
MD5
4f19598b82f9474563dabc22d7ec3825
-
SHA1
028ad1014e671eb613c39126b3609746e19c4b57
-
SHA256
d6961f907cef114b4d961f30b5b04070f30949d72f1f12ab5762d5347aa789ae
-
SHA512
146b05c0b5b375d79eed34488089ec1219da1ecd795654d3c26861713ad55fd92242d2798dde231c882eea85d586b5bba2c1e8a3187b8e109f191f577365d717
-
SSDEEP
1536:+DzK9I/Wc2NGUTs0xfIJ0uUr5pgIEMxTMbjkCSvwW3IUETpTYC5hpeOjnEFbRn9:z9coxfIJ0uU/T4ywGt8pMCvpeOjnE/n9
Score1/10 -
-
-
Target
$_2_/ReportRecordDll.dll
-
Size
110KB
-
MD5
d62d1ca45215389d38608625fbd72942
-
SHA1
08dabce208c5306e199f0d53059573f3beef8fb9
-
SHA256
7f4480499223bdd378e6a87a73d5ec85849a4ac36f442371ec9181696e6f609a
-
SHA512
142f1d7250c5b67a7673c4cb6c956396c400c8832d205731a5c3b22a4f91d6cef6694f021d102ed4738d64f8fffe938beddcc398141b51b4a95e3fcc58d8be11
-
SSDEEP
1536:qsDEbUtA9EZXSqifbJ2SQyVso7IfTZXAfobxctQsOgGWyA1wA:vHtA9EJiDJ2PThc6xeOgGWyAGA
Score3/10 -
-
-
Target
$_2_/UtilsDll.dll
-
Size
78KB
-
MD5
f82407ec4a24a86d80109c9f6a426d5b
-
SHA1
060b7fd4af5940bb51a6b29671eee51325294a0a
-
SHA256
234c935bcea55c2f1704968648b320ff8b043e0dc45c4378e6542d2eca3c8d24
-
SHA512
06deb849ceaeaa16a7669756d9d5a7a4a076db99d7207c71b419ed24fc74bd669682de04e3465b4f4041893671f747dde297baf5fcc82cdb78b454de0daf6de6
-
SSDEEP
1536:4yBXvS8nXTmR2FynILsEGB1HYYzYeqlNfAHB1s26ODwpxbE32+FTMvR2:4yB3TmR2FtZQ7qlNfAHB1s26ODmbEGkn
Score3/10 -
-
-
Target
$_2_/bddlsvc.exe
-
Size
695KB
-
MD5
d68b299fca1df3850f59adb1b29c6a64
-
SHA1
a30792396b6c5c52ab115515efb1f911434d1761
-
SHA256
f1dcbc8194ec04707afb909ea3dd8fac0bc973eae46c4154311ccf05a4393b19
-
SHA512
fe635d3f3d8ca0026b622f556319886f2c5813df28d64da20131305fb47893ff7a3a48810bfe2b74cfb7f18b93672cf53ef6d096bc1bf9dfff45b3f77af9d175
-
SSDEEP
12288:3OhzalLgmdwrM5GcxTxOIcSOki/Ac28CHNr:O2lLgww0xF7Vib28CHNr
Score1/10 -
-
-
Target
$_2_/bdrcdl.exe
-
Size
971KB
-
MD5
57fb171cc1de48296e1109abf9f47e95
-
SHA1
af2cdb32605a2734dc52368b2ee5068045170316
-
SHA256
351c234fd587e8d60557dd2c83e9bf834f52c47fe96106fd57d408c3d41e5bb5
-
SHA512
7d4ea79caf57de88d60c25da27133067f553d3655c87dfee2ce9aa6e5621f4e60074ed5c3bb445b20aafad41ca909fd7fdb7c8dbf1d373ce195aca03528307d1
-
SSDEEP
24576:9lwBjgw++ZFFgPkEUbuPbNcGccpccUccL7cc2ccOcc9cc4VcbcoHcIyu:98P+kEKabNcGccpccUccL7cc2ccOcc99
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
$_2_/dl.dll
-
Size
968KB
-
MD5
feb4a2aa5a6850585b0f5e0ea0f5cf5b
-
SHA1
b8299e2daed670ec3f873dc9a65b5b1ad012ff8e
-
SHA256
a67caaa9d963f6abb9cae330894364bdb022e881778241b2c687652c04a20b67
-
SHA512
e57cd68f043c8cf7aadc62c61a3db0401d24947790da531c789596abce90a44fa8985fd1ad6c4b7a8a7523ed91ee13706e1f8c219d8ab5845b21b599678d0c9d
-
SSDEEP
12288:QHSaBUrF5ODvDnijSrPtjDDu4D1NezI2WSkFh+IK0VL4RVyefwvqPI7o2z8ovHyO:QsUv7iQ44D7RL0wzmsR+WFeUxnjOUUe
Score1/10 -