General
-
Target
9f0688568d98ab1b4f0a51dea14d1ac1_JaffaCakes118
-
Size
12.3MB
-
Sample
240611-wbbqdsvhnp
-
MD5
9f0688568d98ab1b4f0a51dea14d1ac1
-
SHA1
2a4650dacb4a735d75206f76baa2204c7d7542ba
-
SHA256
ffc673f964fb067cdbb7998e307f8811e6cc161392dccf6273d03cadfb4e7917
-
SHA512
b83b2cf014a864037c156433e1084685c67f74366af8948fc25417ce93270281a8fb24998cd4b251ba8cdaadce6c234e31211b1d846c44fb885191e062a2e130
-
SSDEEP
393216:fz0FvHEp1JD+PqDs9tM6Lj3+ivPLm4r6OV7uR:fYFvH6XneM6Lj3EF
Malware Config
Targets
-
-
Target
9f0688568d98ab1b4f0a51dea14d1ac1_JaffaCakes118
-
Size
12.3MB
-
MD5
9f0688568d98ab1b4f0a51dea14d1ac1
-
SHA1
2a4650dacb4a735d75206f76baa2204c7d7542ba
-
SHA256
ffc673f964fb067cdbb7998e307f8811e6cc161392dccf6273d03cadfb4e7917
-
SHA512
b83b2cf014a864037c156433e1084685c67f74366af8948fc25417ce93270281a8fb24998cd4b251ba8cdaadce6c234e31211b1d846c44fb885191e062a2e130
-
SSDEEP
393216:fz0FvHEp1JD+PqDs9tM6Lj3+ivPLm4r6OV7uR:fYFvH6XneM6Lj3EF
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/Dialer.dll
-
Size
3KB
-
MD5
18adbaf253b4483e59a94be06a9135e9
-
SHA1
e096e87c93c80077d9726a585e52af2d46fa61ec
-
SHA256
62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4
-
SHA512
2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
714e0ecd29f9ec555f350f38672726c7
-
SHA1
555b1492e782d7a30f280f2aecb64c642c1aaad3
-
SHA256
21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
-
SHA512
ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
-
SSDEEP
192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
28052e87fc73e2aad1db2db35eba62e7
-
SHA1
72e4c599b45605e36aa5fe7b39caf1eba531328f
-
SHA256
ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440
-
SHA512
7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2
-
SSDEEP
96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
960a5c48e25cf2bca332e74e11d825c9
-
SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876
-
SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
-
SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
-
SSDEEP
192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
14KB
-
MD5
a5a4cee2eb89d2687c05ef74299f0dba
-
SHA1
b9bff5987be422887f2f402357b47db2288a1a42
-
SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963
-
SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0
-
SSDEEP
384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE
Score3/10 -
-
-
Target
GLWorker.exe
-
Size
1.8MB
-
MD5
08af668061d4f89813d103c5d00b0f11
-
SHA1
a2bfb6753f5808159c128300bacfefc967c471de
-
SHA256
954f1d96fde795d5f9912d6a43c2a2f47e284fc56f4657b63ede14a67e5a512f
-
SHA512
19df0130aec210c1b1dc87541b70040fa0f2bab128fedc5a72594b830cfbe16e3a8dbdc9e59645684b3f5ac935fcbaf682ec751c021f8e47bd17f58730daca4a
-
SSDEEP
49152:JzroXxa1qMtyV1MtofJTsJgtI9OnfPd5wydwBQ:JzroXxa1qX8XJge9AfPSBQ
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
LuxorAR.ifn
-
Size
1.8MB
-
MD5
82330e8f15a93ffeab090fa8ba927ff4
-
SHA1
e35551e0429bdd1d59bee264910d0b10ef7fa9d2
-
SHA256
0727c4f7d2fbce25d26d5c56c2818831b252453b3d5e2b248e16c773dceb51d1
-
SHA512
b7c6fdb0090a55c8f9239f44b9318e4ec961fe4a10beeb13f9f2a859d5cc172c9594790a9f9054e916b3b75c154d6c649c1f223add44dbacce5d2fe370b20ddd
-
SSDEEP
24576:Z8tqYI1zdiL6J4OajbDcf+TG0KT6dultNmspPOlEOSUf/HboW5wydwPXGalpC:KqliL7kf+Te+e7muOnfPd5wydw/GalE
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Read_Me.html
-
Size
41KB
-
MD5
b73ea6a4f5460a97244ca9c834b8c9e9
-
SHA1
f2b41aa0747ba3ad8a61f331f8acee0c2e8abb75
-
SHA256
557979039b153ef19b45d6c405cb099922ebc4fe8dff8c4332aef11aed130af6
-
SHA512
92b0df76e5eec5bba5c983e859447994cbdbe059fe0ebc9547826ccfca1a893846fb6b534dbc26ef2e5a8c3d99e02203a5541234dc685d7348c595d9a95632f1
-
SSDEEP
768:hCqMou2vYoRUXTE7pdclzSwnqF7JKnYY8r74pg82WZT4fnBWF3eJ5+HaI5HaHJd8:rxBeE9zJnoF36Pu7J4E
Score1/10 -
-
-
Target
Uninstall.exe
-
Size
104KB
-
MD5
8e24e81ec36f0af96be7690081ede13d
-
SHA1
e33106e7e8d1abf7b2ec77799b5d46129149525b
-
SHA256
7492a2a9ae55c125a8534c849479fd9e46024526f22d7bdd11e43ebe4debd2cc
-
SHA512
c8ac2dbc293631a68c3d6f1de4dd49992825302cdfa53b45d87ef9063706dad43aa50d7e646b9a9157e2d2bc68dd8160c8913597df2f1fa381125ace10a02114
-
SSDEEP
3072:LCaZ2Yrb0VTXJYJmfnX3+aLYZWX3we6Z97:LCIo2sfnX3PYZwwe6Z97
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
714e0ecd29f9ec555f350f38672726c7
-
SHA1
555b1492e782d7a30f280f2aecb64c642c1aaad3
-
SHA256
21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
-
SHA512
ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
-
SSDEEP
192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
960a5c48e25cf2bca332e74e11d825c9
-
SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876
-
SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
-
SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
-
SSDEEP
192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score3/10 -
-
-
Target
core.dll
-
Size
56KB
-
MD5
9888f4f608d1fbd5cb440fd12ac846c6
-
SHA1
6e9d68202df8a8a1ef23d7b626e28a92d4cba11b
-
SHA256
678df0973f3132e65345aa4443c27ad9d59c10997cfe96489725d4659532974a
-
SHA512
6189e53d19ae7266cc76782a5dd235547a9e4b9cf469d0d21056882e00cb824df5744f92c9ade98ff3e7f24de7b56675f90b9a85043511dcd6ec04a16ba8cf51
-
SSDEEP
768:VprFS20OyoOjhEROHiyJVbDMVkqEA5hSo0nC/eFD:VpI20O/OuOCyJV8GqEA5enC/ID
Score3/10 -
-
-
Target
crash.dll
-
Size
88KB
-
MD5
569f0737f7c397c64ac97b0c5867caee
-
SHA1
571cd81dc71cd7fb08843df7865bd447017ddebc
-
SHA256
61264f22f15d8fc81395f8d5b02cd14b1f9fe4729677bc5649f9515951ea0fd6
-
SHA512
e5d51d0b00fe12ceca5b269b1cf82074c10012cd3a811a968bbc04bb0c99fc96ec896fd1698b5156996f42a954a7d0edc60f8e3328a4eb14c8a08a7c12a9732f
-
SSDEEP
1536:LMoVm4jFmop00m7WR6VTTQcSEB1I5BoLbwGjrbXsb4DAv:LMoVdmoQ7WwFQjFUVrjsEDAv
Score5/10-
Drops file in System32 directory
-
-
-
Target
dsetup.dll
-
Size
34KB
-
MD5
4f5f399a970a921f883975a2228a1c8c
-
SHA1
f2c39bde79a6d91f8e35dd4eee5ebed4573c5615
-
SHA256
0fdfff9a5db0bd4b16a9663a6616308c511a21e3bec0bbed60ddfa2597c73acf
-
SHA512
7a03587c77eaad433fb49694b9cabbc0bda8e8554a97ee3ec63ca09dd7df37cae0031c1b9b52ab4d76d45fd847adf5a7680bb0dc803166ce4fb4cfc12aa017ef
-
SSDEEP
768:7M0v0mWosSeNwRQy1E5MYDgZBC7Q3+jPJmEDUWe:7PdRzeNwp25MY8nC83+LJmEDTe
Score3/10 -
-
-
Target
file.dll
-
Size
28KB
-
MD5
c833ed61fc0656c6334b317e63122c2f
-
SHA1
97178b932f97ef9c1c9525466dfd6639cc704e5f
-
SHA256
82e02a026b3cdd5f37ce5f02a178f71abdf7f631279d73266b3d2ad895437bbc
-
SHA512
bf413638beb8c79835adeca56e5d9d6416b98df5efe753089f608c591457d9704f47f6ccecbc5478a2adb5e99500270aaee3ac1595b007032c07bc2215e19250
-
SSDEEP
384:4yxFATdh8tkiy8o4BsiZuZfhHNOS7j+k31MDok3:pxShYyvSUhQQj+w1M1
Score3/10 -