Overview
overview
7Static
static
7a0edc8e43c...18.exe
windows7-x64
7a0edc8e43c...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...rk.dll
windows7-x64
1$PLUGINSDI...rk.dll
windows10-2004-x64
1$TEMP/Goog...ed.exe
windows7-x64
1$TEMP/Goog...ed.exe
windows10-2004-x64
1$TEMP/saay..._5.exe
windows7-x64
7$TEMP/saay..._5.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...rk.dll
windows7-x64
1$PLUGINSDI...rk.dll
windows10-2004-x64
1SaaYaa.exe
windows7-x64
7SaaYaa.exe
windows10-2004-x64
7DefragMaster.exe
windows7-x64
3DefragMaster.exe
windows10-2004-x64
3DriverMaster.exe
windows7-x64
1DriverMaster.exe
windows10-2004-x64
6FileShredder.exe
windows7-x64
1FileShredder.exe
windows10-2004-x64
1General
-
Target
a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118
-
Size
5.6MB
-
Sample
240612-rc66gaxfmf
-
MD5
a0edc8e43c315a4fa36acd76db7a2c78
-
SHA1
0184f1a13c073f2212d0eb8668613ce8047e829f
-
SHA256
c418925ae13f92b6b2f4eed0e0f140ec09f15e7aa50eaa6ea447b7808d71bdb6
-
SHA512
51613611795448c1db21ba6ca2b814bf9a6f6b10a7c45611299d0005d25199dc396ad7fc4476c6eab98f71ec98cc6c3f4b7a307010a003de9434b583d633ae27
-
SSDEEP
98304:BZMjFtWxY3u/tluC/jhB75ZtC2/WSfUxcdCJWW8Z6c0lsMo63kqNEK+mcq4Quw35:YtaYetUChB75XFWSRCJ38Epo4k47Qq46
Behavioral task
behavioral1
Sample
a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/processwork.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/processwork.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$TEMP/GoogleToolbarInstaller_download_signed.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$TEMP/GoogleToolbarInstaller_download_signed.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/saayaasetup_5.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
$TEMP/saayaasetup_5.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/processwork.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/processwork.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
SaaYaa.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
SaaYaa.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
DefragMaster.exe
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
DefragMaster.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
DriverMaster.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
DriverMaster.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
FileShredder.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
FileShredder.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a0edc8e43c315a4fa36acd76db7a2c78_JaffaCakes118
-
Size
5.6MB
-
MD5
a0edc8e43c315a4fa36acd76db7a2c78
-
SHA1
0184f1a13c073f2212d0eb8668613ce8047e829f
-
SHA256
c418925ae13f92b6b2f4eed0e0f140ec09f15e7aa50eaa6ea447b7808d71bdb6
-
SHA512
51613611795448c1db21ba6ca2b814bf9a6f6b10a7c45611299d0005d25199dc396ad7fc4476c6eab98f71ec98cc6c3f4b7a307010a003de9434b583d633ae27
-
SSDEEP
98304:BZMjFtWxY3u/tluC/jhB75ZtC2/WSfUxcdCJWW8Z6c0lsMo63kqNEK+mcq4Quw35:YtaYetUChB75XFWSRCJ38Epo4k47Qq46
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
eef9e469e8a30717974499f277d97e2a
-
SHA1
2d33c25984ebd9116beeb55cdde4c5c86c023e5d
-
SHA256
1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
-
SHA512
d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
-
SSDEEP
192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
d53886f68098c2006d8248993bb37d92
-
SHA1
a35fafce1a990ac4017ce6645b46917de0d25eed
-
SHA256
c7a089e0329523a307d5be32a8765b1c0409e49925965b9500d8a202b9e8b65a
-
SHA512
b36e22b22df42d55b1785d8ac26a637725f74708302404cc29adb3b7e58fe1fd109fe7f8bb5e3255455dcdc66eb46ef9de418cc200daca1ea84cf0c31c071ba8
-
SSDEEP
96:fiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8Cqp5tIRhElfL:fiqA7/ZH0uQMtcfCqbtQgf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c6f5b9596db45ce43f14b64e0fbcf552
-
SHA1
665a2207a643726602dc3e845e39435868dddabc
-
SHA256
4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
-
SHA512
8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
-
SSDEEP
192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f2c993a0c726386d72e4640967cef83e
-
SHA1
efe88db252b5e9edff2d859e783fcf1a349e553f
-
SHA256
6739a2c8075cc383620a867e983957de0b4ae9ef0453baadd1469132893d7301
-
SHA512
3873a87ba360702c72a6d3e853a0b6f2df219593cf5436d12a9d4d169029e939993c45330212008b628184da64ae98d6a7ab42b30d5f82c896acfc89d558169f
-
SSDEEP
96:qBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8XQB0NKndY7ndS27gA:q6n+0SAfRE+/8k0NKdqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/processwork.dll
-
Size
231KB
-
MD5
0a4fa7a9ba969a805eb0603c7cfe3378
-
SHA1
0f018a8d5b42c6ce8bf34b4a6422861c327af88c
-
SHA256
27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c
-
SHA512
e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178
-
SSDEEP
3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW
Score1/10 -
-
-
Target
$TEMP/GoogleToolbarInstaller_download_signed.exe
-
Size
215KB
-
MD5
3181e805c29fc2d1f8874cf4f5f862e9
-
SHA1
fd999fbaba6744f2b4cd881e51cb4b818982ecd4
-
SHA256
41c59bb80173675319776ca815b7ceaacbacf1da8e517f930eebd66773baeb91
-
SHA512
51803e45c4d8d8594dc7191bfc1098c4f17996cb998a5db6b33e9ff7621cc9fdd654621038c380675597f1a0f5b7fa9de6207bfe1b15c7265e646acbc70a176a
-
SSDEEP
3072:IqmQkDU0mmDTW77bB4dTg+0dBFFihCJz3/of4ineWIY4Fif5T5PB+haea:3PF0ry/8UIhmz65eWIY4Af1Aaea
Score1/10 -
-
-
Target
$TEMP/saayaasetup_5.exe
-
Size
962KB
-
MD5
fc11f6333e107f3baa48655c15a8afb9
-
SHA1
d587181beda0582dce175b6a7871ce1709b715fb
-
SHA256
2b365911eed6a512f302dc67e31fdaf9d897ee790fb6afdf88826d504c53d3a8
-
SHA512
86bbd276ff673454d257d036f17f1e13611e947bddc6dd98401b38f29f7b12c7c258b378cf135310563d8fb3eb00fdca723f20786a5b1e2116def67a395fb446
-
SSDEEP
24576:aBCbQEQ4Q8hsPdZLmTXlBGuNGeUUvLu4S:aEbvBhsldmzZBz9S
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
d53886f68098c2006d8248993bb37d92
-
SHA1
a35fafce1a990ac4017ce6645b46917de0d25eed
-
SHA256
c7a089e0329523a307d5be32a8765b1c0409e49925965b9500d8a202b9e8b65a
-
SHA512
b36e22b22df42d55b1785d8ac26a637725f74708302404cc29adb3b7e58fe1fd109fe7f8bb5e3255455dcdc66eb46ef9de418cc200daca1ea84cf0c31c071ba8
-
SSDEEP
96:fiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8Cqp5tIRhElfL:fiqA7/ZH0uQMtcfCqbtQgf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c6f5b9596db45ce43f14b64e0fbcf552
-
SHA1
665a2207a643726602dc3e845e39435868dddabc
-
SHA256
4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
-
SHA512
8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
-
SSDEEP
192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f2c993a0c726386d72e4640967cef83e
-
SHA1
efe88db252b5e9edff2d859e783fcf1a349e553f
-
SHA256
6739a2c8075cc383620a867e983957de0b4ae9ef0453baadd1469132893d7301
-
SHA512
3873a87ba360702c72a6d3e853a0b6f2df219593cf5436d12a9d4d169029e939993c45330212008b628184da64ae98d6a7ab42b30d5f82c896acfc89d558169f
-
SSDEEP
96:qBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8XQB0NKndY7ndS27gA:q6n+0SAfRE+/8k0NKdqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/processwork.dll
-
Size
231KB
-
MD5
0a4fa7a9ba969a805eb0603c7cfe3378
-
SHA1
0f018a8d5b42c6ce8bf34b4a6422861c327af88c
-
SHA256
27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c
-
SHA512
e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178
-
SSDEEP
3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW
Score1/10 -
-
-
Target
SaaYaa.exe
-
Size
862KB
-
MD5
c22225dbb3c1ea89a5ad348b64901d68
-
SHA1
ad1b47692e30c8cc8fcd53dc806ea9bcd7173215
-
SHA256
e387b0a9abe7e2092952a7894079a404d0cb0c122cd22fd80b6fe7a315028ed4
-
SHA512
924de9454b2fd5d3a6a45e1917665dcd62254f8a96bf129703c278b4ac832edc0fdcc7d083ba4ec9ffc3c789b859a3a1107f029c284afe29e51ca7115ef82338
-
SSDEEP
24576:SvWwWILSv/l2871T4Qhr5oyAMG8NaX8UI:SvWmLSv/l28xTt9VrCI
-
-
-
Target
DefragMaster.exe
-
Size
734KB
-
MD5
d9dbee73b78627544a24d49db7b5dc51
-
SHA1
35da7d0585706d973e1385477a9596cc80e079a1
-
SHA256
512ce6357791e72e4d6c8237e71f0a365671219adf13438b172923464f2ef64c
-
SHA512
c325ccc69eb28bcc85769dcafd6bcc784437acde95094c11ea0ea33663959c1b9fac826f72009b666aff0dae8625193d53fec46473665cdc493ba157055e3783
-
SSDEEP
12288:/O4cUJZE1TgdMV8OFqC5Im4XoBoPooPovoWooPpS9yxkS4nO3lRkRc4YFwjsWW0:/OHUGcdMVfAC5ImAoBoPooPovoWooPQL
Score3/10 -
-
-
Target
DriverMaster.exe
-
Size
320KB
-
MD5
938aaf3cce1bbe0c7a6bd5f0a78287f9
-
SHA1
9c95f74669195874170293ed6982f672beaa479a
-
SHA256
8a7764ae6c44ee711ff4d3889179cc03795919d66d62f6405736c9835e1672f4
-
SHA512
5476dabbe704af78f04f5d707b9815d1ba13f3fc0b60d7b747abd7bee513e4133fa56f8dc9fc5f8850869d514b0d7cdfd2ad87571fd3e8d4352334e2df75f84e
-
SSDEEP
6144:jGQghr5GcbIkzuAkt3LnH/DBivMKa5GQghr5Gcb:j4zuAkRLnH/DBivMK8
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
FileShredder.exe
-
Size
770KB
-
MD5
ff6b91f775b5fe6b10d502fad64407af
-
SHA1
a2c5bd1e2e2e95f7c2ac0897ae01e74110432b07
-
SHA256
d7fd69b5e74ed1535979e118acc5cff839939b889e6243037cbb66a2df2c4c36
-
SHA512
37a200a07624c1115fd098aa81f0ad4c1c877e815234d7cad5cb693046278d0e606264d648175847d69b081a89c37bff202a28ba6bf155ed1a7b7e02e2c324e8
-
SSDEEP
3072:/u9oMCdW/oCrKCnwS0xOwYaiPdq9fkUdQaj0LZwDrTJhCHkjgXQlO70UM1lBUnaz:/whwPQYDBSKaxjWfywhwPQYDBSKax
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Subvert Trust Controls
2Install Root Certificate
2Modify Registry
4Pre-OS Boot
1Bootkit
1