Overview
overview
8Static
static
3b418c5e9d9...18.exe
windows7-x64
8b418c5e9d9...18.exe
windows10-2004-x64
8$PLUGINSDIR/BHips.dll
windows7-x64
1$PLUGINSDIR/BHips.dll
windows10-2004-x64
3$PLUGINSDI...re.dll
windows7-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
1$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...rt.dll
windows7-x64
6$PLUGINSDI...rt.dll
windows10-2004-x64
6$PLUGINSDI...UI.dll
windows7-x64
1$PLUGINSDI...UI.dll
windows10-2004-x64
1$PLUGINSDI...ck.dll
windows7-x64
1$PLUGINSDI...ck.dll
windows10-2004-x64
3$PLUGINSDI...ty.dll
windows7-x64
1$PLUGINSDI...ty.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
1$PLUGINSDI...er.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/log.dll
windows7-x64
1$PLUGINSDIR/log.dll
windows10-2004-x64
1$PLUGINSDIR/log2.dll
windows7-x64
1$PLUGINSDIR/log2.dll
windows10-2004-x64
1BETManger.dll
windows7-x64
3BETManger.dll
windows10-2004-x64
3BEVMApi001.dll
windows7-x64
3BEVMApi001.dll
windows10-2004-x64
3BEVMEngine.dll
windows7-x64
1BEVMEngine.dll
windows10-2004-x64
1BHips.dll
windows7-x64
1BHips.dll
windows10-2004-x64
3General
-
Target
b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118
-
Size
21.0MB
-
Sample
240616-savkbs1grr
-
MD5
b418c5e9d972d76de2fbf0bd68237c77
-
SHA1
c33ff841d7cd1b3c904a7a958271b1c29c7042b3
-
SHA256
879b766e2a825617f674964cef9f6db5b44de7b9db6b2b9b2c6d0e4d7b068989
-
SHA512
c884f37b987ba040609553491118b74410e75e04f373ae768c8dcbbf75c768833e3ec2a7d0d1da9ebc1c1d404d545a3286d58275db9a6097727687dbbd619a3a
-
SSDEEP
393216:8IQGgoYzEgFvXbDOMc6m9oFG/HKA0/sJW7ooIsu+fe44F29y+MsdxoanmcDkIlm:8ZoYogFvXGMcBwGvKrs4Mj+Uxmxl1YIA
Static task
static1
Behavioral task
behavioral1
Sample
b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BHips.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BHips.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BaiduStore.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BaiduStore.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Communication.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Communication.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/DataReport.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/DataReport.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/DirectUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/DirectUI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/InstallCheck.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/InstallCheck.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/InstallUtility.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/InstallUtility.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/LogReporter.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/LogReporter.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/log.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/log.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/log2.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/log2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
BETManger.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
BETManger.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
BEVMApi001.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
BEVMApi001.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
BEVMEngine.dll
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
BEVMEngine.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
BHips.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
BHips.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
b418c5e9d972d76de2fbf0bd68237c77_JaffaCakes118
-
Size
21.0MB
-
MD5
b418c5e9d972d76de2fbf0bd68237c77
-
SHA1
c33ff841d7cd1b3c904a7a958271b1c29c7042b3
-
SHA256
879b766e2a825617f674964cef9f6db5b44de7b9db6b2b9b2c6d0e4d7b068989
-
SHA512
c884f37b987ba040609553491118b74410e75e04f373ae768c8dcbbf75c768833e3ec2a7d0d1da9ebc1c1d404d545a3286d58275db9a6097727687dbbd619a3a
-
SSDEEP
393216:8IQGgoYzEgFvXbDOMc6m9oFG/HKA0/sJW7ooIsu+fe44F29y+MsdxoanmcDkIlm:8ZoYogFvXGMcBwGvKrs4Mj+Uxmxl1YIA
-
Creates new service(s)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/BHips.dll
-
Size
639KB
-
MD5
83b138b4a08d2ff1a7ab676e4361094e
-
SHA1
78be1099c2162fb01c573a19b45254e66a56de17
-
SHA256
fcec446562838780eef67d75d2a5bc7352629790b03c527f89e4ea7aeb6f62c4
-
SHA512
ccd46c6281cfbeb1b3db2704c83df2455ec92bbc687d129196dbba5aa6f42b336283e930118e51d4c091d974a7f17f94bab16c1f980f62268c4acc78bb841ac9
-
SSDEEP
12288:uSFTjQa8P6cYmQDYRqKvGaNqAQe8KKfdpo2QN+QZQZ5QQ3KNR6:uS/ogcpoq2QN+QaM0CR6
Score3/10 -
-
-
Target
$PLUGINSDIR/BaiduStore.dll
-
Size
1.3MB
-
MD5
4f0a89c68d582239e568e0122f12378b
-
SHA1
44485f429e15f9fd4708da343db426af4798f4be
-
SHA256
747cd184c27adb1785df6d9a7c607284a22834aa7a6d7bcc87477916dab252fd
-
SHA512
ffb75a692cf12712419ced6830c51def360937b38fe7598b5358ea397982e0224eb59222e1b79887f6009b53301fcb1f16dd1b086944add62a2373ebf3648c0a
-
SSDEEP
24576:UjrBoAkdufuFN1EqEPawGrJIlR7bKiyZipKvz7Zfnn0Bdd9Xs2CvrFTeAm:kBoADfuFNCqEgJIjByZiwvz7Zfnn0Bdd
Score3/10 -
-
-
Target
$PLUGINSDIR/Communication.dll
-
Size
294KB
-
MD5
57fc31f4ad5ce35a28e880f78416dac5
-
SHA1
d30f12ea9e254afbb2f3ed1ef82dfbc24ba2b7a3
-
SHA256
82bfdb645c71e49b1374b57f2751f5c2a884649ed35d8ea007d9e7a4b0118d16
-
SHA512
b251d83977aea1f0c97477b4a18a7a2ecbc18fe08c1be367e8e8dba7b0d473894fd9986e6390dd2959c8af7a164998168d7c2846c59f34cbdd2edd6980a8c3a7
-
SSDEEP
6144:ROU/hnnE4SfxXuQnvGLLHSmB67dA/TM5Kve3+yh:ROU/hnEP9uSv4LHSmB67yY5uSr
Score3/10 -
-
-
Target
$PLUGINSDIR/DataReport.dll
-
Size
370KB
-
MD5
9dec9d48b6749a5fc79ea490021c7a8d
-
SHA1
23b213582737fada606ffea7dc746c7e4ab152a6
-
SHA256
7f49ce3c95bb5cc8eea15076f06e1253cb38fd10022cf3393a1ee63f23599872
-
SHA512
6965068fbb47063caf5208539dc83961660615445f422d48efc5669f87d576865f3f9d728e9a6ef9993672d58978e3413e0356e816a3b0be6b098c484a8a0a8c
-
SSDEEP
6144:oLBRmIPFf5dvUTmnyHWGOVYlz/TsyuqAPhPLXDR5L0425291Fi:oLBMCf5ds39TZuqAPhPDFOg1Fi
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/DirectUI.dll
-
Size
898KB
-
MD5
f0b7e7337e0bb970ceda79b1dd22402b
-
SHA1
c267d44b6f0727a58610884abcf3ee8b1de11fa7
-
SHA256
91832c2d5d3ae7360bb744b35ae3a5dd4548d9b4a52a3272314b2aea24a7df9f
-
SHA512
59471a5f8c36fdf17b5e72ed0c7f3d4f3e43db584e4a5c3fa8ecec15de42c40825fdbeeb5b10aeddf21e530bbd5d7248ba4e5c1e1ff588cdf4c2861535ed7a05
-
SSDEEP
12288:twI/5HoxVSXDbbUEicz/NkUIvgbWaUwYCJdjtpTRhumfet:h/dTXzUEtzH73YydrTaaet
Score1/10 -
-
-
Target
$PLUGINSDIR/InstallCheck.dll
-
Size
47KB
-
MD5
0a37ea52ac8931bc0a89cab3830a2230
-
SHA1
1743a791543468f6afe9ba22843ab6d95a0c3331
-
SHA256
07c15067e428feb27a9c84f9fa5ab46436c9438cdddb63785167ca12c9966be3
-
SHA512
c2acdd9061b488b376a23de9e1e3090210a44413c1edfd9933a32e0130f0c84f14381b814be53f7082676accae56cb7c44f6afdb98abeeced16f7dd4939e97d8
-
SSDEEP
768:crlLZtBk8WguppPi9bQs5krizQpd0+KC8gYURs:crldb6Di9bQsCtE+GgY8s
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallUtility.dll
-
Size
1.2MB
-
MD5
05490f52c1576afa1465866f515f5409
-
SHA1
53cd430a845d799a4c0c418b0ff2aee9a2b12885
-
SHA256
abd182b1b8b9473ec3090cb09b137f2a1d07426754ea8f462be59c22628a3c02
-
SHA512
e1f72f1c651d9603e6ed6ffffaf70af593aeda21582b7fad902981ebfd2befbddb2a131a918cd0a5703b241cf3cf2bdd07083727238af9d18274219f70398499
-
SSDEEP
24576:cveHKWwCGFqheAJKgXf7/AxCfeqgJ4CM9c/45b:+kKWwCGwgGf7CCfaJRIc/45b
Score3/10 -
-
-
Target
$PLUGINSDIR/LogReporter.exe
-
Size
509KB
-
MD5
38d32107ec85918a171846050694ee47
-
SHA1
4e66d40f7a6d56c95c4a8faddbcb3feefeb16e1c
-
SHA256
260989602417921d3beafb9e77cd6b02c883b5965f0c226893d1bc6b0affef5a
-
SHA512
258fa20e708f5f6f21871182a27cd3211e1e4c28f474a02f2d17f52d9abde64d18721fc445a15db33d545934c3cf6fb608770361c56db6382975f59c28d20858
-
SSDEEP
6144:bV0XJOQ2ZjQu6I4vYM8gM+RSQYWMsM3Y+WhTn6U9nF75LJC31l1LBPImZW5/uIa:bV0Y+vBJ4dsUY+ATn6U9nF75IDwme/Ja
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
959ea64598b9a3e494c00e8fa793be7e
-
SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0
-
SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
-
SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
SSDEEP
192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score3/10 -
-
-
Target
$PLUGINSDIR/log.dll
-
Size
112KB
-
MD5
bd73584f746bb8a07e0c31aabde5b771
-
SHA1
c9eb3a9977f6a0123b219a7683a150a24f72016e
-
SHA256
0f63c1f9e3665842f9ab1e2f09b5b5e9a99615115cc667b2a96f732f9e77e524
-
SHA512
0f0f61f6fc656faef0931d4e0568fd13f6434dc474940c81a2510ffe9e394a7253d4ee5118b33fce5b5a14a9d4ab0a8b9f08621905a101bcbb274562472d1a6c
-
SSDEEP
1536:qIvp0z02aHT84ZdInLSmMRijh2O+Qt98e62snov2kxh0T1jd3KeoZ+pPrA:jT8/t4MoRhQeoZ+pPE
Score1/10 -
-
-
Target
$PLUGINSDIR/log2.dll
-
Size
343KB
-
MD5
b25dfe28f79f4a88d6f4b039fc00f0dd
-
SHA1
dc969cbc6d3992b70f5651a63e98608a063fe417
-
SHA256
b1fca533fb6257b5ea1da1b734223a4de68ac9b1cb3f9d5fd647f56c55db0768
-
SHA512
1040cc9971853045f55ca72506c60b1fe09b1936c76c417bb67b3609afc0366ae2396d4296166e1c23922f38ecc67a5e918d42740fb479d6e5cb4b044edde427
-
SSDEEP
6144:mPdLUzK0rJltsto7/q0eHB9tAoQA4ec2uDH+oDWwFGn:mPdLUeceto1iB3AoQA4e3uDH+Bp
Score1/10 -
-
-
Target
BETManger.dll
-
Size
581KB
-
MD5
0b1ea33835c27988f6ce672825c9c353
-
SHA1
69eb77604360599e4812ab6aa7c1820f6487db20
-
SHA256
388a97732ecf6b6bdd117d271b197872246f014587385af4a6f6fc639cc5239c
-
SHA512
0b6e608ddd552951dee60f5b21ae54108b3650b83cad6c15754f088f0cd198c4a93f0308c5fad065880a039a9c173de29d59480ce62b2d934700c92f75b4104f
-
SSDEEP
12288:ZwcK6iZrXA1DttLwU7SyLMuRxWLv4Su0jb+Z/Gxn14MAdHd5bp3k+KUTFznHBfRf:r1B5bpPKuFThRUTe
Score3/10 -
-
-
Target
BEVMApi001.dll
-
Size
360KB
-
MD5
a11d3e37f1c15e08065076789a58c550
-
SHA1
10b9c65150ba5320f1f7002c04bbf13c51f57a0e
-
SHA256
6d74ee58158aa60f26bd90b7fbfc31457273d1630bfb8d81a981d768d7061cb9
-
SHA512
f81061cc04b96904840cf248331e701939acefbea1ed06699d46e84447fac7f1130d23fae5a77e8d3cdaf0f67b78ba639e471fdda8370a6e7bf9e5d3b2318140
-
SSDEEP
3072:60heWlh/hxhlRSGjO1C8WWoYCDZSioDxfy7lTktieyCAou8hreNcJWX3eOez4aiA:VR/hxhWGjeC8KAqCfuo/JWXup4y8TE7
Score3/10 -
-
-
Target
BEVMEngine.dll
-
Size
860KB
-
MD5
21276ce6f37900a7bc7101f7d3916308
-
SHA1
18bf30c5fbff86918c792887878724c5104c9fb7
-
SHA256
30bc0bc81bc8e9c77c143a0dd13c534a497e3284843aae1c23306228c504a21b
-
SHA512
da652ccb58f5afe3ab781b7a9dae4fe1a95231da94e049cd999697c6241f6b9235c8f35b12b9573db6a3ddfe830cf0e70c8aadcd873bcc957aa2eb04718936b7
-
SSDEEP
12288:7wuIIE7SVII2jSlgQLEkZBaFZVpUQlJpG995YXJUL9KKKKztKgJKKKKKwKKKKKKL:ES72GAkZBaFZFlJp895YZULEIQA7
Score1/10 -
-
-
Target
BHips.dll
-
Size
639KB
-
MD5
83b138b4a08d2ff1a7ab676e4361094e
-
SHA1
78be1099c2162fb01c573a19b45254e66a56de17
-
SHA256
fcec446562838780eef67d75d2a5bc7352629790b03c527f89e4ea7aeb6f62c4
-
SHA512
ccd46c6281cfbeb1b3db2704c83df2455ec92bbc687d129196dbba5aa6f42b336283e930118e51d4c091d974a7f17f94bab16c1f980f62268c4acc78bb841ac9
-
SSDEEP
12288:uSFTjQa8P6cYmQDYRqKvGaNqAQe8KKfdpo2QN+QZQZ5QQ3KNR6:uS/ogcpoq2QN+QaM0CR6
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1