Overview
overview
8Static
static
30473fe0a24...18.exe
windows7-x64
70473fe0a24...18.exe
windows10-2004-x64
7$APPDATA/p...ok.dll
windows7-x64
1$APPDATA/p...ok.dll
windows10-2004-x64
1$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDIR/PPSAP.exe
windows7-x64
4$PLUGINSDIR/PPSAP.exe
windows10-2004-x64
4$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ps.dll
windows7-x64
3$PLUGINSDI...ps.dll
windows10-2004-x64
3Livenet.dll
windows7-x64
1Livenet.dll
windows10-2004-x64
1Livenet2.dll
windows7-x64
1Livenet2.dll
windows10-2004-x64
1PPStream.exe
windows7-x64
8PPStream.exe
windows10-2004-x64
8PSNetwork.dll
windows7-x64
3PSNetwork.dll
windows10-2004-x64
3PowerList.dll
windows7-x64
1PowerList.dll
windows10-2004-x64
1PowerPlayer.dll
windows7-x64
8PowerPlayer.dll
windows10-2004-x64
8General
-
Target
0473fe0a24721b1387628c5123341c28_JaffaCakes118
-
Size
2.4MB
-
Sample
240622-3v64zavarr
-
MD5
0473fe0a24721b1387628c5123341c28
-
SHA1
39e2d629466b2cdfaf0c3c71f0d7fec7aa9279ab
-
SHA256
d5591268aa16c9c2eb9c2edfaec9981da9fd142c28a6a0744de7427a29f58ee4
-
SHA512
a99a30c1b2e6820365d92b6c241c9e1b9b97b36a50f41d6257c4b306cd33318b985942f495b3fa88b5da1cf3f9cc477ef3790526c20b250935bfb35124817609
-
SSDEEP
49152:U33x46RiPDuQIGDjlIwkKjZSV69z0PUH8+bWIQvsz4HsNwmV:Az0umH6wD9I8Wbvs0MJV
Static task
static1
Behavioral task
behavioral1
Sample
0473fe0a24721b1387628c5123341c28_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0473fe0a24721b1387628c5123341c28_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$APPDATA/ppstream/codec/cook.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$APPDATA/ppstream/codec/cook.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/PPSAP.exe
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/PPSAP.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/ToolTips.dll
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/ToolTips.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Livenet.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Livenet.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
Livenet2.dll
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
Livenet2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
PPStream.exe
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
PPStream.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
PSNetwork.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
PSNetwork.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
PowerList.dll
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
PowerList.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
PowerPlayer.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
PowerPlayer.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
0473fe0a24721b1387628c5123341c28_JaffaCakes118
-
Size
2.4MB
-
MD5
0473fe0a24721b1387628c5123341c28
-
SHA1
39e2d629466b2cdfaf0c3c71f0d7fec7aa9279ab
-
SHA256
d5591268aa16c9c2eb9c2edfaec9981da9fd142c28a6a0744de7427a29f58ee4
-
SHA512
a99a30c1b2e6820365d92b6c241c9e1b9b97b36a50f41d6257c4b306cd33318b985942f495b3fa88b5da1cf3f9cc477ef3790526c20b250935bfb35124817609
-
SSDEEP
49152:U33x46RiPDuQIGDjlIwkKjZSV69z0PUH8+bWIQvsz4HsNwmV:Az0umH6wD9I8Wbvs0MJV
Score7/10-
Loads dropped DLL
-
-
-
Target
$APPDATA/ppstream/codec/cook.dll
-
Size
64KB
-
MD5
fa220dae3898b8578c34791648321a38
-
SHA1
12bdd5396e996d071368980d36ef6f6c7b39f936
-
SHA256
f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835
-
SHA512
9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34
-
SSDEEP
768:79rczOVJc8avUhcRxV6Sz+b2G90YnGZosMwCJtVSk7K+t6tj6tVDWVp3Ghv+Xb:7uqc8/aUSz62G9LnOnMK+t6tR
Score1/10 -
-
-
Target
$PLUGINSDIR/ButtonLinker.dll
-
Size
7KB
-
MD5
dd85ac7d85c92dd0e3cc17dfd4890f54
-
SHA1
a128fb7a05965c1a9913c6f5e419e6c4c0a7d2fa
-
SHA256
27abd2a4fb1bf66add60221b52d061bbe24d2d21e13600725ff7a5c6c777b504
-
SHA512
e4ff8216c65110a9d156f37c2062acb53a72daa8af12dfc24278920d9e1a4083a81b1446759df75405b2da34c7bfb1afc33184feedd0aee4ed73f79fcbb1a8a1
-
SSDEEP
96:q0GBDU3ADeEZlBLx6sWHCKGKVR3YXqNNtFa4PaaU4x:X53jEd2n3Y6NNtFBaa
Score3/10 -
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
3KB
-
MD5
8614c450637267afacad1645e23ba24a
-
SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2
-
SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758
-
SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b
Score3/10 -
-
-
Target
$PLUGINSDIR/GetVersion.dll
-
Size
5KB
-
MD5
b1e657d03702bfaedaddfa7547adbc02
-
SHA1
effa16ce36c73c5ce49020fded94a840c6c35482
-
SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc
-
SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a
-
SSDEEP
96:8TrfV4XT3gTyxtwLOU6Mx2UpBi46AQucH:8vf+XuvXxpBi46AQucH
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
3809b1424d53ccb427c88cabab8b5f94
-
SHA1
bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e
-
SHA256
426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088
-
SHA512
626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee
-
SSDEEP
192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT7K72dwF7dBdcQOz:i6JaVh4I5rpPbT7+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
997ae296af5b7ca9aaa52f6844075439
-
SHA1
9814f0b09219ac2eed875d842b9362c3b32bec6f
-
SHA256
1d74275fb0ddcb7c01a92c4ea5c7ef137cdfa0b48ae2b293f0ea178b355cbaa8
-
SHA512
a81ee17129278a185e91f6615da2d9e47940580fcaac3806ace17a0c0e48995f8e85de6deedcec502782141acd381fb7dd1c72a93fcd40112afadc3741572349
-
SSDEEP
192:u4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/126gszA:uysdM80dCI5a2LsQ5IlPNRY00AlACU
Score3/10 -
-
-
Target
$PLUGINSDIR/PPSAP.exe
-
Size
159KB
-
MD5
480549b16a13b1dc8a5508855854e574
-
SHA1
07a0ce4caf33b065872094aaaa6c6b0abd3287ee
-
SHA256
7545ce739383c9f86e233445ea16e60718faca4c143eb60bd7020e25c75ec01a
-
SHA512
0c10b02be85b8f5b4a8cd4b27994277a72f9355690f38a5c4711da0e2f198cd0ef1ef9b77272b228804ae389403e8f489304ce525895fd05d1ef1005e79d1aa7
-
SSDEEP
3072:05OAedV/rUxZ0pq+jPe/7rSLXUhgB+wCBA9Dl0nJjJYH:SO34xSk+jZ8IS9JI
Score4/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
32465a07028b927b22c38e642c2cb836
-
SHA1
309cac412b2ecf6a36f6e989c828afcdd8c7a6e4
-
SHA256
eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292
-
SHA512
9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff
-
SSDEEP
192:gO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1axgMO:ZKAFERdlxhGRYUzqZax
Score3/10 -
-
-
Target
$PLUGINSDIR/ToolTips.dll
-
Size
4KB
-
MD5
9a0da2692764bb842411a8b9687ebbb7
-
SHA1
5c3a459faa08a704bdf162476897ad4580ae39bd
-
SHA256
28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb
-
SHA512
814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed
-
SSDEEP
48:apm2+v7BWCLWQqLa7JZ0ZK59HXesxdrqZZSakw6/K:Ymjv7BWoTicJZ0ZKPHXVx1MOw6
Score3/10 -
-
-
Target
Livenet.dll
-
Size
947KB
-
MD5
4b7a6dd3eeeadf577d8ad89614e5317f
-
SHA1
3c691a3618429ed4a47705b5f7049c542307008e
-
SHA256
c2dd9d1d5b689cdcbe69b1799f15f1889d2a3817d7144ffd91f9b5862736faf6
-
SHA512
985551e1cbceff6e1d61f2134c9b02846d285a8e4c89784dc31a1b6e414c8915d18a0ae28726fc8216f69d092523b37b4b4411fcb2ed5da867cc02ab2a5d3009
-
SSDEEP
24576:Aj4uKVS/kfv9hMdFYbJckZY+AzJqmA22Y9r5q:8KVSgiFYJ/2pLq
Score1/10 -
-
-
Target
Livenet2.dll
-
Size
947KB
-
MD5
3cd5f5c0447abc2e7a63f6c6df224c85
-
SHA1
9bafa8f3cc9a1667383d8828ae6c7ded3889632d
-
SHA256
e6c2f51b8a5a2988e33c3a225d027d02ff1b35bb4492b586041c9059637e7e52
-
SHA512
7c0590a4c94ae8004a8425ca406b33700d50bfa98e3513bf40323a7fde311e4b2784a94d7cc9433db3e75d0a7bf26f4cb8b932403b6143e33d18907c050ebead
-
SSDEEP
24576:Aiv3zx6+98oc0kL0XPa0IHiG9iPQG8aGd517hL3X6WV:hzx6+9OB0fa0FGl1D6WV
Score1/10 -
-
-
Target
PPStream.exe
-
Size
1.4MB
-
MD5
ce0912f0f140bd06095d867439db4f9c
-
SHA1
e6df2819b2a49dade625c4520f7a167d8dcd5207
-
SHA256
f6a06d711c45d1ad3886a72f81c8cecac8ca4f00daba4a7d99bc7defda2a093a
-
SHA512
a920ead159dd52b2d40562fd7772dbd05ff27f8bd5ae5707263bc3f46168bf4b0e7b53d133efa6eb9d108fe936419e5415a4475acd468302a44396c389dfec34
-
SSDEEP
24576:4xZc/kJG9lcnRtllMYCFhbrMFAVyEVnzG/pxTho:4xZCJ9ObEFhbrMFAVxzG5o
Score8/10-
Drops file in Drivers directory
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
PSNetwork.dll
-
Size
339KB
-
MD5
3160bc03df9726d605aeae8d8aaf0e57
-
SHA1
0f0c53cb40f43c5e8315405b66104e146442c45f
-
SHA256
20159f64fb2613870a1c3fc4984f91299436d5b8cd990337dda99ef72b350e3a
-
SHA512
1d2319dd303b35a58d452498ed90278f8a151ad1b2f24c04c5c3ca5de350170eb4211f2d7403680559cea022dcd9a1cd950dc5ac8a81ce0db59a28749e1a54cb
-
SSDEEP
6144:jvusjL/twjFm+FLEutDP4DhvyNLkxnJv/e:r7jrtYM+FL9z4QNOF/e
Score3/10 -
-
-
Target
PowerList.ocx
-
Size
450KB
-
MD5
dfd1caeeb71056367f1484b5152bb9ef
-
SHA1
0b1711414fd6f9181d95771d5fed845907c1efc0
-
SHA256
63e751eba423498d4bbae69dd23f5c83690f19e4ab0fbba3bfa0a3b8bcf8cb83
-
SHA512
a8af2195deeac24536409374b6c3ef7154285d6224a957fee92dd0d3c34c57ee90a09c166bd15543bc17a59c14b855828e4c8a56563129e9c5075cbc0a4584b6
-
SSDEEP
12288:Yk07nb2EWUM5sGYEKh8hbACHlZ+HFPSc+vWD2R:Y/nb2EWUKHJ1Z+HyvWD2R
Score1/10 -
-
-
Target
PowerPlayer.dll
-
Size
598KB
-
MD5
3e03c7ff0f52ca76de56cdd0bb382a37
-
SHA1
66ce44175d190f0834e441ffc9e6c0a85ce227b6
-
SHA256
bb25a9352dc3495813f231110241b02a23cd19ff71642b8851485af78975921b
-
SHA512
a951cdb621ff0141e9919d3ff604cf2bbb747469ac1780042adcd0db359e4a3dd21d04d5bbaa33f80bffacd73ba99ad0342de4fc4eae8ec1bcc822bbb7609ad3
-
SSDEEP
12288:D2/ANXGKkgHEenFUHb3EbJxZgBpf3Kley:CcXzkgHEenFUHb3E1bgbfdy
Score8/10-
Drops file in Drivers directory
-