Overview
overview
7Static
static
7128d441a74...18.exe
windows7-x64
7128d441a74...18.exe
windows10-2004-x64
7$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
1$PLUGINSDI...sh.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$_12_/FtKe...er.exe
windows7-x64
7$_12_/FtKe...er.exe
windows10-2004-x64
7$_12_/Inte...11.dll
windows7-x64
7$_12_/Inte...11.dll
windows10-2004-x64
7$_12_/Inte..._s.dll
windows7-x64
1$_12_/Inte..._s.dll
windows10-2004-x64
1$_12_/USBS...Cn.chm
windows7-x64
1$_12_/USBS...Cn.chm
windows10-2004-x64
1$_12_/USBS...En.chm
windows7-x64
1$_12_/USBS...En.chm
windows10-2004-x64
1$_12_/cert...BC.exe
windows7-x64
7$_12_/cert...BC.exe
windows10-2004-x64
7$_12_/icbc...ey.dll
windows7-x64
1$_12_/icbc...ey.dll
windows10-2004-x64
1$_12_/icbc...ey.dll
windows7-x64
1$_12_/icbc...ey.dll
windows10-2004-x64
1General
-
Target
128d441a740f4c420991d627f850352a_JaffaCakes118
-
Size
3.0MB
-
Sample
240626-tda6javakl
-
MD5
128d441a740f4c420991d627f850352a
-
SHA1
ec78d8e41c530501a97052fc4ea8596c4bc1deb5
-
SHA256
0c94282940077f10fec890543908a14aa04622af760579faaffc3a9c649a9a87
-
SHA512
8c614ec0e7a22c9672ab8722ec8fbf6efaec870bc027f36ab40136d685dc3548e5119aa9ae95555b1ca63f52fe6e5caa0e089c31b3c7b469f0dfb77f933ef9e1
-
SSDEEP
98304:JDTGczRsYRqQOjRzormaPCx6Bgocsuvr39R0xdfPg:JDTGsRRqJOmNzocdjQdw
Behavioral task
behavioral1
Sample
128d441a740f4c420991d627f850352a_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
128d441a740f4c420991d627f850352a_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ESNsisPlugin.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ESNsisPlugin.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/newadvsplash.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/newadvsplash.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$_12_/FtKeyManager.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
$_12_/FtKeyManager.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$_12_/InterPass3000_ICBC_CSP11.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$_12_/InterPass3000_ICBC_CSP11.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
$_12_/InterPass3000_ICBC_CSP11_s.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$_12_/InterPass3000_ICBC_CSP11_s.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$_12_/USBShieldHelpDocCn.chm
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
$_12_/USBShieldHelpDocCn.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$_12_/USBShieldHelpDocEn.chm
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$_12_/USBShieldHelpDocEn.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$_12_/certd_nps3000_ICBC.exe
Resource
win7-20240220-en
Behavioral task
behavioral26
Sample
$_12_/certd_nps3000_ICBC.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
$_12_/icbc_ftusbkey.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
$_12_/icbc_ftusbkey.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$_12_/icbcgm_ftusbkey.dll
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
$_12_/icbcgm_ftusbkey.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
128d441a740f4c420991d627f850352a_JaffaCakes118
-
Size
3.0MB
-
MD5
128d441a740f4c420991d627f850352a
-
SHA1
ec78d8e41c530501a97052fc4ea8596c4bc1deb5
-
SHA256
0c94282940077f10fec890543908a14aa04622af760579faaffc3a9c649a9a87
-
SHA512
8c614ec0e7a22c9672ab8722ec8fbf6efaec870bc027f36ab40136d685dc3548e5119aa9ae95555b1ca63f52fe6e5caa0e089c31b3c7b469f0dfb77f933ef9e1
-
SSDEEP
98304:JDTGczRsYRqQOjRzormaPCx6Bgocsuvr39R0xdfPg:JDTGsRRqJOmNzocdjQdw
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/ESNsisPlugin.dll
-
Size
40KB
-
MD5
e0dfe15ba0ec3e83dd8915994ef2786a
-
SHA1
fbc3c9284b6c66407971bdadf1a16e22b643ed4a
-
SHA256
8a5e04a59be25eb8cc22d2ebe40b90e116b3a76f387e6b7e6d4755dc90376cdf
-
SHA512
74627cbcb4f2b689dbcc76fc7fad6d141a7749d09ac25d2fab515ecf775d3ed7fd03b5daf8cb041401dc6f59be80a4f03350e0ec4a07e7c4655c33fdf7613472
-
SSDEEP
768:HIZ6DJnhzmqgdTCYaOi8JTdrhEY2ZcgJVxcAs8gyIl:H11hSqgdTCYaYJ94nJbc40
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
24KB
-
MD5
24386f3f810c1da89bc3b3db036a20c9
-
SHA1
932cbad4b7c0259fbb66ea7eea1f7e53987443ad
-
SHA256
d0c8eba5022201455e066a7ff97568a446b1b74baba75392c1ea8e020fc911b4
-
SHA512
13fa7728d467e9e4fb4a9060b9dbc6d855feea333400dc520923eeddd3815e2ff18bd282df955642749c134ea8c499d5a22911e91c613548c7129885266ede9b
-
SSDEEP
96:QGYEiykfI3qbE12xxvTEoNon3xnr+2CmutM:dYOh2bTDNg3Nr0D
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
301a9c8739ed3ed955a1bdc472d26f32
-
SHA1
a830ab9ae6e8d046b7ab2611bea7a0a681f29a43
-
SHA256
6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92
-
SHA512
41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094
-
SSDEEP
192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
e47edd32aa6f55c5e0f3d7807ef7801e
-
SHA1
a09626786256653c23d3c704417caf4a5f584759
-
SHA256
4a775a8062dcbd2a960076af0395c8182523d65ab1bcf3da3f77f94d31051568
-
SHA512
f7543ae3e73d29a83f80deabd5e5ace19cbf1a150bdf888ac35a5c64ba32a3261dd7644475e4a18e942808f4ee8ed73cf11c4bfae44f27473ea40989752b1167
Score3/10 -
-
-
Target
$PLUGINSDIR/newadvsplash.dll
-
Size
8KB
-
MD5
55a723e125afbc9b3a41d46f41749068
-
SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
-
SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
-
SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
-
SSDEEP
96:/VV0Rwtvrm2nQujIvP9dir3UniV/zRzVR3rN3k8Jd18tsPcaqhx:/VV0KtC2yH9d83BzVR53kEQFaq
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
b0165587c54350b6c9910e765f16ad9e
-
SHA1
fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f
-
SHA256
26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563
-
SHA512
2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b
-
SSDEEP
192:bzQhZDqlJcKISw99ioU3MSfwLF/+nhHUOFsdz:bzoZDGKYw9goWyFGBUVz
Score3/10 -
-
-
Target
$_12_/FtKeyManager.exe
-
Size
630KB
-
MD5
153934b01ba6c2033d67239d0e417714
-
SHA1
6ed98cf1e4a6615a9b874d7f4067ff1f4cd4a825
-
SHA256
b982158ec02b74e812258e6e6dffe032f42318534de8a45dae27189d7970b21d
-
SHA512
cb07791079e798254d10ef2eac0948bdd1810f472b97c673948e127b22728d8e943a3b2dcd950718829739f421779e494b210e91e1ea14e4b357b705a594d83d
-
SSDEEP
12288:eEmoO/K3GKsva2vVxCflMlUrwA9tZFcHf14GRTh+1:0oOCGvtnCf7tZF8N3e
Score7/10 -
-
-
Target
$_12_/InterPass3000_ICBC_CSP11.dll
-
Size
918KB
-
MD5
4771f345a2383e59495edc78974e95d6
-
SHA1
32bded447fa715be65e1ddf34b835f57e36b9930
-
SHA256
9c02c342658a459c72101f09791a7dc735ccfe8c7de1184606135da853de87bd
-
SHA512
e6bf0efad5468b17f037a2f8795a90d53772594c5517427a96b32f54f8629bd73f1db2962f8cfe16a1bf0a46f15d976a8a28a02e6292c73aa26b881a8c71c3e6
-
SSDEEP
12288:sTfAyz3F2WXGOxCjVrak6QJAcFbHrOW11iX6E7G5UWpd/hHCxLVAylKzFb47+NQn:6jz12WnojRz7fNL3114NG2MdEYTi7JBj
Score7/10 -
-
-
Target
$_12_/InterPass3000_ICBC_CSP11_s.dll
-
Size
10KB
-
MD5
6b27956ba886ee230281d205e09e91a9
-
SHA1
d5c7d9297df241b52573d03185a66528a84f5488
-
SHA256
3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f
-
SHA512
e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a
-
SSDEEP
96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH
Score1/10 -
-
-
Target
$_12_/USBShieldHelpDocCn.chm
-
Size
70KB
-
MD5
d5b033ad673268e08b300662981659bf
-
SHA1
be4e18becd2b8add21dd4919d9d719add56f7ccc
-
SHA256
8417b9498ba7006a222fcc268e595fe959ed1e2f45cc9bc1d859efdf63905f38
-
SHA512
c0e17e51556420225b0fb2e21dcf65f39fcd83c0ab834a3f810c5616adc07123daba3977ac892500741e07de806338c569c19decef057c212440467970843dbb
-
SSDEEP
1536:HDXpkNNp5+s3Hv+t6vIBUHeSaLeMkilBy2pZvHkqCITJcm5+8b:jXk+IPJo7LlI2pFEoNcY
Score1/10 -
-
-
Target
$_12_/USBShieldHelpDocEn.chm
-
Size
93KB
-
MD5
d72b5f96ca995fa0f4e61753215c5366
-
SHA1
52ba5beb5187eefb90c36d109a8cd3b0e63c6ffb
-
SHA256
f30c988353d70d874a83af41d8dc5e8a16a7e76a6aee09ebd5eb41a33936dfde
-
SHA512
e8ce6f7001d61f3d6980179c3019231bb26b4a7d4ca1273ff42b3cb2ae3aadc86e00a94b895a34ff487f436fa67fee49a000c38684f383e07b6b4f8dcc52c01e
-
SSDEEP
1536:fC+28mpxdC6PgU4F6NXMZVNCTMAvUQe0UA5CVBEhUm8m7jTSbKPD88:alCcgU4EcZEG0BCrsU2jSQL
Score1/10 -
-
-
Target
$_12_/certd_nps3000_ICBC.exe
-
Size
403KB
-
MD5
8540e5bea2674ebc0f64b3912a746c86
-
SHA1
de2a6a6044d87caa4db8d799d133bb11d17fac53
-
SHA256
f96f638219758f7c54f4254b717098affa4a6e66a43ad2cefc2a169e91f3506f
-
SHA512
8fc3d55d705954780afb6cf01fa6680aad72b0fbd66e52f634f97d50318ce17e84483826d953fbe79f9b2f38aba807eef9a039601c342b3685c5b192984988e6
-
SSDEEP
12288:40xHA3DyktGMII48LbMSmQU2pSE4Un1qL:+yeI6YLQU2pS1ku
Score7/10 -
-
-
Target
$_12_/icbc_ftusbkey.dll
-
Size
129KB
-
MD5
daf299dba1134139ec7e54776a5f2138
-
SHA1
ca4df809c02534ba611df446a9d530bcb8fc4537
-
SHA256
afdf9d8609d8bdbe82a0a91631a1e94f2912685ee4ab01ec6a5cd87fdc682956
-
SHA512
76f5439830628cd47a34445681a62c2d624bb29645e04a36e68c9340150200cc99c79814c758786014b23f85c44ca14ae9e9dd5954cc02896798c8463f71b41f
-
SSDEEP
3072:CNarWxkl/Pw62vohwLpTuL5B5xI3gpM5VpxOK:CJW/PwAEpO59f0POK
Score1/10 -
-
-
Target
$_12_/icbcgm_ftusbkey.dll
-
Size
244KB
-
MD5
39f3f0b3c13da77d67de06c75ab46241
-
SHA1
44eb1e35ab05484dfd8cdfe33920ce2a315eda88
-
SHA256
93fb6803c6168aa79b05e79d5430b19cec18e74c7b831d49503978611b88c1b2
-
SHA512
33e59045a4b5cbaeff479886fae92f3b81150ec4aca394f37c8656e7defeb613d44fe7f613565dc18ef5ba6a3543eb863eb677b39b7fa0b4be512af1ca014106
-
SSDEEP
6144:zg4NqGzLLJ4ckSbQo+w5ead7napf1fbhkTaxJK9:zg3GzX+nE0Iap9FkOJI
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1