General
-
Target
1c18452b1960318fe87a6925d7346ff4_JaffaCakes118
-
Size
12.2MB
-
Sample
240701-xcs7hatbke
-
MD5
1c18452b1960318fe87a6925d7346ff4
-
SHA1
c5d4d8f4b18b6c0b811c4ca76f09d34c4b5bffb0
-
SHA256
f789c2e563491dbd82b480d1ad734d622cb8fe992428167d578f0df3c4e52c6f
-
SHA512
e2783a84f9adffec62662f7ecefff8839735491608c4442723203da8f9db2b9e476264be02cd3eaacb1fa04dbe71dc12c6396dadf89e5af69d0e7785d2ef7ce7
-
SSDEEP
393216:YR/GlPR31TsjWEU3BkMji85fOiNii2QwZ:IoR1TsqEwkMji4fnvTG
Malware Config
Targets
-
-
Target
1c18452b1960318fe87a6925d7346ff4_JaffaCakes118
-
Size
12.2MB
-
MD5
1c18452b1960318fe87a6925d7346ff4
-
SHA1
c5d4d8f4b18b6c0b811c4ca76f09d34c4b5bffb0
-
SHA256
f789c2e563491dbd82b480d1ad734d622cb8fe992428167d578f0df3c4e52c6f
-
SHA512
e2783a84f9adffec62662f7ecefff8839735491608c4442723203da8f9db2b9e476264be02cd3eaacb1fa04dbe71dc12c6396dadf89e5af69d0e7785d2ef7ce7
-
SSDEEP
393216:YR/GlPR31TsjWEU3BkMji85fOiNii2QwZ:IoR1TsqEwkMji4fnvTG
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/BrandingURL.dll
-
Size
4KB
-
MD5
71c46b663baa92ad941388d082af97e7
-
SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421
-
SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e
-
SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$SMPROGRAMS/ÎÞÏÞµ¯ÌøÇò/ÐÂÔÆÈí¼þÏÂÔØ.lnk
-
Size
344B
-
MD5
4c2a7c403e0c28333f645a363f606da8
-
SHA1
fe61f5e318e323fab9af329245e4bba6128aa5c6
-
SHA256
c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14
-
SHA512
8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5
Score3/10 -
-
-
Target
IFC22.dll
-
Size
196KB
-
MD5
aa57c6dd0bf8ceb8b71c873b6b7cea3f
-
SHA1
4a87cc376d213ad9215caf1673fb80287bc91b86
-
SHA256
1c371720e18d0e910170ec5e29f7b92c96d1498a0b2ec97b2455d926909d4ed6
-
SHA512
cd5c06cbb19c736210586349007c11e54364599e575414fdbdc795b3b6389952a587326301e2d192320e7f556e0fad5002dfb33b334e6939c595d5bf77e7e840
-
SSDEEP
3072:aVUIfwPn5kHMW7ksb3ThBSdQvdgcUZmTpbU1JeoVsCDAlg:vz+nlb3dQdEgcUwlQdkl
Score3/10 -
-
-
Target
ReflexiveArcade/ReflexiveArcade.dll
-
Size
948KB
-
MD5
5df9b87dff99847624727707a0e587c6
-
SHA1
e5c557e21d94f7a74428d07c65608efc667e1ed0
-
SHA256
839ec073f85eede6c7c54fb76cd219b059cf901762976bc8519cac1128fea669
-
SHA512
976f37af9f464086fe90bb23a7cd5f61ab12f22b901e0cb21923a3f980a1f084d3861008bbfd8e8ff5ad1e513d0eaf560648bdce6456f6b57f3da78466350724
-
SSDEEP
24576:abXC5u9nKIfaCMbWoWlk4HRR+i7sZ8CW5kpEJSbwgilJ+5t6riO8gnOpl4Cjs9t1:8VnKIfaCMbWoWlk4HRR+i7n5+5t+iOLh
Score1/10 -
-
-
Target
Ricochet.exe
-
Size
1.3MB
-
MD5
ad0a51b0b7cb5a448b31778796f3405d
-
SHA1
f513e72f41dfb0e49c13f979b1dbeb3de9c843aa
-
SHA256
559ead4b61f542d80b9c2d5d927f2eb6a4aebdc8ff8231fd621f636bc50d01e1
-
SHA512
1562d9c1c8e4201107b615e44e8ee24d927b24a761d6001814c61a517567703cffafcee18f7500cd7ca80bf4001ae120f318cfa18135b5ce25470818948d5816
-
SSDEEP
24576:B9mtTr7oGT8eHiuVwIzWptSQI4T4yRmS2xHLuzMgtZeKhyDjsyIACq:uAv+z+SQpoVLuYYYDj8q
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
readme.htm
-
Size
62KB
-
MD5
e77f5ba6e71a1dbaab1c5f136f1d955d
-
SHA1
71a103fc4b825557d58fc1043daae4439bea7d24
-
SHA256
fd24689d12aaf36b4314880ba1f12bfc19b6df6ec63ac058f878d1fe7223109a
-
SHA512
7ac66e820d4bde8e568ff9465e572b4160ae9dd3041d75083703c429f0caaac6a5b4de59bb9ca4e3295c716e6e3fa8d3dabeeaca1303d20eb49d6a4d359b94e9
-
SSDEEP
768:75u2a+OrX+UFMRpq79agDBmRAPxp7yNUFH3r4pb84/QQwRnZZQrIjPj:7M2arbp6up33eFwRnZZQuPj
Score1/10 -
-
-
Target
uninst.exe
-
Size
66KB
-
MD5
cda25e3909eec054001256e77209bd32
-
SHA1
0dc7bbdf13a6df1a4e5b9ae23a64853b36394fc9
-
SHA256
679ae280e8b79691c61eb5a2baee323112d4de2bc8cd730283a368cb3f6dc5be
-
SHA512
f4f68e88bfa3cfb0dc644c580588cc42a2beae55464a44cbaba9d1af352a8848fd594a447072f0ecc751ed81a3d0585b2e58ee3c62a7899fb7cd6f5a8b3f3d8e
-
SSDEEP
1536:shq3+uta99Hj25XvwLXJLiFYRN6QcIwytTtRE:OstajHKBvYXJLYqvthRE
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
ÐÂÔÆÈí¼þÏÂÔØ.lnk
-
Size
344B
-
MD5
4c2a7c403e0c28333f645a363f606da8
-
SHA1
fe61f5e318e323fab9af329245e4bba6128aa5c6
-
SHA256
c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14
-
SHA512
8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5
Score3/10 -