Overview

overview

7

Static

static

3

2511b4b9a9...18.exe

windows7-x64

7

2511b4b9a9...18.exe

windows10-2004-x64

7

$LOCALAPPD...er.exe

windows7-x64

7

$LOCALAPPD...er.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$LOCALAPPD...SA.exe

windows7-x64

6

$LOCALAPPD...SA.exe

windows10-2004-x64

6

$LOCALAPPD...CB.exe

windows7-x64

1

$LOCALAPPD...CB.exe

windows10-2004-x64

1

$LOCALAPPD...ok.dll

windows7-x64

1

$LOCALAPPD...ok.dll

windows10-2004-x64

1

$LOCALAPPD...SA.dll

windows7-x64

1

$LOCALAPPD...SA.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2511b4b9a9e1f2312e595213f27ad5e0_JaffaCakes118

  • Size

    671KB

  • MD5

    2511b4b9a9e1f2312e595213f27ad5e0

  • SHA1

    f68813c20847fe6a041ca4e85fef66a69c7ef65a

  • SHA256

    90dd773ec86b8a1dc31c6518c74a98958865ade2de7df67b2a8710bdd81e7916

  • SHA512

    92e12297091803dcf09354709f6f2648f7433234b8b834ea6ac9dbd07b21f0281d4feb3bbbd02b3ff8aa304d4d99362751a47b0f65618fe82a3218b91d4d137a

  • SSDEEP

    12288:ZObyvx7UhybtLGCwa587yPGPFuwnG4jdmVn/l/8uu1RqLHlglDK3QPE0QNnUk:Z3vhZBZ874mbDj8d/8RsHlpA8FNUk

Score
3/10

Malware Config

Signatures

  • Unsigned PE 12 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 2511b4b9a9e1f2312e595213f27ad5e0_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/$OUTDIR/SeekmoUninstaller.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/Install.dll
    .dll windows:5 windows x86 arch:x86

    76b3a21649e5fd351adf6c401d29fe48


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/SeekmoSA.exe
    .exe windows:5 windows x86 arch:x86

    82804e9a7b83ee97790fbfe0af0b0dc4


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/SeekmoSACB.exe
    .exe windows:5 windows x86 arch:x86

    39b01aded6073c5a6c80b67ea5ed9ceb


    Headers

    Imports

    Sections

  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/SeekmoSAHook.dll
    .dll windows:5 windows x86 arch:x86

    9e50d8a875498cb9d27b6ba2dcb86947


    Headers

    Imports

    Exports

    Sections

  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/copyright.txt
  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/firefox/extensions/install.rdf
  • $LOCALAPPDATA/SeekmoSA/bin/16.0.20.0/firefox/extensions/plugins/npclntax_SeekmoSA.dll
    .dll windows:5 windows x86 arch:x86

    a0308f6d6f56785875365acf8c66815b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/Install.dll
    .dll windows:5 windows x86 arch:x86

    76b3a21649e5fd351adf6c401d29fe48


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LaunchHelp.dll
    .dll windows:5 windows x86 arch:x86

    2066603cd83a6b700ab46358852e6edb


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/inetc.dll
    .dll windows:4 windows x86 arch:x86

    a30c8f01c0c7a46c3c2e2a628deec7b9


    Headers

    Imports

    Exports

    Sections

  • $R0/SeekmoSAAbout.mht
    .eml

    • http://www.seekmo.com/

  • attachment-2
    .gif
  • email-html-1.txt
    .html
  • $R0/SeekmoSAEULA.mht
    .eml
  • email-html-1.txt
    .html