Overview
overview
10Static
static
3a4bcc3d83d...18.exe
windows7-x64
10a4bcc3d83d...18.exe
windows10-2004-x64
10$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...ry.dll
windows7-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$_1_/Beasley.exe
windows7-x64
10$_1_/Beasley.exe
windows10-2004-x64
10$_1_/libeay32.dll
windows7-x64
3$_1_/libeay32.dll
windows10-2004-x64
3$_1_/ssleay32.dll
windows7-x64
3$_1_/ssleay32.dll
windows10-2004-x64
3General
-
Target
a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118
-
Size
4.1MB
-
Sample
240818-a2nxrawcqa
-
MD5
a4bcc3d83db92af30efb92b91c173fde
-
SHA1
d3a18f9612dbc77563af00d4320b434f13b1384c
-
SHA256
ed20ff85f5df587140e0780e16a5eb28df94e1b6330c8256de39d94b5a772e83
-
SHA512
99e9f24ffe81c093b7278b130d76377efd4c37a6bd8882729b25f87821433ee45247e3e441627786bf37b4331a366c41df66092f0653d6a4597fde3abdf14547
-
SSDEEP
98304:6WE8PHm2xRsBxIhM3wuu1NzJxUMkQDmBziWl:6WLPG2DOJwb1xJ+Z37
Static task
static1
Behavioral task
behavioral1
Sample
a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NSISList.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NSISList.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/registry.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/registry.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$_1_/Beasley.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
$_1_/Beasley.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$_1_/libeay32.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$_1_/libeay32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$_1_/ssleay32.dll
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
$_1_/ssleay32.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a4bcc3d83db92af30efb92b91c173fde_JaffaCakes118
-
Size
4.1MB
-
MD5
a4bcc3d83db92af30efb92b91c173fde
-
SHA1
d3a18f9612dbc77563af00d4320b434f13b1384c
-
SHA256
ed20ff85f5df587140e0780e16a5eb28df94e1b6330c8256de39d94b5a772e83
-
SHA512
99e9f24ffe81c093b7278b130d76377efd4c37a6bd8882729b25f87821433ee45247e3e441627786bf37b4331a366c41df66092f0653d6a4597fde3abdf14547
-
SSDEEP
98304:6WE8PHm2xRsBxIhM3wuu1NzJxUMkQDmBziWl:6WLPG2DOJwb1xJ+Z37
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/NSISList.dll
-
Size
105KB
-
MD5
4b0617493f32b2b5fe5e838eeb885819
-
SHA1
336e84380420a9caaa9c12af7c8e530135e63c57
-
SHA256
df3621f83e9d11be45e0e617b899c4ab0241f60ed56494e892dc449482058402
-
SHA512
5c50cf97cd9a6c699ec7928a08f77f4eaa68105e87a974432e39b637f926f0df8a95ec19bd63465fc438a4ef6349398938bc8d7651de125d13ccab89d1d49143
-
SSDEEP
3072:NIgAGTHvtyzvUnB26s2oZtX0Uzi/t6zhy9:ygAuvtRno30V/t6z
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
8cf2ac271d7679b1d68eefc1ae0c5618
-
SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8
-
SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
-
SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
SSDEEP
192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
f27689c513e7d12c7c974d5f8ef710d6
-
SHA1
e305f2a2898d765a64c82c449dfb528665b4a892
-
SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47
-
SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc
-
SSDEEP
96:JpmkmwmHDPVhklfSoRPB+YSvWvZckH69MSz00vQFHhAVvSGYuHnUNy2DCP:J+PVhYfSokvW2CsQFBAVaGdHnUNR
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$PLUGINSDIR/registry.dll
-
Size
24KB
-
MD5
2b7007ed0262ca02ef69d8990815cbeb
-
SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f
-
SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
-
SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
SSDEEP
384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA
Score3/10 -
-
-
Target
$_1_/Beasley.exe
-
Size
11.2MB
-
MD5
080243eb6fff40cfd90a7e17cdb74ba8
-
SHA1
78ee23e1b8e74d814d22a4288fe31f3c1a5a5495
-
SHA256
a3b12707957c0875e23c202cea0268981623760072b5f7780ff62fd435311c6f
-
SHA512
ff765462a48f19aa0b984522f0507ef28c606117f44064a39c7e528906b94e88e23155a9af028d7d766cf9410481434af4afa40fe68b7e4ee73426b9275240d1
-
SSDEEP
98304:56OwlI2RKvm132+y6gl70DNGyTuv+62VkYePy45nZGXzC+3ZYOx5nwtP:X6fRKvm13TyJ0DNwDnZGG+Jvx5nYP
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$_1_/libeay32.dll
-
Size
1.3MB
-
MD5
4cb2e1b9294ddae1bf7dcaaf42b365d1
-
SHA1
a225f53a8403d9b73d77bcbb075194520cce5a14
-
SHA256
a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884
-
SHA512
46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb
-
SSDEEP
24576:VD8B+KpPexB6mqwktXUcAVEaFQXhL0porIqo+Frzba:WKkmlktXUcAVEDhQporIqo+Frzba
Score3/10 -
-
-
Target
$_1_/ssleay32.dll
-
Size
337KB
-
MD5
5c268ca919854fc22d85f916d102ee7f
-
SHA1
0957cf86e0334673eb45945985b5c033b412be0e
-
SHA256
1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56
-
SHA512
76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310
-
SSDEEP
6144:8EXfWSXFKIsrpivdM+kPsmWak8dfthPDP0wrE90k7DUT/NaDB7JlwScihgbX5/GU:8EXfWSVKIsrpivdM+msmWak8dfnPDPPz
Score3/10 -