General
-
Target
3815dcbacb4fc56386bfccebb18e3d8e_JaffaCakes118
-
Size
2.0MB
-
Sample
241012-c9b92ashqr
-
MD5
3815dcbacb4fc56386bfccebb18e3d8e
-
SHA1
0fd9a3084487b61c132f19437932be608da5c4fc
-
SHA256
620534ff2c2258d9f208e7084b6727318a686e9176b588cce21193d76e140538
-
SHA512
398d0995cc8ac84b478ea013b1d7caee206109397746bf1e83a6dd446a2051ff072aae4657f60b13362a175ce1564170630594178d57896f4e3d159817ec17ad
-
SSDEEP
49152:VmgCgtIgv4a1ey0SJfDiSzmd5MIcMhnslUEvJmbu1aWktJ3Zi842l:VdCgWbwJBDiEhI9siEvJ0u8WOEpW
Malware Config
Targets
-
-
Target
3815dcbacb4fc56386bfccebb18e3d8e_JaffaCakes118
-
Size
2.0MB
-
MD5
3815dcbacb4fc56386bfccebb18e3d8e
-
SHA1
0fd9a3084487b61c132f19437932be608da5c4fc
-
SHA256
620534ff2c2258d9f208e7084b6727318a686e9176b588cce21193d76e140538
-
SHA512
398d0995cc8ac84b478ea013b1d7caee206109397746bf1e83a6dd446a2051ff072aae4657f60b13362a175ce1564170630594178d57896f4e3d159817ec17ad
-
SSDEEP
49152:VmgCgtIgv4a1ey0SJfDiSzmd5MIcMhnslUEvJmbu1aWktJ3Zi842l:VdCgWbwJBDiEhI9siEvJ0u8WOEpW
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
72f18eaa88886bd0d46de64a17d9720c
-
SHA1
e604c84de0ded023cf4c5e215c0534faf1d18227
-
SHA256
05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
-
SHA512
5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
-
SSDEEP
96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
2b54369538b0fb45e1bb9f49f71ce2db
-
SHA1
c20df42fda5854329e23826ba8f2015f506f7b92
-
SHA256
761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
-
SHA512
25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
-
SSDEEP
192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
c6284e23cd7e4d11db8298deb4541083
-
SHA1
e338686c7579620383ab8cc5a51bbb8d846f60cf
-
SHA256
79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
-
SHA512
72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
-
SSDEEP
96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
40909a97db3a51fc83aaeff503128b3f
-
SHA1
9693d68a1fb11db70f61b8277e1195dd298abbab
-
SHA256
f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
-
SHA512
cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
-
SSDEEP
96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsRandom.dll
-
Size
21KB
-
MD5
ab467b8dfaa660a0f0e5b26e28af5735
-
SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d
-
SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
-
SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
-
SSDEEP
384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score5/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/registry.dll
-
Size
16KB
-
MD5
351f89337642c165a48dd763aa210023
-
SHA1
a5b204cbc51a0ad84248aa680b85be7824f3354e
-
SHA256
b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
-
SHA512
10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
-
SSDEEP
384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score3/10 -
-
-
Target
$TEMP/coopen_setup_100030.exe
-
Size
1.2MB
-
MD5
86417458dc5b33ed2d64ec7ca79be209
-
SHA1
4786aef18d2409c6e5aa255c4663d455196292ad
-
SHA256
4b2b035586333f7c16e6035e67bed9f4120b43933e74e8a29f64d04775e86328
-
SHA512
6b2153538d758b35ebb46cb0ff8485c3f8213c36d6a995329a439826225174333a068dfb08d6755e2fe19f2aa0bd752f962a2bcb80fd9a294f878586ee6e9da3
-
SSDEEP
24576:kLBUwTKA2P9U/cDeCiFwM9hmYYvNKt6n5duze92xK/zftXhp/:kLqsPihZieBYYvNKt65j2W7tXhF
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
20KB
-
MD5
7cb5d7847bed05bcd661f07d97727786
-
SHA1
ec62aba9ece5897ae037db3e4a98e5fe5edd3b6c
-
SHA256
3663f682b9e6fbc0650a729555d6fc432c146e352791ad00a19212d64cc7da27
-
SHA512
51b2b773a8fca7d3346b349c8dc4b0da6d6972350bd9754cf02ab6c093c61c95ee478d562db88c6d046fd341ef0a2d1b06148384c203037dba89abb3e9f5ccc8
-
SSDEEP
384:jKtc0vzG1ioSUspKthBTTN/o7Hleya9cM0Ac9khYLMkIX0+GCBgBTm:jucKiSUV3ZTNmFta9c
Score3/10 -
-
-
Target
$_10_/$_10_/HttpDownloader.exe
-
Size
126KB
-
MD5
04d01d4b16285a63ce6a91822a892f64
-
SHA1
b23239a598877def3a073d3405d28eb3f6a63a3b
-
SHA256
8272cb736920cd24f54dadfc6623ed5cf1ca2a8c465bad56d8857af9ab76830e
-
SHA512
8cbb2ebd6dbaa725722f75f17aa9d23cdaa6e87ba68335145abd314f0ce965c1ef2ad849830810894308bbacaa98ce1480fa8520a97d2a6a32fccdebff002fac
-
SSDEEP
384:RF9Z8VZeOTH+yuiAdoL8T10KJdAncr89du9y3K3iW0hdSAKNQ8LiiEUKDtPKDb/i:tZ8VZFTexTzPocWAwL3IGsJku+6Q5vV
Score3/10 -
-
-
Target
$_10_/CCPMachineInfo.dll
-
Size
28KB
-
MD5
4448afc124d4c041a689606cc5c4ce86
-
SHA1
0cbadd5f0b0087e26910aa97f3074f8dd35f7fee
-
SHA256
e09d28d706602648537a0c80e655db60520ba4d1005585e01f4c4afe68205760
-
SHA512
2bc53e6e2a683ac095ffd453d01861ce428fe7a94a7586f6e40e826f75b67ff114f26d5f38209ac30d85b9f3eeddfbc79ce029e277d9ca6a0ca8f38ed5c12f13
-
SSDEEP
192:sz0vqiqlYXfmHtGJRSUaQTBoF15UZNqSm5EzX8S8X8USY9kyYUv7n:MplW4IJ1LBguWv5Ez8t8UeyYUj
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_10_/Coopen.scr
-
Size
44KB
-
MD5
3238b5035688cc6949293247b08c015e
-
SHA1
076d1a4467981297fa6d26278a798711639df02f
-
SHA256
7c5500ef23b0fedffb0155cf00130f8b2b1e66932e2a0cdbadaae355fd6f8b03
-
SHA512
18aba14c669c17825c0a428f9f2ea3f8f9b42afe584b89a3c6dc6b249aacaf517c179349242bb950161d3889c7e5c16ed9f03f580dcc377143b220709ff045e9
-
SSDEEP
768:rKyo7Qvdv6GRE0g5caH+cSev9E3Rkx2K:WJQIGRE0g59Ku96O2K
Score3/10 -
-
-
Target
$_10_/CoopenActiveControl110.dll
-
Size
56KB
-
MD5
78e522aa4f7dc6ca322eabe916dd7190
-
SHA1
e7f40650e3de52e26f5d07dd8a4dc53f935ea97c
-
SHA256
a929ac8a08eeb966441646549a9e925a306aaea374ccba9996225ea0e14852f5
-
SHA512
9ec165d5acf2b1e5aa0bf79986a2458f5db910e7d2c739cfd0b092e392b3acc94f9df9c871b9d6484986dda5f5652ff60bb555c5d43e5f659df35adc12a667cd
-
SSDEEP
768:wuy+NqkvXDLvfkDrSXw456fXpTFWMcP6XFO5Bx9v7d+rT:wC/8DuXw456f5CPsFETN7dOT
Score3/10 -