Overview
overview
7Static
static
35052cf2d1f...18.exe
windows7-x64
75052cf2d1f...18.exe
windows10-2004-x64
7$_2_/Downl...PS.dll
windows7-x64
3$_2_/Downl...PS.dll
windows10-2004-x64
3$_2_/Extract.dll
windows7-x64
3$_2_/Extract.dll
windows10-2004-x64
3$_2_/MiniQQDL.exe
windows7-x64
7$_2_/MiniQQDL.exe
windows10-2004-x64
7$_2_/TNProxy.dll
windows7-x64
3$_2_/TNProxy.dll
windows10-2004-x64
3$_2_/Tencentdl.exe
windows7-x64
3$_2_/Tencentdl.exe
windows10-2004-x64
3$_2_/dlcore.dll
windows7-x64
3$_2_/dlcore.dll
windows10-2004-x64
3$_2_/predown.dll
windows7-x64
3$_2_/predown.dll
windows10-2004-x64
3General
-
Target
5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118
-
Size
1.6MB
-
Sample
241017-csnlqs1bjj
-
MD5
5052cf2d1f8b28b72768fae254e34a64
-
SHA1
c28918f7ddabe26ba0d0ece6e3ea953ae5e7df72
-
SHA256
206f0e7fd34c289a30061a61e700296dca6df48535922f94384f6c1715534691
-
SHA512
bd222d6b63b1c199da18b652d226f9a67c0f34931ceb60849ec0272a7042ba3bfe46b659baf7e8a09a073a9145bc618a47ff4bc99a25d7bac6dcc78b0118f620
-
SSDEEP
49152:prpRAcE4BJ16/bI6KH9/W/mxnwfYkW7mr1ir:pREYnFH9/PJYYkWe0
Static task
static1
Behavioral task
behavioral1
Sample
5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$_2_/DownloadProxyPS.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$_2_/DownloadProxyPS.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$_2_/Extract.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$_2_/Extract.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$_2_/MiniQQDL.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$_2_/MiniQQDL.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$_2_/TNProxy.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$_2_/TNProxy.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$_2_/Tencentdl.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$_2_/Tencentdl.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$_2_/dlcore.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$_2_/dlcore.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_2_/predown.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$_2_/predown.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5052cf2d1f8b28b72768fae254e34a64_JaffaCakes118
-
Size
1.6MB
-
MD5
5052cf2d1f8b28b72768fae254e34a64
-
SHA1
c28918f7ddabe26ba0d0ece6e3ea953ae5e7df72
-
SHA256
206f0e7fd34c289a30061a61e700296dca6df48535922f94384f6c1715534691
-
SHA512
bd222d6b63b1c199da18b652d226f9a67c0f34931ceb60849ec0272a7042ba3bfe46b659baf7e8a09a073a9145bc618a47ff4bc99a25d7bac6dcc78b0118f620
-
SSDEEP
49152:prpRAcE4BJ16/bI6KH9/W/mxnwfYkW7mr1ir:pREYnFH9/PJYYkWe0
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/DownloadProxyPS.dll
-
Size
65KB
-
MD5
4ceb4641a90de4feee34ba5f949d41ba
-
SHA1
cb060db236d9938f97b5e4e2d1b1c663071a2bd7
-
SHA256
2a075c11148c3f04163b9ffdaa05d4b46bc55c96b2fe50d0a39cc377139c2b26
-
SHA512
932960a503817683c3d7c66695732ec6dc59887b0eaa8d53c4e26e1de6fd6c4e9291a4afe25d898c9b02dfe4cd976414f66b715b861e7974e765bff587fa2d27
-
SSDEEP
768:AiDiESGpQV9RVDsRzncSKw1/Yagi0+pdVt02hrLWHbCb:hGGKVoRYSKwx1l0+9t02Za7Cb
Score3/10 -
-
-
Target
$_2_/Extract.dll
-
Size
358KB
-
MD5
9da51d4506bd094fbfc7d337338fc872
-
SHA1
1b5799ef6b66ac9471842f17570813e7c42cdb27
-
SHA256
f2181e41d5950fcb762edf6b9cbb665e94004a7f1102b606c331690e6069a501
-
SHA512
07dfae7c04ea2815ed78af9e29313050338bfec5a8e08a8846c0f846d6d27b79b7bfe2c3b4dbf3758aa22f88342aadf5513dcbcd6a718b9dd939996d6ce9e044
-
SSDEEP
6144:xR1C/1D8BnHgvH/5udZip+IUOrJTbSfvyux0egTK3:xDC/1D8BH0HBvUIUOrux0ege3
Score3/10 -
-
-
Target
$_2_/MiniQQDL.exe
-
Size
829KB
-
MD5
b45f4840234e8aa94d0d75c47cc052ff
-
SHA1
9fd12d040d7033c0b5b81d4c3ce97145bf504cc4
-
SHA256
e510b8ef6baba2229fe2c7a88865b8f9cb4609a8d504ca74ca93420fe4eef700
-
SHA512
08322f3fdf76d52544e8c0ccf88e127f23237fb9d0de3002c6231cea2d5e97342068617d2b4695ccf858ab148436255a965a5daa28e2d3a99f51767a5f306ff8
-
SSDEEP
12288:glICZQTSccqulHGOgo4i1qOns54kkA1+0uJUQJAMGai+tZQ8L:yLbm2dE8JdAMrNtZLL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_2_/TNProxy.dll
-
Size
377KB
-
MD5
858fc685a5bff591985394f9cdf9e289
-
SHA1
5970a28aab399d005885b9c6b79eafd606640fab
-
SHA256
3404212366a3aed4155e5d73d901e769a7005cadde5169a8d9677ab5a0585dcf
-
SHA512
620491b27ff281ad42f947fb9dbef3256624fe8d298740d6b9942627525a2d44525cbb9065d2ffa2efb0ab3478b8a33148fc9b0b4c531106cc8e421e2c59f0d0
-
SSDEEP
6144:H9u5ec95CL2ADz5izTNe/rCkMyELlc5VZ7ciL3QSGV0G/34r:NczXTNe/rCdVLlMNcW3Q3E
Score3/10 -
-
-
Target
$_2_/Tencentdl.exe
-
Size
821KB
-
MD5
b8f64b0b53e039cbeba7d60c81710bd8
-
SHA1
a9be269daa7f404a23fcaf002be7ee13697ef8e0
-
SHA256
54e0b845eff52823a951ff4b38c6728a381613a0603ce82d4d5c34aa6402f7cc
-
SHA512
9b5c5818fc0a11c8dc80b3befd3459a031f411fc5ddba43f7c0737f20ce6b265599790b64897aed448ccff766c98c5f8d0837495a8eecca36777be390f49ec05
-
SSDEEP
12288:F5TZy7R3lQATwbZ7nayGBFW0eKcGhliIJR6hZxRNYTEiss8ljf:FmV1TdQGhYIe9XiEiss8ljf
Score3/10 -
-
-
Target
$_2_/dlcore.dll
-
Size
1.7MB
-
MD5
82ce23aad749aee959820533c0676cb2
-
SHA1
3aa526a4ed51491b01a5419713d1582a426b7efc
-
SHA256
a2fd92c7fc26bf2851aaefcc5f0bafd75511794ad0c781e1a715df812f7bd2ab
-
SHA512
c91f5165059677071a1e2949244dd1ce4e2c5ce58fe38298f1707ff4b6de6981d7c45f8fd5a189a91d154b0c4af25dbaae4e7a51f107dee77f2f51f0150d2707
-
SSDEEP
24576:pwGG5eolPeydcqelZc2e8A1oifvR2jqWBtwCzSdqyAss3EMMYyL0jT:RGAF28A1oa52O8+rA5EMTyLgT
Score3/10 -
-
-
Target
$_2_/predown.dll
-
Size
601KB
-
MD5
e6f2f48d472676dadd9a7d50566ebedb
-
SHA1
414f0aeaf7fc815d550385cea1ee4d7077f8cf71
-
SHA256
804b1bb1ee609957eacfae505a98744b40e6967fe5b215f628b94fae6abaae02
-
SHA512
ac99e0056abf53b16090cd9cef1b5ea6d3ef393513daaeb05e79b5c1d3d564b6cd74013459813f6b1bbc6844866af8a8f504f995a511e0a61264aed72f8bc0f6
-
SSDEEP
12288:Vh1YB5T6HY2os2bk8HuToha/IwsXFRR9iYvOoq22:vYWH9Fohaq1RR9iYv822
Score3/10 -