Overview
overview
7Static
static
7529eff5edd...18.exe
windows7-x64
3529eff5edd...18.exe
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows7-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
7$PLUGINSDI...er.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
7$PLUGINSDI...ad.dll
windows10-2004-x64
7$SYSDIR/$S...00.dll
windows7-x64
3$SYSDIR/$S...00.dll
windows10-2004-x64
3$SYSDIR/$S...00.dll
windows7-x64
3$SYSDIR/$S...00.dll
windows10-2004-x64
3$SYSDIR/$S...00.dll
windows7-x64
3$SYSDIR/$S...00.dll
windows10-2004-x64
3$_49_/$_49...id.dll
windows7-x64
3$_49_/$_49...id.dll
windows10-2004-x64
3$_49_/$_49...er.dll
windows7-x64
3$_49_/$_49...er.dll
windows10-2004-x64
3$_49_/$_49...me.exe
windows7-x64
3$_49_/$_49...me.exe
windows10-2004-x64
3$_49_/$_49...nt.exe
windows7-x64
6$_49_/$_49...nt.exe
windows10-2004-x64
6$_49_/$_49...re.dll
windows7-x64
3$_49_/$_49...re.dll
windows10-2004-x64
3$_49_/$_49...ls.dll
windows7-x64
3$_49_/$_49...ls.dll
windows10-2004-x64
3General
-
Target
529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118
-
Size
12.7MB
-
Sample
241017-tyepfsvakf
-
MD5
529eff5edd9594d6ca4cb18f765d08b9
-
SHA1
d21594fb0a4a1b959807bfe6df0bfa27c9273bdf
-
SHA256
dde4fa3e7f74545ade6d40517754be781da68c97c0eed870197a3608aee7d237
-
SHA512
b4b7af50b3abf260568db986241898515c5cf7ac2f8924adca0de5dd636d32daf46c3067e3d34025130a7a48146865fcf4c2cb0f4b82a6288cc5c8145a546c4d
-
SSDEEP
196608:3bTXvibv6wjqdy5K0VhpX/Ab3MJAqsqFl0LPf0i7duoYmBODxdbaT1oQWG5IAOvI:Py88hhIIsqFO7fx8Wom5TOvZ5+vR
Behavioral task
behavioral1
Sample
529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallHelper.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISAppUpdater.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISAppUpdater.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISCommon.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISCommon.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/PluginInstaller.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/PluginInstaller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsThread.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsThread.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$SYSDIR/$SYSDIR/atl100.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$SYSDIR/$SYSDIR/atl100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$SYSDIR/$SYSDIR/msvcp100.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$SYSDIR/$SYSDIR/msvcp100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$SYSDIR/$SYSDIR/msvcr100.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
$SYSDIR/$SYSDIR/msvcr100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$_49_/$_49_/Android.dll
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
$_49_/$_49_/Android.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$_49_/$_49_/AndroidAssistHelper.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$_49_/$_49_/AndroidAssistHelper.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$_49_/$_49_/ApkInstallerFrame.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$_49_/$_49_/ApkInstallerFrame.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$_49_/$_49_/AppAssistant.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$_49_/$_49_/AppAssistant.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$_49_/$_49_/AppCore.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
$_49_/$_49_/AppCore.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$_49_/$_49_/AppTools.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$_49_/$_49_/AppTools.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
529eff5edd9594d6ca4cb18f765d08b9_JaffaCakes118
-
Size
12.7MB
-
MD5
529eff5edd9594d6ca4cb18f765d08b9
-
SHA1
d21594fb0a4a1b959807bfe6df0bfa27c9273bdf
-
SHA256
dde4fa3e7f74545ade6d40517754be781da68c97c0eed870197a3608aee7d237
-
SHA512
b4b7af50b3abf260568db986241898515c5cf7ac2f8924adca0de5dd636d32daf46c3067e3d34025130a7a48146865fcf4c2cb0f4b82a6288cc5c8145a546c4d
-
SSDEEP
196608:3bTXvibv6wjqdy5K0VhpX/Ab3MJAqsqFl0LPf0i7duoYmBODxdbaT1oQWG5IAOvI:Py88hhIIsqFO7fx8Wom5TOvZ5+vR
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallHelper.dll
-
Size
174KB
-
MD5
dcd3a89169fc65e51c171e0c2d66a9d3
-
SHA1
954f75de2383d35ac4caf2605dcfa90e33d9378b
-
SHA256
65d1e569773ba94c6de7ca78852c6eb4b74010b5a83a6744a217da077fa2d64d
-
SHA512
c994ad098fe9cbc9e4e10a15c0af5cf56f10f1a272d420f21cb1ad58199011623997e3dc539abce39df345706e927c81ee7aca7a7537db0be96cc9e3665ed9b1
-
SSDEEP
3072:cLEyvW9Z68saB9TMh2sLZwUvB0xw3eqDpezwy6Jzy5jCLIkqH:vyvWSEB9TMhn2UvmOFfy688a
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISAppUpdater.dll
-
Size
127KB
-
MD5
bf7c29de2f27d7cbf58040bc86dd2257
-
SHA1
638469cd0e492e697b9b706cdeddddfef3c685df
-
SHA256
984cee2806be2b10eeb7517cc41f7bd8821c2417100a859d60a8b6d104e3b3ee
-
SHA512
eb568994bac0e6d79d7072fb00da0cd0ffd7c4601e274acc99ae10f65db7c7d0237249e42665bf480fb5e4069ef157ec4d35bdcb059ca9f17bf3dcb30c5a1d34
-
SSDEEP
3072:70xihljCRbmy3T4J7Yiy4RwBgRpsfixoBwc:0ihljWb93T4J7ty4RwB0psf5X
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISCommon.dll
-
Size
104KB
-
MD5
829bdcea94557a3484f12b8314b2abbb
-
SHA1
4f12cc88eee6c9e87ce098dd8008dc73213d09f6
-
SHA256
a64c6ac63564af764c885f77a75683daeb2a5fbc33719fe7cea1ecf17a87af0e
-
SHA512
fb31254809063b1cc0c8b5032c1cddf3b6596003db67c49b2642094cd92a98aa8b21a5617f32113dcad0916289f7d0342a0596ab1c99d2e44f0b8abd5083e069
-
SSDEEP
1536:TPd4AoL+7MQXEO+9lYQg+FG7oTKFIzqF7tOX+nk8ey:TbbUY6uLIzghfnk8ey
Score3/10 -
-
-
Target
$PLUGINSDIR/PluginInstaller.exe
-
Size
230KB
-
MD5
327b7c5d9682031afa4beab80796843e
-
SHA1
5f073baa2a59e20f42a2ee4ad4437b3efa4aee87
-
SHA256
13700a00965847d118c07265ec374778dc3e1d0b5e29cb1b7fa8f3d9d4e5e8fa
-
SHA512
3f1b829ccd337295467fa447f0747a0cf36998fac2d7e0336764f9fc8efb2ab152dc190445f459b198208cd2a144246657bef8df6570fbfda9cdd3dfc51cd065
-
SSDEEP
6144:PEUXy2anjLFQlbYXObUsaNEvd2WRoQZnozcDsV:PEVvjLyl0e5UgpomnzDG
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
17KB
-
MD5
71bcfeaf8a113de024644d78cbea7051
-
SHA1
c3b50391c3fe8968754408c526aa9befa9338295
-
SHA256
e262f340e6e079f7d4f5bf23453ad004ca5511c2c61ffbfe021415d019cd1933
-
SHA512
bc9a3ceffad8d8f102629d5879efef915d9c2b08f81e037b530632468fc72a17af4c7712ff2e2f48946ae67986ed4b691d658c45fce160c3868844c85fcc1b03
-
SSDEEP
384:3JoiO8V2upW7vQjS/wnYPL/p1CyIANje9:3JzO8V2uovQjjp9
Score3/10 -
-
-
Target
$PLUGINSDIR/nsThread.dll
-
Size
4KB
-
MD5
3f75e71f7702660a121c8455f3edd24b
-
SHA1
317141414ea676bfff39c39cfc82958b61ae39fd
-
SHA256
f841f7b385c1341602a0799607bfd9cc7199d17a1b4e2334a55060d6d6b4b280
-
SHA512
dfd9d458d187c3e16aa9c2e466d89076ece289c193b72d9954c18eb312fe230230e2710342ae0946aaaed13be6c235b2c6c95856d125e046395f4e384efd90ad
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$SYSDIR/$SYSDIR/atl100.dll
-
Size
134KB
-
MD5
c85670ab64068f8080998aeba6c5019c
-
SHA1
ef762c375486594f6604f39311d32442156ac8bb
-
SHA256
87d88235f69c062e5b759f91253abaf7bd055937dd119bd26858237f812d3ded
-
SHA512
870a27585f72e444fa9a2b46ab53ed420932952be8a3c4ddd0d831d72be0ac1b44992cf757de76d0cd667cd5b6150e9eb96ac2a8e7161a22c7d557946a12e5c6
-
SSDEEP
3072:ZEi2/YxBFZNAWH6Gk5BsyGfGM8WzkAFoX:0OFZKWaj5BstfbZx8
Score3/10 -
-
-
Target
$SYSDIR/$SYSDIR/msvcp100.dll
-
Size
411KB
-
MD5
bc83108b18756547013ed443b8cdb31b
-
SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d
-
SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
-
SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
-
SSDEEP
12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
Score3/10 -
-
-
Target
$SYSDIR/$SYSDIR/msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
$_49_/$_49_/Android.dll
-
Size
7.1MB
-
MD5
46c2f0217a668888d5dc47c66e1f28d6
-
SHA1
2314ec0abb2d10b4ff94c86b12b3f3fba87e6d18
-
SHA256
aff998790a69926ad4858f53f124aff43922894012dc38f4ef4891bf643dffc3
-
SHA512
90e0ac9276558990cd8f2edda2e1ba7b0a558ace4537869eb71dd36c2c72532408d224b188c66c26c334840fed2a3055726c4895dacfc237a66b4b843cb63f2f
-
SSDEEP
98304:UIjj/FK4FhGpnX9i9iIlyyGdRkBn9WSqLKCKy5zDOXMHqMC0fO3gFJ:Jj/E+anX0iIlym9WSq2CKPM706J
Score3/10 -
-
-
Target
$_49_/$_49_/AndroidAssistHelper.dll
-
Size
245KB
-
MD5
241313878bf15b996fa158829b0742de
-
SHA1
bf487077287d795e7d47fd10209e18a230dddf87
-
SHA256
97f1be6c31c7278f1de85481d5b8d86b1c429d135e4209e90b249b0ce0b9f941
-
SHA512
d0d28217c0db50de5180dd4c4f8d4c6b24a993a91ac6e40fd773cb14e078b2cb9079e53c2d108ca8ce6d4dfbf689e141282cb5b9ae1255913c726b216bcf817d
-
SSDEEP
6144:vMQvRNrswIvEVXxGpyIXWNx3fNAWaro8JGvdTBE57S:PRjIvEVXg3mNx3fNAWaro8JGvdTC5
Score3/10 -
-
-
Target
$_49_/$_49_/ApkInstallerFrame.exe
-
Size
418KB
-
MD5
7810ef73766ffae6b964a9a1d6ab69d3
-
SHA1
c7e3e205bbae2f518c921b0bc7fdc9abfe15bc86
-
SHA256
f169662dd4a7549bb83c332169e53afa1b17b61037368126eaa6d5bb714533c4
-
SHA512
3f3852c76c5e5dd4b7d1ba3768e2b024b157d7e271a112946c2db5403e142d02f5a9070c1063387588ad995ee3c053ac03317907e7082089a3d3682c9d01d6fc
-
SSDEEP
12288:9Crmv68jNdxylxIIqmj7HvkvpN0v1fB+c:9Cr6OIIqmjwvMNfB+c
Score3/10 -
-
-
Target
$_49_/$_49_/AppAssistant.exe
-
Size
91KB
-
MD5
5812f618353c561faba3c0c6a975ca43
-
SHA1
cf62b40b07f2c20adb2ff4b4ca8ebaa37a5a5dd6
-
SHA256
11e2aa9b7be5295af5a94b7f32142cbe87bb3b277bada55273cb1fc3718edaf8
-
SHA512
9dd8ca0ad0403ec13fa3e7359a3381642a43d447989bb5221173a5346077e42f4e82b01bcea191465e1b319d07076ce686eb93a32d6325940796a82bb1e8a723
-
SSDEEP
1536:LqvAwBEZr6Oqq339U+I47bN3rNJjAOtkbt2YRcJ6i04Ca:W1qeOqq3Rv93JJjAOtEdRAD0/a
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$_49_/$_49_/AppCore.dll
-
Size
213KB
-
MD5
f8ee393f089c85b1b4562b86707d2b8b
-
SHA1
57feab06dcc5047b4da0f39b2ade1b6845ba3903
-
SHA256
e18e76b7546ce7d55b9422575f03a1b019a1c047c1a7ca7fcf34efa900f11e2b
-
SHA512
5e86d71314966ca86a23f41c891a61c71ea3f323a68059b0e7272d5401ad23bcf16cef6674ca38b712629f6e20d81b3d9267b125ee664aaf22a9f65ec4ec3979
-
SSDEEP
6144:HrKJ5DKYCLSQTxENlMSihBy6a8OBCK35S1:HS5FESQTxENlMSOy6a7Q1
Score3/10 -
-
-
Target
$_49_/$_49_/AppTools.dll
-
Size
104KB
-
MD5
d870e95650f7b828bd97d74eebc13dfc
-
SHA1
340b1169de9629d29d489148759babdda018fe32
-
SHA256
f9760ec72b89c455eeabb7a0890a5f679c28b0b6b4ea18e31e4737c201dd167c
-
SHA512
f917d6f66daa87fffb765d031748a9bccfa4d12724414e9c2113521242813dd7cc34092f7cff3e16e13fb8c01b0054ba7b1c855b8ec791e101986fa6f3480fc0
-
SSDEEP
3072:HxY++cHb3FrpDGfKyTpHkAy1OfsAlzyZs:RphHb1rTyTpHkAy1OfhlB
Score3/10 -