Overview
overview
10Static
static
10641ba3b46d...18.exe
windows7-x64
7641ba3b46d...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/98ipcap.bat
windows7-x64
4$SYSDIR/98ipcap.bat
windows10-2004-x64
4$SYSDIR/msvcp60.dll
windows7-x64
3$SYSDIR/msvcp60.dll
windows10-2004-x64
3$SYSDIR/npptools.dll
windows7-x64
3$SYSDIR/npptools.dll
windows10-2004-x64
3bin/DLmode.dll
windows7-x64
3bin/DLmode.dll
windows10-2004-x64
3bin/DelEntry.exe
windows7-x64
1bin/DelEntry.exe
windows10-2004-x64
3bin/Main.exe
windows7-x64
3bin/Main.exe
windows10-2004-x64
3bin/NetKeeper.exe
windows7-x64
3bin/NetKeeper.exe
windows10-2004-x64
3bin/NetKeeper.exe
windows7-x64
3bin/NetKeeper.exe
windows10-2004-x64
3bin/Updatemode.dll
windows7-x64
3bin/Updatemode.dll
windows10-2004-x64
3bin/bindconfirm.exe
windows7-x64
3bin/bindconfirm.exe
windows10-2004-x64
3bin/bmpres.dll
windows7-x64
1bin/bmpres.dll
windows10-2004-x64
1bin/detector.dll
windows7-x64
3bin/detector.dll
windows10-2004-x64
3bin/doload.dll
windows7-x64
3bin/doload.dll
windows10-2004-x64
3General
-
Target
641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118
-
Size
15.3MB
-
Sample
241020-y3bwkszemm
-
MD5
641ba3b46d3175bb6587c9838cf75eda
-
SHA1
d352a16c14ee64976cca78ae2e6f5a8daf16dee9
-
SHA256
b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1
-
SHA512
e2405525efa3fe9232c0dfbb5ccfdb4efb9910220e3a5c8cca2b177e94f9f859c5cd0d561d44cd3bfd7eef99a4cc13804c54f7dac9f4632a419f042eb8c740a5
-
SSDEEP
393216:7fk34EjfYob8H+KzpyruFDJgb26WC0jhWli:7BQY48HCuFDJW2fCooi
Behavioral task
behavioral1
Sample
641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$SYSDIR/98ipcap.bat
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$SYSDIR/98ipcap.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$SYSDIR/msvcp60.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$SYSDIR/msvcp60.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$SYSDIR/npptools.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$SYSDIR/npptools.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
bin/DLmode.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
bin/DLmode.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
bin/DelEntry.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
bin/DelEntry.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
bin/Main.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
bin/Main.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
bin/NetKeeper.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
bin/NetKeeper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
bin/NetKeeper.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
bin/NetKeeper.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
bin/Updatemode.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
bin/Updatemode.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
bin/bindconfirm.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
bin/bindconfirm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
bin/bmpres.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
bin/bmpres.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
bin/detector.dll
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
bin/detector.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
bin/doload.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
bin/doload.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
641ba3b46d3175bb6587c9838cf75eda_JaffaCakes118
-
Size
15.3MB
-
MD5
641ba3b46d3175bb6587c9838cf75eda
-
SHA1
d352a16c14ee64976cca78ae2e6f5a8daf16dee9
-
SHA256
b9d6789722f327dcf8d466888aac18c70f693452cb708306937d9d7f09a87fa1
-
SHA512
e2405525efa3fe9232c0dfbb5ccfdb4efb9910220e3a5c8cca2b177e94f9f859c5cd0d561d44cd3bfd7eef99a4cc13804c54f7dac9f4632a419f042eb8c740a5
-
SSDEEP
393216:7fk34EjfYob8H+KzpyruFDJgb26WC0jhWli:7BQY48HCuFDJW2fCooi
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
1e8f2fefe3ce893b117b26948b8978cb
-
SHA1
59cfc6c3f5716e91609e54ca80ae8b06c93ef8ab
-
SHA256
8203ae1589a50e6ff012e5d27bdd4f8ed7506077ca9b052827f5e90aaeb98519
-
SHA512
b3c36e1aa5d3ee5f482f4175a7d6fe10cf2bf3bd3423ab4266d11c4181cfbc7e3f66a30855034a8ec026a4d5987598f0116e98519b7445d9e5687bcbab2c0e5c
-
SSDEEP
192:qzixixDOHhG9db9rd+oSVPECMlh3I8tqDyng7hwbbHF1QuCb:qOx0DOHqrdwTY6+ng72bbMum
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
10c44246d99a1c2e5f5e6b52b111a63d
-
SHA1
0f41da79c3e789f4ae38738e3a5d73c538f8af4f
-
SHA256
7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8
-
SHA512
e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3
-
SSDEEP
192:rOSsJI/rqmIDNLU0dq51EgAiNbubv6rLZ:lHQQ0d01Egbq76r
Score3/10 -
-
-
Target
$SYSDIR/98ipcap.bat
-
Size
294B
-
MD5
6975aebf0251eab7d7b62a0a571e49a7
-
SHA1
c87ac5998a765bbb739f4e7a83fec82fc744d083
-
SHA256
9be09e332fe9335f4045ce53a1df8630caa1a1965b57d0f7a02ae102ba698f4c
-
SHA512
f8a4b60dee665e54b55d8bb63ce55257bdcfbfbebecb76935b6660fb93aee3e17a4b74dded7475e8b0cac29651bb81cb49093f0cd28411a8d472258f115c2beb
Score4/10 -
-
-
Target
$SYSDIR/msvcp60.dll
-
Size
404KB
-
MD5
59a6413fb2cc89fd8651b1d2962fb8b9
-
SHA1
7e118606f03a591897e014b7693d64e6a86fdbe0
-
SHA256
fed76003f544525783796a22a07b190a8340874c11b5cf1999196c697d51e154
-
SHA512
83e7ea9905214081793c2a241b776a29dab58ba6ce279ceb3851347004c4ae99cf33fb77f12c7d7474de32d417686f8ba5624a7bd7cec73f3dcab55adae307b5
-
SSDEEP
6144:RL9LoZGObfGc6z8TEQGpX+3OoxHkCm1N8Reo:DLmBet4wTpX+3OoxHkCmceo
Score3/10 -
-
-
Target
$SYSDIR/npptools.dll
-
Size
53KB
-
MD5
841007a04750a9acb56dd82095300d15
-
SHA1
58c1e338bc78a54795a844b559b614004e53d3cb
-
SHA256
a15c409af481494fa8c3d82ec0dc7c67075a706160cc060bec982e40c060d578
-
SHA512
dcaeae21ffc2479fc595632a93e082396caea1eb6c4093e24c199a5ee3dd09248dfb5fe11ea200034e2be928b2db09218d9d763428294347ccd63f4cad4c06de
-
SSDEEP
1536:4rCCQcntQk9Dh5jGTs3NlTawNH0QJu1E2RoYH:4OpKDbBawNH0Qo1EsoI
Score3/10 -
-
-
Target
bin/DLmode.dll
-
Size
24KB
-
MD5
f3837dd4e015986917afd49ddd7875bc
-
SHA1
e4e4919e47266a4a37fb03982044e16e7643b58c
-
SHA256
9bec548c7bd82e2c783e54cbe0f39419a18f52f6bad2b6fb02863b2dae7cd09c
-
SHA512
9e6d72a88d59abf64c7edf6de04e865b129834567e1527438e288608a9802f7928d1844d3b96ce058b337eee8f62cfaa3b6b3b6e5afa8a6ed3d56405db26e204
-
SSDEEP
192:hhHjd/sX1qs0wWhradLaj6QalEjef9DCZXmZ:LjlNfhrVslDDCZ
Score3/10 -
-
-
Target
bin/DelEntry.exe
-
Size
28KB
-
MD5
5e118e80e9771f0ecd401cc6eb3ecd44
-
SHA1
a918bb41e339e5f19fa237f00ed55cbdedf60f6a
-
SHA256
78eafa3f5da69eea96fec9e6aac3c01ef26c42d0a941be0b7408aa52bedb2aa5
-
SHA512
ecec88498fec0eebadd8a321d0139b8cc2e6a067a9f51f9179777b076bb98c569dac025a2bfaf55a6a93853c44cd370f21cfeaa106f4320db1653bf09924f3f7
-
SSDEEP
384:o5T7vSqsl2w3jqeK7bAmlTOc6yJWrGruAWoTr:c7vi1jtK76lf4uVoT
Score3/10 -
-
-
Target
bin/Main.exe
-
Size
156KB
-
MD5
c0c12a04a00819a056989a9ff95b8857
-
SHA1
52ea609589508bb4bacce5f70123b4b3aedeb4d6
-
SHA256
7eb2cfaf72964538ff0c166277345ce51b91f69311acca626e8eec1c550aaf19
-
SHA512
dcbe0f45c53ee10dd69d8d5dabde66b357d72ecb8bb08e968f62e8a8717625ae58cb5f24d1294d0a77a90e9de77a4a75729a8f3e866ced8068c487e3716d20b9
-
SSDEEP
768:MC9U7GemlZM4i+x3teby3rQvuviNUwKToNQV6WQs5yGENTLtsY:KiPlcQ2yb6FU7CQUWlotsY
Score3/10 -
-
-
Target
bin/NetKeeper.dat
-
Size
84KB
-
MD5
f11792e12c4ffbc7181bf4b8dcaf9a9a
-
SHA1
dbdf47c39ebae3cd0b333c37474c1403afe86e57
-
SHA256
64ba93259b857f1db2e6437700d01d5fb8176a0c14a808692a252f8e6ab00b72
-
SHA512
7e22f1fda1d489210cd9f0c6e05e596fd66c4384c5ae27a63d71a9c8563599527623d33603b3e0be2a3756be3afd5372bbea9b834a454ad570db59ce423bbb1e
-
SSDEEP
1536:F6XrlgON4gNOR8sdkJI6Z5NLaqY6Dv50zM36XRcLPKxUfVGENOqKlxThZQ92T:F6bJlcRlkJIU5cIv5V6XwPKxIgENOqQ5
Score3/10 -
-
-
Target
bin/NetKeeper.exe
-
Size
430KB
-
MD5
1e427f695e7bbd16d97592964e5fcd3f
-
SHA1
6f940546cbc74e00b8428579e3ae911f95e04241
-
SHA256
9a6740315aeaf9e7f5b3fa3b036fca73e1c4e1b895d3dde7a47ef5148116b418
-
SHA512
80b4b7cd1d2dde0c0ed7921bdbc6033473b51fda7ea86cf0d70d2d2822e15e70626b2107bf88b214417189e8e6869811fa9de47247042c2a5641de5317e33246
-
SSDEEP
12288:gmPrOHX2cB96w/wV2IeuNDmfwKFUp3LQ8JVEhqmS8E/GLOvXr9+QMU:HPkGCABBeSi5FGX/sS8Gdr9HMU
Score3/10 -
-
-
Target
bin/Updatemode.dll
-
Size
36KB
-
MD5
316e8ba769e6774a0e17078586ad3077
-
SHA1
02ba8c4676621cdbd31e35ef3c51b3cbdc6c7653
-
SHA256
f5462eb7d7f2758bfa55ebba8f2bf3fa01194f03a16c0e9dd5a84ed33116e746
-
SHA512
cbff041d038ed14c83038a4a7ff9ef013d0822ed0d2666e6928d9957ee211ee358219a4f556643f8278b7b3ecef22ef68afc76d78e0e1926913a9143a66f62dc
-
SSDEEP
768:T6QjSSzMfy/cJjcIgMEPQ50U3kNGq2zy:WsS9fkM4IgMao0GkB2zy
Score3/10 -
-
-
Target
bin/bindconfirm.dat
-
Size
19KB
-
MD5
91109a93bd4722564a0097c28f0013b9
-
SHA1
eca5c0c2336fb4bc935698385d28d37914edd48f
-
SHA256
80187c2560d0a9392aac2a373dfcb58594291f47af8155907a5f7a9468f25b8f
-
SHA512
83442d22e94b8adf76fdbf1106e3784d122d225c77ab9614751974af7db31651c7fd2661c2410c6c8ed321775eddbaf85afb4dae80d78f98be061de881afd3ee
-
SSDEEP
384:YnXA4ZJazS1yARaaalJkGrFbBsua5Sl8zx+m2D1d7fn:YQ4moYJXrFnaC8EmE7fn
Score3/10 -
-
-
Target
bin/bmpres.dll
-
Size
408KB
-
MD5
e29c65666b3f9aa4062ebc7d5359f987
-
SHA1
d05afc499f258d3a6486ba269cef5f506d1d0a0e
-
SHA256
a47657ac7a513f3b5ed73f621eadf91c809c8ef09a7a512aff2b60b60f96df57
-
SHA512
3bbfcad64da8cb5018df1da06d2a3b028b43f73cdc9ae9ff62f101b4fe1cda208383362ed86a1fdc610838714a8bff4b79090717fd1dbb303fb35305c2d24765
-
SSDEEP
1536:WLX1nyIU7wUGaWRY18aLe1Ibg9teHZgzZwnnnn/nnYnny9ngnnnnnnJppPyhnMzs:W8IU7wpaRej1IRMZMEyYXyBM
Score1/10 -
-
-
Target
bin/detector.dll
-
Size
64KB
-
MD5
c813d9122513e3861e95c31b04e8e591
-
SHA1
0589d3aaf73adf54a6823ccb7a0d0f74e822236b
-
SHA256
156c7d9fff74e27007ebb62792e509051288dd172643c64b864e2f8531fdd68c
-
SHA512
bd39ee73c3ff82c0891dbbc65e80607e2f7682162ced846fd974862c1d001f526166da424ebedad4d5e0a7c51fe504ab38b9e8a44292f6301a8e9a4e1ef6ca69
-
SSDEEP
768:leA3j6pRRGwUETrZVzWVUTFHRe+JyKuqrxFmFNR6orP/6LZoi28xpK:IAAXWGTFHtTuqrxIFNR1P+oi2F
Score3/10 -
-
-
Target
bin/doload.dll
-
Size
32KB
-
MD5
9f32dd908a04a45dc26cb8c3eb2e9580
-
SHA1
5e90fa8254c5b39b020bfff901019264b3fc1ec8
-
SHA256
38878278f4914b955c135497c0b285130ce9e641434d1e70e8422ef247406dd8
-
SHA512
9902f7fdde30f9b96cd7f8ab94c726eb99fea0cde34844363b356128ef6c7f8e9188b7304cfbdff57ba59d227a9eee18ea203f669eba86b794fb68c39df99e41
-
SSDEEP
384:AY/vyBERB/0YsrYFntJDiI0l5PVk+5Es8tn8OtAomxXx:AYnME0YM4nnS5e+5dPXx
Score3/10 -