Overview
overview
7Static
static
57f2c76f4b4...18.exe
windows7-x64
77f2c76f4b4...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3ecodec.exe
windows7-x64
7ecodec.exe
windows10-2004-x64
7uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7General
-
Target
7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118
-
Size
67KB
-
Sample
241030-pfgnwa1rhs
-
MD5
7f2c76f4b48e3e9049e2ca489f3baa65
-
SHA1
b3af4036f441add13f53bf4a5d423212846eb18f
-
SHA256
ea2cdc4c471b848f7af7034fe254f4266a6f12760a36071c6382031e77d46409
-
SHA512
0511b64b766eafed839ff567e5945d2034b336ca9d515072652b9dbcd6e071e0d1d149eb8065a9f20f5a4d899073fe904df87d143f854212bd2687b81e99b10b
-
SSDEEP
1536:QRy2z1vp1qyTCDoFnjSPpCIKavqmtP0H9qb5E5pjEzktdJKavA:QXzNqyWD6JIKayPMFE55dlKaI
Behavioral task
behavioral1
Sample
7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Loader.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Loader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
ecodec.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
ecodec.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
uninst.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
7f2c76f4b48e3e9049e2ca489f3baa65_JaffaCakes118
-
Size
67KB
-
MD5
7f2c76f4b48e3e9049e2ca489f3baa65
-
SHA1
b3af4036f441add13f53bf4a5d423212846eb18f
-
SHA256
ea2cdc4c471b848f7af7034fe254f4266a6f12760a36071c6382031e77d46409
-
SHA512
0511b64b766eafed839ff567e5945d2034b336ca9d515072652b9dbcd6e071e0d1d149eb8065a9f20f5a4d899073fe904df87d143f854212bd2687b81e99b10b
-
SSDEEP
1536:QRy2z1vp1qyTCDoFnjSPpCIKavqmtP0H9qb5E5pjEzktdJKavA:QXzNqyWD6JIKayPMFE55dlKaI
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
99bc22826a0568dce241be3a4ffd0c0d
-
SHA1
62e4662250abdf10d23a61076fd7cbd00a5c5b6f
-
SHA256
120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
-
SHA512
35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
-
SSDEEP
384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score3/10 -
-
-
Target
$PLUGINSDIR/Loader.dll
-
Size
7KB
-
MD5
41c12def7cf9671ac96a86a6836957c0
-
SHA1
b7b7db1228a26aafcc743e28ff7590838fd78bd4
-
SHA256
6460ed29e01cf60f996ecaded8a0ead33308b03409077a888b8f24169c0b5f36
-
SHA512
4477dbb20e7431742aaf4c7d109c8163b9e13343ec10922b71a2e735d43d3b755f92b6450dbe4539b3331c05a91fc7874ea11c5d88b28028610545a956640728
-
SSDEEP
96:mXfjbbbbbbbbb+bbbbbbbbbbjbbbbbbbbbb2jrJAbsdoZbbbbbbbbb7hbbbbbbb+:kj7dcAACWKy+3ioXdKFQ
Score3/10 -
-
-
Target
ecodec.exe
-
Size
20KB
-
MD5
6df058fb249b98f4ed608ffa7818550a
-
SHA1
219ddaf539bd93467ddef612f5abd9617751d994
-
SHA256
7eece1b441a0cd3c2256ed1d80b75862ac08f4c5b7297dcda97bae8f9eabb70d
-
SHA512
7317f8dd7025bd8523c3ed17a85e5fc29eff2d197b89c888e79171771972ddf6b81d56f511ebb00c0d44205015afbf74df9a4bccaf0d688ecdc41239a2af1c73
-
SSDEEP
384:3WKOv936ghsEN7+Vy9+HWhYqsv8b5E4s3Hp4nR8vcNh1StRepq1VaIY:Gh36ghsE/0HWhYx8b5E4iHpsR8Ez1jph
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
uninst.exe
-
Size
25KB
-
MD5
12a81aff564d073677d7611eff057d61
-
SHA1
bc7f03bd50eb94e1e1d500f34be411f22bdf8e31
-
SHA256
d8026f232db673ca39e1b6c29259154ead3c1168b691ec53ad688e3dacdfb587
-
SHA512
8b8646374b3b26c3a72d66d9c6ed9ca34f9a468ae2fae715d761ecb928e0a833803ccd590dcecc462581f494d5500fbee0cac1d805755e9a12f8d5cf71bb4a92
-
SSDEEP
768:ZuRCh2z0adtF28eQPH1NHo9slGMTC41SJKU7vbU:QRy2z1vp1qyTCLJKavA
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-