Overview
overview
10Static
static
108512ebf391...18.exe
windows7-x64
78512ebf391...18.exe
windows10-2004-x64
7$APPDATA/p...ry.dll
windows7-x64
3$APPDATA/p...ry.dll
windows10-2004-x64
3$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...nd.dll
windows7-x64
3$PLUGINSDI...nd.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...te.dll
windows7-x64
3$PLUGINSDI...te.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
5$PLUGINSDI...om.dll
windows10-2004-x64
5$PLUGINSDIR/xml.dll
windows7-x64
3$PLUGINSDIR/xml.dll
windows10-2004-x64
3$TEMP/$_53...in.dll
windows7-x64
3$TEMP/$_53...in.dll
windows10-2004-x64
3WoWBox.exe
windows7-x64
10WoWBox.exe
windows10-2004-x64
10uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...nd.dll
windows7-x64
3$PLUGINSDI...nd.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3General
-
Target
8512ebf39126afc00e171b784940c5f1_JaffaCakes118
-
Size
5.8MB
-
Sample
241102-mwlxes1pg1
-
MD5
8512ebf39126afc00e171b784940c5f1
-
SHA1
d79911fb1f18482dfeeb4dbc9ea7c76966255bdc
-
SHA256
b58ea9bb8dd69dd81aab6c75466487b9f0e23c5f5c473d22bc7bffa5ef9cfbed
-
SHA512
fa089d7dc4c924e3937aecd9b5afe1a31d6dbc38d4d748d2ec01b2e3b7bf08ee3f2ee7ffe158fc9057cf515773e84eed20e5a97a059e182835c9aa26e85930ce
-
SSDEEP
98304:giPJkcQ8qcmyKhMT9Ozzq9CUt1XfxSG9YA+Sg2UNct6N4h3hqCaRx69LEg4upOY9:HJ/HqcmbMhAuCUTf9txRUit6QqCa4LP5
Behavioral task
behavioral1
Sample
8512ebf39126afc00e171b784940c5f1_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8512ebf39126afc00e171b784940c5f1_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$APPDATA/pipfactory.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$APPDATA/pipfactory.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/K8NsisExtend.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/K8NsisExtend.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/locate.dll
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/locate.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/xml.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/xml.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$TEMP/$_53_/K8Skin.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$TEMP/$_53_/K8Skin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
WoWBox.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
WoWBox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
uninst.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
uninst.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/K8NsisExtend.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/K8NsisExtend.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8512ebf39126afc00e171b784940c5f1_JaffaCakes118
-
Size
5.8MB
-
MD5
8512ebf39126afc00e171b784940c5f1
-
SHA1
d79911fb1f18482dfeeb4dbc9ea7c76966255bdc
-
SHA256
b58ea9bb8dd69dd81aab6c75466487b9f0e23c5f5c473d22bc7bffa5ef9cfbed
-
SHA512
fa089d7dc4c924e3937aecd9b5afe1a31d6dbc38d4d748d2ec01b2e3b7bf08ee3f2ee7ffe158fc9057cf515773e84eed20e5a97a059e182835c9aa26e85930ce
-
SSDEEP
98304:giPJkcQ8qcmyKhMT9Ozzq9CUt1XfxSG9YA+Sg2UNct6N4h3hqCaRx69LEg4upOY9:HJ/HqcmbMhAuCUTf9txRUit6QqCa4LP5
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
-
-
Target
$APPDATA/pipfactory.mod
-
Size
65KB
-
MD5
d04438de49859c75d1ab799eab828c35
-
SHA1
8c778878a7b3686d7535d2d7acc65910c93ef3f7
-
SHA256
09e5f0f9c441129dccbe32cedc46c1f6336a8ff7a5b76fc1ac357ff86374b5db
-
SHA512
c0a39dc638370dae246e5939f7f1b5c9316083c18b0e6a4b70035c6d690107da26867147f78344a469c14431df48149f97d61d4693ce8b557469631b22b25c49
-
SSDEEP
1536:lNY53EAa7+OlucJD0qTZFgg/HULPO/oZGhcOtUBtIGaxCa:lNY53EAaBLJ0qTPg3P8oZGhcOtUBY1
Score3/10 -
-
-
Target
$PLUGINSDIR/ButtonEvent.dll
-
Size
4KB
-
MD5
fad9d09fc0267e8513b8628e767b2604
-
SHA1
bea76a7621c07b30ed90bedef4d608a5b9e15300
-
SHA256
5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2
-
SHA512
b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805
Score3/10 -
-
-
Target
$PLUGINSDIR/K8NsisExtend.dll
-
Size
232KB
-
MD5
c65f6245d1103e97e87ac3108d920d4d
-
SHA1
c5519d1137d6b94de28f62bba9442b9fd956f340
-
SHA256
c1ea3139cf606f73bc922fdedfb48624aab787661adf6159f86925a2150b06ca
-
SHA512
76da042211f2bc1bba233031690018d967efa9ef567ee8b8fd7fc4931f95c9e27209c42d9a56bf0b773374557918816ba1580895a50bbcc2c1e7e15962256b3c
-
SSDEEP
3072:TFiGaWvlNss4dHseo/vyNl12cqc53TARnQbPZUcYb3G11S9ltJ2KtjnRem1m3:TFikstdc/q312cqmAibacdIESet3
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
254f13dfd61c5b7d2119eb2550491e1d
-
SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6
-
SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
-
SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
-
SSDEEP
192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/locate.dll
-
Size
17KB
-
MD5
7d3317f57c1a368480ace3c0ca804eeb
-
SHA1
d4c7e185bc64aac82339f51ba6c21cf0713c9f1a
-
SHA256
d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372
-
SHA512
5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a
-
SSDEEP
384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
ab73c0c2a23f913eabdc4cb24b75cbad
-
SHA1
6569d2863d54c88dcf57c843fc310f6d9571a41e
-
SHA256
3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
-
SHA512
99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
-
SSDEEP
96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
Score3/10 -
-
-
Target
$PLUGINSDIR/nsRandom.dll
-
Size
21KB
-
MD5
ab467b8dfaa660a0f0e5b26e28af5735
-
SHA1
596abd2c31eaff3479edf2069db1c155b59ce74d
-
SHA256
db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
-
SHA512
7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
-
SSDEEP
384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
-
-
-
Target
$PLUGINSDIR/xml.dll
-
Size
118KB
-
MD5
42df1fbaa87567adf2b4050805a1a545
-
SHA1
b892a6efbb39b7144248e0c0d79e53da474a9373
-
SHA256
e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845
-
SHA512
4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d
-
SSDEEP
1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK
Score3/10 -
-
-
Target
$TEMP/$_53_/K8Skin.dll
-
Size
376KB
-
MD5
6f2e568ad29d065ecb9073e0e943158b
-
SHA1
1d6f747b5abe0ba06eb70a4f93a2dfe046342094
-
SHA256
2f2f55967767478491d982c07d7197db914a3cf22d57b9ded917c1e9173f8431
-
SHA512
8cacbf539926f7a7f4be1963ef92fd83facbce7d68f1a2c9cc0554a86b2307486f00b3d678f417746db054654d0c9c1675a9d0633b01817153ca5168a0c7de47
-
SSDEEP
6144:nImZpwTL5wSOo1tyWdMb23N/JWTPzLf/yOYRVvoB7sHHSwF8irmRtBQaFBbkYmU+:nImvwTL5wSOo1tyWdMb23N/JazLf/yZ1
Score3/10 -
-
-
Target
WoWBox.exe
-
Size
2.1MB
-
MD5
4005f6935569c34b39e4faeeccdde17a
-
SHA1
d7056c7627043f41f401b893f790cdba0c1a99d5
-
SHA256
4a54a37b88700b28dc2fad3d772df86c5aacdf9a607dda4429a3a90317ddf946
-
SHA512
fbd1dbd4a9c2669897cf811a3fe69b32496d667c09f821a3a9ac76bd3f00d0a13675a73c650e6ba03adc7da8b98c80db29b118f388c8d100c79f1e402487d1a7
-
SSDEEP
49152:zinbTv9g5WNfV9XrnOVsAxq20YaErpVS55Id60bO70y37ebp5ZaKb:zibDT9qVseq20YaEVV7csOj37ebUKb
-
Detects Strela Stealer payload
-
Strela family
-
Loads dropped DLL
-
-
-
Target
uninst.exe
-
Size
1.8MB
-
MD5
0476fe3408086ad9503632c5c3b084f3
-
SHA1
3d2c4cae38f9faccb05f3b6d1e653661f5397807
-
SHA256
eabd927f02c19fcce33816f42866f2fef7aa24910bc1b692497585ecc4007611
-
SHA512
b7bda3fccfc420be4203cfeb7d089f9c2b821e158e59801640af0e35ba24144c36f0db50cc047d937507bd3fb88f1f4270e091b0547a365741dc555280eebb81
-
SSDEEP
49152:dBewS4SitFdq7kGpM6/cEbTWbf2UIhXdK2WP2nU:P1V9/GN2+ndK1KU
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/K8NsisExtend.dll
-
Size
232KB
-
MD5
c65f6245d1103e97e87ac3108d920d4d
-
SHA1
c5519d1137d6b94de28f62bba9442b9fd956f340
-
SHA256
c1ea3139cf606f73bc922fdedfb48624aab787661adf6159f86925a2150b06ca
-
SHA512
76da042211f2bc1bba233031690018d967efa9ef567ee8b8fd7fc4931f95c9e27209c42d9a56bf0b773374557918816ba1580895a50bbcc2c1e7e15962256b3c
-
SSDEEP
3072:TFiGaWvlNss4dHseo/vyNl12cqc53TARnQbPZUcYb3G11S9ltJ2KtjnRem1m3:TFikstdc/q312cqmAibacdIESet3
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
254f13dfd61c5b7d2119eb2550491e1d
-
SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6
-
SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
-
SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
-
SSDEEP
192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -