Overview
overview
7Static
static
38aaf1d86a7...18.exe
windows7-x64
78aaf1d86a7...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$TEMP/Toolbar.exe
windows7-x64
7$TEMP/Toolbar.exe
windows10-2004-x64
7content/ctoolbar.js
windows7-x64
3content/ctoolbar.js
windows10-2004-x64
3components...rch.js
windows7-x64
3components...rch.js
windows10-2004-x64
3components...bar.js
windows7-x64
3components...bar.js
windows10-2004-x64
3components...rt.dll
windows7-x64
3components...rt.dll
windows10-2004-x64
3components...ax.dll
windows7-x64
3components...ax.dll
windows10-2004-x64
3components...icy.js
windows7-x64
3components...icy.js
windows10-2004-x64
3lib/xpcom.js
windows7-x64
3lib/xpcom.js
windows10-2004-x64
3General
-
Target
8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118
-
Size
2.3MB
-
Sample
241103-k47sratjfl
-
MD5
8aaf1d86a72c368a9829b612d821bc21
-
SHA1
ce40e0e028dad42efa6328187675d53afa9456cf
-
SHA256
a82813a2a0b36112fc4564ad643fa5718f2753bde00d635539b85768b765353c
-
SHA512
01f4f6ab8b535008e6037271ad38285a31adb903a6063dab0ed8c8a8b57c3e596e5051581f532c0ce5bd356f8e981ab5bb1d282cd7991b79bf3c5b4d555cc9b0
-
SSDEEP
49152:7V1YhUv9hGbwAjpdtT13aGgU6pF6mLFI1v/Hji9z2oFkZbDvNiGvi:7vYh+zuwMa93VOHj9oFk1D0G6
Static task
static1
Behavioral task
behavioral1
Sample
8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$TEMP/Toolbar.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$TEMP/Toolbar.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
content/ctoolbar.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
content/ctoolbar.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
components/ConduitAutoCompleteSearch.js
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
components/ConduitAutoCompleteSearch.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
components/ConduitToolbar.js
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
components/ConduitToolbar.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
components/FFExternalAlert.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
components/FFExternalAlert.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
components/npmozax.dll
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
components/npmozax.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
components/nsAxSecurityPolicy.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
components/nsAxSecurityPolicy.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
lib/xpcom.js
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
lib/xpcom.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8aaf1d86a72c368a9829b612d821bc21_JaffaCakes118
-
Size
2.3MB
-
MD5
8aaf1d86a72c368a9829b612d821bc21
-
SHA1
ce40e0e028dad42efa6328187675d53afa9456cf
-
SHA256
a82813a2a0b36112fc4564ad643fa5718f2753bde00d635539b85768b765353c
-
SHA512
01f4f6ab8b535008e6037271ad38285a31adb903a6063dab0ed8c8a8b57c3e596e5051581f532c0ce5bd356f8e981ab5bb1d282cd7991b79bf3c5b4d555cc9b0
-
SSDEEP
49152:7V1YhUv9hGbwAjpdtT13aGgU6pF6mLFI1v/Hji9z2oFkZbDvNiGvi:7vYh+zuwMa93VOHj9oFk1D0G6
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
31KB
-
MD5
83cd62eab980e3d64c131799608c8371
-
SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c
-
SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
-
SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
-
SSDEEP
384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
fa5beae80dba254fb6c21b58265f5310
-
SHA1
f2f776611dbbb157b151aa744a7e0be1d4b8c079
-
SHA256
34b8a2130729064ca2f9b3b8e6f90d883d84662156b648a4eeccefefc3473269
-
SHA512
7c74b9e9f1ff0665ffd6fcf76fca462d9f4fbd7c4a215bc67b419497ef4c3cb9cede6c5b0803cabb316bc5391c4c6f0d578d36e1094b8ed326b140f8e272b538
-
SSDEEP
192:06JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTZK72dwF7dBdcQOz:06JaVh4I5rpPbTZ+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
7eaad8c651cdeb4a71355b10dbe8d17b
-
SHA1
1ef6cf4f98c7f20238e548dc6cdb270b741cfe8b
-
SHA256
fad96602241e65daeef96b559092e7efa2c3b68948a65f1bd7f126b9963df468
-
SHA512
6f7867774bfd82b1d12d0db5479e9539440ebfc6fee54aafc4381edea8fdccb89a9521a60b5f907033c147c805e6f541ec534c56bfe5f7354c55ca04df5175b9
-
SSDEEP
48:SnHsOVN7ZTPUptxEwvB3UAKxwLJXyTpXfaV4MOa1n8iwuf0//nDGkaEJPof5MKIM:Y7ZDGEQ3zLJX6d6pOun8iwY0//npEO
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
6b85b2ff78fe0e04b5f0d4e996f0d62e
-
SHA1
4507dee0b963080cbd75c383fa4650c7b99907dc
-
SHA256
c7a033bb91be5487d93cc402d27e4e893ba39b37a121f60c9dbef5bdf02e52e7
-
SHA512
84cbe4c2ecefd5eaa01ba5c1063056aed5f62a6ced32876c591bfb2bbe8688a020d02573a5f419cac2362579021fe2b4c6abf7e5d619de8178028db49d53e84b
-
SSDEEP
192:I4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12wgszA:IysdM80dCI5a2LsQ5IlPNRY00AlAMU
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
17KB
-
MD5
09caf01bc8d88eeb733abc161acff659
-
SHA1
b8c2126d641f88628c632dd2259686da3776a6da
-
SHA256
3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478
-
SHA512
ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa
-
SSDEEP
384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk
Score3/10 -
-
-
Target
$TEMP/Toolbar.exe
-
Size
1.5MB
-
MD5
9a6c289af5711e3fa5a667106261530e
-
SHA1
6781eb8ac003b8614afd39a697bcee44774c4cfd
-
SHA256
8dc42315b31c963409c749ec9ffe0a1372012ca2c1096fe37bba86c0bbefb28b
-
SHA512
1010af03473ae975ea9b7ab1947458d6b470ccf4f545782baac4814cc856559053a55ab420927bab44abc5197f6bc18296122481d97b96e3f0ccf76f9bf8a285
-
SSDEEP
24576:jykCLM9FU4J0ds+lGJFAxqRK43dAa1JGTwNp8I+Ii/MhnlA51YADVIxZCFWtv35M:2knyUYsgGbdrdAa1JGTgWIysAZIfC4fO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
content/ctoolbar.js
-
Size
1.4MB
-
MD5
81854c14179831516513c5ccb563b4fb
-
SHA1
0dde6b3d92831f52cfba5e2e712b705252853d0c
-
SHA256
bd9835b232cc0f137f185e926bb763e6b7c893951915491d636594ed12215a74
-
SHA512
d84f80c19cba9db0adba2a0533004df7f47c1633d75228f8228b2f1e0cd8eb39827b606e1aed00bdaecab6c7eea47c167dd486d86074336dcd76a4f34c778a7e
-
SSDEEP
12288:VGZpQqzSgRLigxe5GgUCT2IMsoMOtn93TDVjqgKnu9lw4M3:opQqzSgRmGgx2Xs3Ot93TogKnu9l63
Score3/10 -
-
-
Target
components/ConduitAutoCompleteSearch.js
-
Size
12KB
-
MD5
e0e9e9198ae40b8e6cfad7b3e2161607
-
SHA1
2cf910c4c0aeefb02338e700b680047b76d96866
-
SHA256
5071fe441676d6e9219655eda341fdb6ce6f4d69c30fc6650129ca8bd2d79789
-
SHA512
0ba3666ea27a4f1dbd9e758f271cc9ec6956c7beacd76f4fb7d347b1a0091128fcb98761b12466dafd4a968925f460eb4f79bd309549b1aba7a7faa0929883b7
-
SSDEEP
192:uk/M++iFddQBM8N3jvxpZ5HAwxkDxbUd0xT/ibv:ukEFiLdTOl5HAckDudh
Score3/10 -
-
-
Target
components/ConduitToolbar.js
-
Size
3KB
-
MD5
6ad947075cd7ba10c12b46f123af869b
-
SHA1
51aa3b67cb9cede08d4195125105dc80ba36a5fb
-
SHA256
e7bf78507ff508ac262141fb760506aa66d6ac247277563459fb869b2e8a70a1
-
SHA512
f5b2fe59b7d062881cb4550b94cd0af0f6f9cb1280a35ae96b6a34476af80d5854ee52958e96d203ed57fba4cfb5f22ad477e9efc7e08501760a60a3c4b57b6a
Score3/10 -
-
-
Target
components/FFExternalAlert.dll
-
Size
51KB
-
MD5
d0a352aca3ad8730fe761238c3d58aec
-
SHA1
1062b4d0e5b782d342ce914cc139645b9655a73b
-
SHA256
d7787b19504cca0064f689b0fe28f98aa3e8d63f0f7db5bbcfb2186673a4b746
-
SHA512
a9ede88c114cc520a291f401666960a37c4bd31d774272800121e3931cfff2b8ae72ca387f361438ba1fe423d69ea928e69280a5f872ac7cd529c3dc973d9e07
-
SSDEEP
768:r6LJb2Im8e7+eV8J77AtaV2O2nn388ip0oaCoMCl5YRRG9s:r6p2ImiXcA2npKDRRG9
Score3/10 -
-
-
Target
components/npmozax.dll
-
Size
112KB
-
MD5
bb2fd4632cbf410c584bab0be026b733
-
SHA1
da1433810446595bb38fdbc3a664ffb09e81d06c
-
SHA256
1056248d3674adbc9e33e81f836a578b0e830c054da5a35723fe7072976c3ba6
-
SHA512
541b333b24e5943ba7d8d5ca052b450138d51b915760dfa512e7403144738994995358ea0bc4304f7aa75e28b6a4a6cd04f608729d100bd6c5dce40f68d4a631
-
SSDEEP
3072:fd8cpf3GOywbdopQzdglm4c0j9G9rAiYIH9Lf:fxe3wbdXdgRcoGpPjd
Score3/10 -
-
-
Target
components/nsAxSecurityPolicy.js
-
Size
8KB
-
MD5
c982f14a117ca444fcd4e558684e72ad
-
SHA1
d349adb454d434939ad56937dfc6b77bc9bcd1b9
-
SHA256
fe1cf8b6c350ce8b890ab8aa1c2e8441dd9c672b43439e6241bd90b63bee3718
-
SHA512
8ce89bcdd31f3b8c529a14255f69c684216eaab44987612b094f1a2c2fed94fd43877caad56fb082eabf1e2de20870b9e681e2f2b04baf55fae1fa847a95b560
-
SSDEEP
96:8HeHqTzNT0oIOyYDVvJR0zrvwby0eNPNEla0cOnJujv/abPHJ1F9jYuOonoDZt9B:vH0zNT0KyYJKFSSaaml/KgXD4vb
Score3/10 -
-
-
Target
lib/xpcom.js
-
Size
354KB
-
MD5
128c72f8fc25c9ddd5e0c436bcd6354b
-
SHA1
85a6b490a9c9ddc648c78b5420b0994aa0b87e89
-
SHA256
dad7560eaeadbd1058d9a3231d0eb412f651e26d20a6509182ab9be122610272
-
SHA512
f652f4a7aaafc4273b94ecfd8e72a1f2e453247c524ffd1dbb21fe7a7670a58bcb1a1287f63108bb6b5c9c27c1baa782c417ff0f4f2e7aeb403c0af7a961f9e5
-
SSDEEP
6144:fu1sGr8AmtUkG9pBTXgCHwchdjYcK7/rny+UIuB:21sGr8AxK77y+UIuB
Score3/10 -