Overview
overview
10Static
static
3a112e40270...18.exe
windows7-x64
10a112e40270...18.exe
windows10-2004-x64
10/tbu01...in.dll
windows7-x64
/tbu01...in.dll
windows10-2004-x64
/tbu01...mm.dll
windows7-x64
/tbu01...mm.dll
windows10-2004-x64
/tbu01...ne.dll
windows7-x64
/tbu01...ne.dll
windows10-2004-x64
/tbu01...in.dll
windows7-x64
/tbu01...in.dll
windows10-2004-x64
/tbu01...em.exe
windows7-x64
/tbu01...em.exe
windows10-2004-x64
/tbu01...am.vbs
windows7-x64
/tbu01...am.vbs
windows10-2004-x64
/tbu01...br.vbs
windows7-x64
/tbu01...br.vbs
windows10-2004-x64
/tbu01...er.dll
windows7-x64
/tbu01...er.dll
windows10-2004-x64
General
-
Target
a112e40270437a236bdd9dfcc948a571_JaffaCakes118
-
Size
1.2MB
-
Sample
241126-k7hb9svkhw
-
MD5
a112e40270437a236bdd9dfcc948a571
-
SHA1
8a986bdf5b0271e563879d322f4cb0cb9baba466
-
SHA256
1558335060381a3a45cbd49ea18742a4d1f2bb7660905ba07fc01a215cc792d9
-
SHA512
943099e0d4a2f13437eef1a7b0dcdf72a3b3a7c78d5daaf9882b0433f2b5a06e53964b470b47a0585c2999707cdb663a460515360bbc82af83cdb827f273b48e
-
SSDEEP
24576:8RWbHmsmKbRL6lzZXgfWDzyMM65tkU3ytel:8AbHmsXRePXgfWDOMjkU3KQ
Static task
static1
Behavioral task
behavioral1
Sample
a112e40270437a236bdd9dfcc948a571_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
a112e40270437a236bdd9dfcc948a571_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
/tbu01932/autofill_plugin.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
/tbu01932/autofill_plugin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
/tbu01932/communicomm.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
/tbu01932/communicomm.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
/tbu01932/scengine.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
/tbu01932/scengine.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
/tbu01932/spellchecker_plugin.dll
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
/tbu01932/spellchecker_plugin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
/tbu01932/spyrem.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
/tbu01932/spyrem.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
/tbu01932/ssceam.vbs
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
/tbu01932/ssceam.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
/tbu01932/sscebr.vbs
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
/tbu01932/sscebr.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
/tbu01932/tbhelper.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
/tbu01932/tbhelper.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a112e40270437a236bdd9dfcc948a571_JaffaCakes118
-
Size
1.2MB
-
MD5
a112e40270437a236bdd9dfcc948a571
-
SHA1
8a986bdf5b0271e563879d322f4cb0cb9baba466
-
SHA256
1558335060381a3a45cbd49ea18742a4d1f2bb7660905ba07fc01a215cc792d9
-
SHA512
943099e0d4a2f13437eef1a7b0dcdf72a3b3a7c78d5daaf9882b0433f2b5a06e53964b470b47a0585c2999707cdb663a460515360bbc82af83cdb827f273b48e
-
SSDEEP
24576:8RWbHmsmKbRL6lzZXgfWDzyMM65tkU3ytel:8AbHmsXRePXgfWDOMjkU3KQ
-
Ardamax family
-
Ardamax main executable
-
Loads dropped DLL
-
-
-
Target
/tbu01932/autofill_plugin.dll
-
Size
244KB
-
MD5
f43d684c3673aeb364e4549f62cf6a7e
-
SHA1
eb0448cf354d3b1abe767e80a115e1712734e967
-
SHA256
ebf969fec0e8c9ab5d2dd1b9a809615e5bbca0437cae20ea50b2925b17f72a97
-
SHA512
886cc9c778734b939faf9e3202ad8e120adafeba4f9937fc33bbadf723c65bc1c5e1b9070f7ac60d4a9639512282feb08c2d92425fb71e85ddb50ac78013a6df
-
SSDEEP
3072:sZS8/IJIrTyHqSavFbR2019Y0FO8hSFXWuWKgGZoYVLBeJvgA4QH3Mm:eS8/nGHqnvFbR2o1FdOWuWKNML3x
Score1/10 -
-
-
Target
/tbu01932/communicomm.dll
-
Size
1.2MB
-
MD5
c20c1fd1a46880d06736b43e5ff0062b
-
SHA1
10161a72c9f25270bc56c09f453e9d8fbb0a3849
-
SHA256
f711613ee8f75abf45cd3f3b20e57785e69fd709ab3db9890729e9791d4b6be0
-
SHA512
e47a4f88f1b23a46917eea788544254e45d1168a31f95ed09cbfa7a0b8f8201656bd203765706d4a8ee4616b4cdcc78a4c20485a5dd2f053a14b6ce58494922a
-
SSDEEP
12288:Cy2CrpbIKCiY+KCK8tGSJ0OEj+2G7uENds0BGQCFhMgKbAZl3bze2q4BAkf1Tm1T:bprK7C3N7lKBQCndAk9y/5OT6CeWoE6
Score1/10 -
-
-
Target
/tbu01932/scengine.dll
-
Size
208KB
-
MD5
6577a80ad844076a70603b44f44ba1e3
-
SHA1
b5b060fda75a6c95225644f137e1e65cbc10b77e
-
SHA256
244c821688564bcb683592bd84fbfdd8e8ce54be699d48648f164c029ec66035
-
SHA512
f4623dfa538fc72b4f739ed8eb054ec6618cfe46784df170c1d7186b3ca6eff6730aeb6bdbd6acf860625ec6a95e73db8164563d215492bd80d8454518bbeac0
-
SSDEEP
3072:MlE6L/TCiSXHX7LHWpP5rm+q+BNW3wHnzNqGHjoY+Vf8/cJ90uFBdvzES7tz:w7eXrLHWpP5zq+K3w7O9bBd
Score1/10 -
-
-
Target
/tbu01932/spellchecker_plugin.dll
-
Size
120KB
-
MD5
a7e0e5c28cdf9b0822fc33e073552a36
-
SHA1
0090f0be61ed98e24f5781686f73c5585e344fd8
-
SHA256
04165d906495ce8b1413cd22cd25aff21bf2b6f7f5ee3a197b24975edd8b073d
-
SHA512
0fa604a5b563a61ce52ee0d541e5fc9a25c7c4c891ebb4b23f0d3cb9a4c9a98fe0913a42718e744532fae03ee17c241262bcad3f76e386394b96c357c3984400
-
SSDEEP
3072:FR0Oh7qlpEZRPv/AdduLdIhinRon8v3ln0ONM:w87qTE7PXAdduh5eM
Score1/10 -
-
-
Target
/tbu01932/spyrem.exe
-
Size
280KB
-
MD5
83d5b6f29c5686bce69aa6999f4e074d
-
SHA1
b98cc07896b1d313e85aa839447d679d86176aba
-
SHA256
ad5ad2fe1229db247dcdd5b64fe49a588cbdc58d53e840c540cfaf9da53ce0c7
-
SHA512
5a718249d27380fdb51e1a7b9dc077c4edc528ae4aea2ab12b1a9f8740e61febc8086174195fd2a849b55866a918bc08913fb70f516b286c86b103981772fb9d
-
SSDEEP
3072:caD1ATqbXt7aMwOCuMAeWAhohG+Ccv1oQT/Hq3R3GJd67ZI:caDmTcZXwRAvGbcvtHAh8dcZ
Score1/10 -
-
-
Target
/tbu01932/ssceam.tlx
-
Size
7KB
-
MD5
77eed4b296856a919e68bc23c57580a6
-
SHA1
9800e40738eeada502730fcbf8e27e98e38da592
-
SHA256
924ef798579f1798b9ab6e7492fb3449b81c47b0af47c11c87be14e4dfab41fc
-
SHA512
37267059dd6232cd9b56333082b02f164b51cfa30296c1870367fad70bb0083848c7da600553de9e5e48536885ed9231fc75618388c460eeb9926307ede60f8b
-
SSDEEP
192:+SFO45GRBCRI8Uj/jQrt0BNjJh9q1E1fLC8PIhh:fFO45KCRSj203jJhIeQb
Score1/10 -
-
-
Target
/tbu01932/sscebr.tlx
-
Size
7KB
-
MD5
ee5c480aa68de03df03d0c8ef20bbf49
-
SHA1
968a06ce6362b2611bea5d104148fefc70f64e6a
-
SHA256
029354cff3194df395eaf2c08d30b75c256c44716c65a12ba6abbdd0910edd15
-
SHA512
08192820d289e59d1b0b6895ed9cebdf25a62d0a9a689c26c883b83030578e841e785f3032eec6e691976c4a4360727220eae69054f69dd3a4953ce54c19d83f
-
SSDEEP
192:+SFO4PDGCRCRI8Uj/jQrKRz0BNjJh9q1E1fLC8PIeP:fFO4PD/CRSjH03jJhIeQG
Score1/10 -
-
-
Target
/tbu01932/tbhelper.dll
-
Size
372KB
-
MD5
c4407679a570bef1b0171c93abd61361
-
SHA1
629eb29ca00268704ee73be12ca281c93f6c5fd9
-
SHA256
bf07e43e9ac1f11c650235b32e0e048a4f2fcd95c7787b6f61f0028467a4a3a7
-
SHA512
ee1de941dd9b5574bf15eb80e9d0b5ef552e95bfac249d1240de5bbec70a0b8dde0526ac62286c6f89024ff0fc95d1735c980f6335375de6e58314cda8bdae05
-
SSDEEP
6144:nMbm+cVHQ+PKkKoiTtKJmN9+h9mGgiht7k7qsHIcgL0J92y3/fkxwX8VmTH5zeH:ne7clKg8tKJmvs9oihK7qsHbgL0b3XOv
Score1/10 -