Overview
overview
10Static
static
3c35b3b6eac...18.exe
windows7-x64
7c35b3b6eac...18.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3CI3.exe
windows7-x64
10CI3.exe
windows10-2004-x64
10GLWorker.exe
windows7-x64
10GLWorker.exe
windows10-2004-x64
10Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3bass.dll
windows7-x64
3bass.dll
windows10-2004-x64
3readme.htm
windows7-x64
3readme.htm
windows10-2004-x64
3General
-
Target
c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118
-
Size
14.1MB
-
Sample
241204-trlt7awmdk
-
MD5
c35b3b6eaccc5e4912c1555080dc76cb
-
SHA1
c1a2b32895b0d7ea25927d350e87bc6537d7685e
-
SHA256
c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24
-
SHA512
2b1c031915ab714a2bfa8d6e1c6e28fd35ca6650e776ce585d5196261bbb5347994f48009cf39f2cde48dd7cbd2b8baf90d530ec52da5ae51251e422789baf64
-
SSDEEP
393216:2vxV/QEoCv8ESxOmi6XmaGnPTOna6mefoehwnDBBDO:uV/QEbAX4rOna3myvD
Static task
static1
Behavioral task
behavioral1
Sample
c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
CI3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
CI3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
GLWorker.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
GLWorker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
bass.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
bass.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
readme.htm
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
readme.htm
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c35b3b6eaccc5e4912c1555080dc76cb_JaffaCakes118
-
Size
14.1MB
-
MD5
c35b3b6eaccc5e4912c1555080dc76cb
-
SHA1
c1a2b32895b0d7ea25927d350e87bc6537d7685e
-
SHA256
c79f2f6cd70358a2df2382bcb191aa6f22ba0d17d547e1e2c4350d0546c9be24
-
SHA512
2b1c031915ab714a2bfa8d6e1c6e28fd35ca6650e776ce585d5196261bbb5347994f48009cf39f2cde48dd7cbd2b8baf90d530ec52da5ae51251e422789baf64
-
SSDEEP
393216:2vxV/QEoCv8ESxOmi6XmaGnPTOna6mefoehwnDBBDO:uV/QEbAX4rOna3myvD
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/Dialer.dll
-
Size
3KB
-
MD5
18adbaf253b4483e59a94be06a9135e9
-
SHA1
e096e87c93c80077d9726a585e52af2d46fa61ec
-
SHA256
62f01d82e12633f1aa677a6c8c2e34316ab422d240179d8bac8ce6582f84f6f4
-
SHA512
2ec8ef2486f631e63ab357420535eca64f7d7c369988967fe46adf58a6f12944de385b8002436b1ddc1e88cbc6968c6981caa0bb10168a073644fd9c2ec87f83
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
714e0ecd29f9ec555f350f38672726c7
-
SHA1
555b1492e782d7a30f280f2aecb64c642c1aaad3
-
SHA256
21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
-
SHA512
ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
-
SSDEEP
192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
28052e87fc73e2aad1db2db35eba62e7
-
SHA1
72e4c599b45605e36aa5fe7b39caf1eba531328f
-
SHA256
ca0b34b6d8ea4638f620f250539301164b6a300f679b96e22a0b1f03f5e56440
-
SHA512
7759923e6c29a43dedee73ae0540d47b33a2861d6f3c0520deb90d068978494dbf01dde2974413699b2008306dbd753bdefdb5a78d4745d064ad6a5a3163fed2
-
SSDEEP
96:VgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tK3hhEl7y:VgiqVPgK8K9eIdE9B/tWhg7
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
960a5c48e25cf2bca332e74e11d825c9
-
SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876
-
SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
-
SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
-
SSDEEP
192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
14KB
-
MD5
a5a4cee2eb89d2687c05ef74299f0dba
-
SHA1
b9bff5987be422887f2f402357b47db2288a1a42
-
SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963
-
SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0
-
SSDEEP
384:yck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2xE:yck76gibLCMLDLCx04HNVxE
Score3/10 -
-
-
Target
CI3.ifn
-
Size
2.4MB
-
MD5
7fc7d17fe99e96b403224b6d0363f6e8
-
SHA1
a892e59ccb3b95ad8e50ab8bcfa9925b92c219fe
-
SHA256
15c5e0826a4ec78ae00ccff64a3a63e365a6dfb2cd3efa87608e88ab45ec19cb
-
SHA512
9c3cfdbb3b93b61d9d38e65c9a1ab1da5bcbe6f428a6eebae53ea70fa1076c5996e9085a231cabe5c5cc1ca366880901f9c1f15a8cb8fcdc5f811f49323ffe8c
-
SSDEEP
49152:unEwQWnvUTHKW6NUUOnfPd5wydwdqWiK+l4/qB:unEAkKW6CUAfPSdZiK5/Q
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
GLWorker.exe
-
Size
1.8MB
-
MD5
cd5c3746a0c9c36e4fa7c60f780b53c3
-
SHA1
38b818925e8687b3a03a5c04e277bd4c9067136f
-
SHA256
2fd882b6b2204bde9322d770a48e8bfdabc17d879840abee9952876c76591bd8
-
SHA512
1094185d4e506f1da33ad437845332f42d5d82e9af06a2620502c5b7d23a25e08df0e7511c5c2b2a17aa7f4344ba48dfbbec70029b2580bf3b6d840bec18b002
-
SSDEEP
49152:IzroXxa1qMtyV1MtyfJTkbzvTrOnfPd5wydw8p:IzroXxa1qX8RbzLrAfPS8p
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
Uninstall.exe
-
Size
93KB
-
MD5
09028d06b307f49555dffb76dc82c880
-
SHA1
8f187451912fa4b5e0e3de3406d1d426e48f3fc1
-
SHA256
0b0b36f894a702ac55405422733ccb22506c68e29848ae7eac9f0a4ce8cc597a
-
SHA512
505f537225eefd85f94c0807b7452c1df41c32f6d79203a2e9a5cc166385605176a68217808e505389e08fb8a61211728643ab4acea381e06dc23145c257c94f
-
SSDEEP
1536:zCaIoX1oYOcbTMV88TXJLE/oRdvislP2jLE+Db6FPhjtxQsOk63dcBuX6gSzR/7e:zCaZ2Yrb0VTXJY/oqsl6D0ZWX3we6Z9a
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
714e0ecd29f9ec555f350f38672726c7
-
SHA1
555b1492e782d7a30f280f2aecb64c642c1aaad3
-
SHA256
21fea4cf18de8e25d0ffa3375699150fcd04e6d470358696f2dffdd3fc09d7f3
-
SHA512
ced5814f25b688d1ede5a1395bcca69e1a0cba260104f156dc03de6ebb2015f6d832fed86ac234c36a10a75be33f489a63c8bd6111e3aaf4b078af1d94b00312
-
SSDEEP
192:qcOqQ13v5z+dHeMR2QwHu5S9i/yULWWBZYJCSJyejiK72dwF7dBKEw:qcW13v5SdHeMRRKkwseji+BV
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
960a5c48e25cf2bca332e74e11d825c9
-
SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876
-
SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
-
SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
-
SSDEEP
192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score3/10 -
-
-
Target
bass.dll
-
Size
90KB
-
MD5
048e4659465b2f39511cf2e81a7e5a3b
-
SHA1
f447e872bb8d0878d9a708ff661be523361464dd
-
SHA256
fda6a046ccaa6bbb1a5f7c75e9ff7d936aaf841d1fbced495141604dcac081a8
-
SHA512
24cbd4dbe0fb6288611317f91de0c67d4c0012935a61361bdacaac679ed677477a2c7b4a9f3ca050b2b2a92fb188e874bc81b0f18462198ae2817c9df6cf71c2
-
SSDEEP
1536:DClBV+haFHIrvX3EyeswkxJd342m3OQ3m/FlXZOelGqNYQrEEqpeqsyFkXzLx4l7:et+UForv3ELkNpm3Ok2ZAwGSYsE9peqt
Score3/10 -
-
-
Target
readme.htm
-
Size
9KB
-
MD5
5b96088417f22f5e29a2e4085001c336
-
SHA1
3e65d8e17273abfdde2d03d01d112e0672db4cc0
-
SHA256
8505c9dcfb645ebb69674413fd343ae032b17655b870aa0ec05527fb0725e21e
-
SHA512
31cf772129525a9a31502715ffdc3b48144a294bb54e092a943de0d6218e31e873687e025572502c518fb733f90747a8967a2d0022f5af3ba166b1d34626c7df
-
SSDEEP
96:SM7bUxV3bpKQj6ZVcZPBPMDhi7aJr0QDBcjrfB/7fZN+D9oP0Bq+XEZuZSbuJgr:Sz+ZViPBChi7aOZE9oFZZv
Score3/10 -