Overview
overview
7Static
static
7JaffaCakes...1e.exe
windows7-x64
5JaffaCakes...1e.exe
windows10-2004-x64
5$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$_10_/Exte...er.exe
windows7-x64
3$_10_/Exte...er.exe
windows10-2004-x64
3$_10_/HWSignature.dll
windows7-x64
6$_10_/HWSignature.dll
windows10-2004-x64
6$_10_/ZipLib.dll
windows7-x64
3$_10_/ZipLib.dll
windows10-2004-x64
35.1.1.4851...re.dll
windows7-x64
65.1.1.4851...re.dll
windows10-2004-x64
65.1.1.4851...il.exe
windows7-x64
35.1.1.4851...il.exe
windows10-2004-x64
35.1.1.4851...Up.exe
windows7-x64
35.1.1.4851...Up.exe
windows10-2004-x64
35.1.1.4851...ut.exe
windows7-x64
35.1.1.4851...ut.exe
windows10-2004-x64
35.1.1.4851...ce.dll
windows7-x64
15.1.1.4851...ce.dll
windows10-2004-x64
15.1.1.4851/SGTool.exe
windows7-x64
5.1.1.4851/SGTool.exe
windows10-2004-x64
5.1.1.4851...er.exe
windows7-x64
35.1.1.4851...er.exe
windows10-2004-x64
35.1.1.4851/ScdReg.exe
windows7-x64
35.1.1.4851/ScdReg.exe
windows10-2004-x64
3General
-
Target
JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e
-
Size
4.2MB
-
Sample
250127-slchwsvnfk
-
MD5
40ddc32d54a4be0ccee77eb7a9ec8e1e
-
SHA1
786cd5076fef8d8aca1e848dd73fcfcb5d624f97
-
SHA256
23d78901fd7e20c82839a32f829462e76a499674e562746f829debd2ef42bd85
-
SHA512
9b363fe3a757a09f30b3ca3dae3b3ad822ccaabf014eadaa48c70250f9ffb1df6cb34aa7020a1d9163bb30355af3776b554f7929fa3224c9e6b8ad562542648c
-
SSDEEP
98304:j0u3zA0O5Dubt8bZjNg9SvptxumXaYyhAfZluujhLqP:j0mMvRubtgNg8vpbfaYeUluujhL2
Behavioral task
behavioral1
Sample
JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/SetupLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/SetupLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$_10_/ExtensionManager.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$_10_/ExtensionManager.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$_10_/HWSignature.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$_10_/HWSignature.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_10_/ZipLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$_10_/ZipLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
5.1.1.4851/HWSignature.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
5.1.1.4851/HWSignature.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
5.1.1.4851/ImeUtil.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
5.1.1.4851/ImeUtil.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
5.1.1.4851/PinyinUp.exe
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
5.1.1.4851/PinyinUp.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
5.1.1.4851/QuickInput.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
5.1.1.4851/QuickInput.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
5.1.1.4851/Resource.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
5.1.1.4851/Resource.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
5.1.1.4851/SGTool.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
5.1.1.4851/SGTool.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
5.1.1.4851/ScdMaker.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
5.1.1.4851/ScdMaker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
5.1.1.4851/ScdReg.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
5.1.1.4851/ScdReg.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_40ddc32d54a4be0ccee77eb7a9ec8e1e
-
Size
4.2MB
-
MD5
40ddc32d54a4be0ccee77eb7a9ec8e1e
-
SHA1
786cd5076fef8d8aca1e848dd73fcfcb5d624f97
-
SHA256
23d78901fd7e20c82839a32f829462e76a499674e562746f829debd2ef42bd85
-
SHA512
9b363fe3a757a09f30b3ca3dae3b3ad822ccaabf014eadaa48c70250f9ffb1df6cb34aa7020a1d9163bb30355af3776b554f7929fa3224c9e6b8ad562542648c
-
SSDEEP
98304:j0u3zA0O5Dubt8bZjNg9SvptxumXaYyhAfZluujhLqP:j0mMvRubtgNg8vpbfaYeUluujhL2
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
6e663f1a0de94bc05d64d020da5d6f36
-
SHA1
c5abb0033776d6ab1f07e5b3568f7d64f90e5b04
-
SHA256
458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4
-
SHA512
2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5
-
SSDEEP
192:VsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5mj8ozxGUWumle:VsUHd9GN2d2iwl0impATIPdAj8Ov6
Score3/10 -
-
-
Target
$PLUGINSDIR/SetupLib.dll
-
Size
251KB
-
MD5
6a15e1ffba29f5eee8102265603f290b
-
SHA1
a47f3888628d6e3c0f9c05a802b5c1f7b8003ee7
-
SHA256
2d3282216fdba84ca77d00deac32cb7d9c03c968a8a82c1d0aaaf7c283ea36a5
-
SHA512
6ade66f73450167a1175e606bd744dfbd9a3a0207166874b4b41a11171c1bef61f11672141b45a643191801560c9dfbd772971d0ba22b43bda7514b9d6a4ce8a
-
SSDEEP
3072:PDDnuiQxi3ekNz+vlLy5h76qm1SWgRBCHGh81zbMd7ZvmfXZ3NUtZtdSnPEmP5pG:7DnuQekNz2I36bpIGGAINnZ+nPdJqJ
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
5ce52c5c52c7ece604cb5b07faf234df
-
SHA1
ab244b4a8caa29ecb24477d1cc1dd8484371176b
-
SHA256
96ac4ef189260d5d6137c27c9470afbbde382f771fef040e9a6fa3f0ca2e4ecc
-
SHA512
c42ec0d29350aa59cd783fdad542cd6dfcd983266726c1d45e7bdfcfa9a4302b2119b5081f987d967ec7a99b3b195717da3e839c9c9b8a34aeb38ca0e0d62262
-
SSDEEP
96:cXEsZNrFQiAYLvx8RxjjL82Orp2YDDBKIakCT9KNotMQl3gJk:cXEsYYLvxcSDBxan9my3O
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b9f430f71c7144d8ff4ab94be2785aa6
-
SHA1
c5c1e153caff7ad1d221a9acc8bbb831f05ccb05
-
SHA256
b496e81a74ce871236abcd096fb9a6b210b456bebaa7464fa844b3241e51a655
-
SHA512
c7ce431b6a1493fd7d1fe1b1c823ad22b582c43c8eb2fb6a471c648dd9df9953277c89932c66afd598d43ea36f4a8602e84cd175115266943071cbc8ce204099
-
SSDEEP
192:hClej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yOG:hCm2HgN4GbeWmbI4Eybogia7yO
Score3/10 -
-
-
Target
$_10_/ExtensionManager.exe
-
Size
956KB
-
MD5
309b7b8cb7ac4bb4776e6477a10d65b2
-
SHA1
173bffb374da7a963303bceed63afd378731caaa
-
SHA256
3dc52ec5cba0df1f31ec2888e4fab79f47a3273b3450d4011d18c617f35a0077
-
SHA512
ab910cd48c20f8cbeb516b163ab6db917c3056e8005001bd596b182458300788562b451ed58bc363d77e43a365633553c23eab12543a72c7099442ba42f1ec60
-
SSDEEP
24576:3SGRZqu+BVJzwbBJEo3Icf8JZT4cjYG8eT5E:3FLcdzwbBJD3jOT6lYE
Score3/10 -
-
-
Target
$_10_/HWSignature.dll
-
Size
73KB
-
MD5
1f44dac59733b07ed8dcd59d36701c24
-
SHA1
1f94c730760022d6f49de52562b8755461e6f5af
-
SHA256
8df7ca7ab51d8ec5176439b0b4060008555cd2aee8ce7288d8710ccc522fedce
-
SHA512
77656e96cdd148ead8bad218431c6301861e8f7e6104cc81ef80d180960a3201ef01b97099464d60f2035770261f28013478c85ee56b1c2897a9a94d42a50ab7
-
SSDEEP
1536:MO7Dxmyt+JrD5Vtg27vK4k75J1X/V2CRc:MOEygtZSb75J1v9c
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$_10_/ZipLib.dll
-
Size
252KB
-
MD5
a6a64eb3fe9b0e60acc54a55af6e8278
-
SHA1
527aac365292104f95527040507104fdc1ffcecc
-
SHA256
c889aad509f461baaa302ec93021f837ecf89e01f8156995f7bda9e0e34bbd1d
-
SHA512
72fcc353bb3e271aa3715c3ddbec518dd4e2eaeeb06ecaa9785b92f0d2a1127c66d9a7c40832706fb8255d137d20049651f887e6f646a66cb60cd15a86b10ac4
-
SSDEEP
6144:V8JHuqFQyIH9BcDtcCSRzJLKvGEmQQN60:6JHuqeyOBcD1wpKu5js0
Score3/10 -
-
-
Target
5.1.1.4851/HWSignature.dll
-
Size
73KB
-
MD5
1f44dac59733b07ed8dcd59d36701c24
-
SHA1
1f94c730760022d6f49de52562b8755461e6f5af
-
SHA256
8df7ca7ab51d8ec5176439b0b4060008555cd2aee8ce7288d8710ccc522fedce
-
SHA512
77656e96cdd148ead8bad218431c6301861e8f7e6104cc81ef80d180960a3201ef01b97099464d60f2035770261f28013478c85ee56b1c2897a9a94d42a50ab7
-
SSDEEP
1536:MO7Dxmyt+JrD5Vtg27vK4k75J1X/V2CRc:MOEygtZSb75J1v9c
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
5.1.1.4851/ImeUtil.exe
-
Size
1.5MB
-
MD5
9a284f64641e6f8e5219f02effa8a3b9
-
SHA1
60ba5d49b783a73cd0511542eb7075e401d1c08d
-
SHA256
d12cfef921b75df0d45c4f5c71413d03a68a5b04e227be2cf1b6d2e9694d08fc
-
SHA512
505804e5d0ee209cb30fd181e7de4b7df98678c73884918fcb5cc234f55655061b15a0aad004098f7ebcec3317a4dbc1c1628883a75733f4d918bd4131140923
-
SSDEEP
49152:dlBl81nAJfdx79w5sfYl9Bfx6TvTFtyzB:jJ1x79w5syfN
Score3/10 -
-
-
Target
5.1.1.4851/PinyinUp.exe
-
Size
2.2MB
-
MD5
152b1e0762587312658bbb1df30707fa
-
SHA1
265af2cf80c8e920a1dceba5b930cd2f96fb0018
-
SHA256
6645a2ebf9b6a80550e9e3a1a8ddd15167b3edf224fc644653c1adea1d2cfc77
-
SHA512
ca6a80b8b230c7c46da0752cc1f6d3abad630394c6173a26611ab61c0d6b21fe874bf7ac66d8a26dba8fa3d4226f45d851059e71269dc904cb0802637524de81
-
SSDEEP
24576:Rv8U0+fk31FBv3wfNK5hZvT9m54NQtMOtFPVaDT9JMKiyoa45fK4Zjw35hzZatNA:RvzNKmIvMKiDaww3FG8fvGTYpToU
Score3/10 -
-
-
Target
5.1.1.4851/QuickInput.exe
-
Size
1.1MB
-
MD5
6a5c8ec4fd58b943cea063954530b461
-
SHA1
2dce20887a098fcd1d4f75d44d78e1f1fc62c44b
-
SHA256
bbbe12b65903a9cd4677a2c743f24abaf8dbece2dd98ea731926fa35a5bd20fe
-
SHA512
efbdeb4523da05cdfe35382480dc7c6c2091e5083b1e0b5e6465d0daeef31eabd74c78f533682e5b249b184c0aaaef9a3c19eb086bcec41657e818c488deea63
-
SSDEEP
24576:3XnwEhDicOCpRBd2ZUqVol1Nv8mMqYuxm+XTRcj1N2nle:nBfc1Vol11aSXTnnle
Score3/10 -
-
-
Target
5.1.1.4851/Resource.dll
-
Size
582KB
-
MD5
8f0181abb034be415a5df9fdf27879a8
-
SHA1
d17528cd3a834a4253f9132db10bfa8332cee516
-
SHA256
1c1695162c38f5f9ad281115ca5840d581b4f2f2f85f363600bcbb9840ede5b4
-
SHA512
a9125cece9481c61fced3940e6671d9bfe21469cc7285c16fd5332c154ee68f6ab06a2e11df8a5848af137d1a3e9767e6bfd91e3e17926bbf4c7de71dc68bc65
-
SSDEEP
6144:OO4bfNEJEWLd7KnIsm3WN2HSLdCeqoU6JWrj:p4bfNAEiGIsJySLdrPJ2j
Score1/10 -
-
-
Target
5.1.1.4851/SGTool.exe
-
Size
70KB
-
MD5
db49c43d03333c29cd4fce90a1cfd9e4
-
SHA1
4f2162faf8fa7d4e21e74765be9a8b76594c5518
-
SHA256
8bc6d9ef6ce1b493ff27b445ded4487e5ac001821942f65586ef63568e9f4420
-
SHA512
bfc616e78d70a7e63b919b4affcf96e6b19623dec25a94ef0e30ddbec726ffcd4ea8f10b3fb90f44edbad589e7f88a5e53f34d13101dc05fdb034961c8f3b7de
-
SSDEEP
768:RVLaxGC+5kWtE5cYYsXeGz28Xxrz34KGNLiJd9ezWJUl1zPxawLHG0aOf:RVLGukHzXeCxvoKG+dJJUl1T0wzei
Score1/10 -
-
-
Target
5.1.1.4851/ScdMaker.exe
-
Size
635KB
-
MD5
c573e9ea8881d207977a6d3770b77137
-
SHA1
8a1f8006c88367c98d5fe416019153e3df54888d
-
SHA256
68f8835057d26b77c8f54af54ae1eaefe5f164e1781928dc79f72ce6ef93528c
-
SHA512
23a1483986c4fbe123755cd8f486b2750a5ca189c5c96118c2e77ae5d7f666e9d47ff4b1a98b8690e5576f395190f244af2d4d57262d5f2e1dadecc1f82784ed
-
SSDEEP
12288:2qv2VvicOWygeQ//Bn5OPDpUCVVagpkjo++wYDBAl5gMtgf88:3cOYXIDtHpWo++wYDBkiMif88
Score3/10 -
-
-
Target
5.1.1.4851/ScdReg.exe
-
Size
722KB
-
MD5
5a5b584a6ca71b141977360d991caeba
-
SHA1
ae26bd78515a48d43e0e5162a1034e4d95630f1b
-
SHA256
4d3ae26d49f8d0ad5ad02a86810af3adcd7cf6a8a9b6e3c50ac2e66d743bdc70
-
SHA512
92f4f42784fa63c049d747d26885775abc8ad7063bf72454b00c1f7ccf2acbf9f3d2951a76bc04af9f2195d5f270360004971594e9f84f287cc1b7df0ecf7cb0
-
SSDEEP
12288:V7hnz7p+F7W0hoeEzXrzVbIF0KHHlQeMAN8GMCnQv64c+8Nql:7z7O7W0hMzqi8HieMAN8GMiQvMDNql
Score3/10 -