Overview
overview
7Static
static
3JaffaCakes...7e.exe
windows10-2004-x64
7JaffaCakes...7e.exe
windows11-21h2-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/bind.dll
windows10-2004-x64
3$PLUGINSDIR/bind.dll
windows11-21h2-x64
3$PLUGINSDIR/xID.dll
windows10-2004-x64
3$PLUGINSDIR/xID.dll
windows11-21h2-x64
3bin/sdad.exe
windows10-2004-x64
3bin/sdad.exe
windows11-21h2-x64
3bin/shandian.exe
windows10-2004-x64
6bin/shandian.exe
windows11-21h2-x64
6home.bat
windows10-2004-x64
1home.bat
windows11-21h2-x64
1shandian.exe
windows10-2004-x64
6shandian.exe
windows11-21h2-x64
6uninst.exe
windows10-2004-x64
7uninst.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/bind.dll
windows10-2004-x64
3$PLUGINSDIR/bind.dll
windows11-21h2-x64
3General
-
Target
JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e
-
Size
1.1MB
-
Sample
250704-vtghxswxf1
-
MD5
1c6ba00cc76d6c5a4b4188168a6fa57e
-
SHA1
ecfe3ada8ac06cc7381684e105b201fab81154e6
-
SHA256
e82578b70f38c43529dc480d53b6150a997da62942547bd0d3a9284c98db008d
-
SHA512
c15f245c9045111a179733f6f2bc69bb208827eed6d2d56276e84081fad5138987b3b9c86144bef67798bd0c199fcef481e8d44a896dd3e11e968d626054e643
-
SSDEEP
24576:xAcyRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRN7ih3:0GfQNuN7seJ+2Yk/3ih3
Behavioral task
behavioral1
Sample
JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e.exe
Resource
win11-20250619-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Md5dll.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Md5dll.dll
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250610-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/bind.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/bind.dll
Resource
win11-20250619-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/xID.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/xID.dll
Resource
win11-20250610-en
Behavioral task
behavioral11
Sample
bin/sdad.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
bin/sdad.exe
Resource
win11-20250619-en
Behavioral task
behavioral13
Sample
bin/shandian.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral14
Sample
bin/shandian.exe
Resource
win11-20250619-en
Behavioral task
behavioral15
Sample
home.bat
Resource
win10v2004-20250619-en
Behavioral task
behavioral16
Sample
home.bat
Resource
win11-20250610-en
Behavioral task
behavioral17
Sample
shandian.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral18
Sample
shandian.exe
Resource
win11-20250619-en
Behavioral task
behavioral19
Sample
uninst.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral20
Sample
uninst.exe
Resource
win11-20250619-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win11-20250610-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/bind.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/bind.dll
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
JaffaCakes118_1c6ba00cc76d6c5a4b4188168a6fa57e
-
Size
1.1MB
-
MD5
1c6ba00cc76d6c5a4b4188168a6fa57e
-
SHA1
ecfe3ada8ac06cc7381684e105b201fab81154e6
-
SHA256
e82578b70f38c43529dc480d53b6150a997da62942547bd0d3a9284c98db008d
-
SHA512
c15f245c9045111a179733f6f2bc69bb208827eed6d2d56276e84081fad5138987b3b9c86144bef67798bd0c199fcef481e8d44a896dd3e11e968d626054e643
-
SSDEEP
24576:xAcyRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRN7ih3:0GfQNuN7seJ+2Yk/3ih3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/Md5dll.dll
-
Size
8KB
-
MD5
a7d710e78711d5ab90e4792763241754
-
SHA1
f31cecd926c5d497aba163a17b75975ec34beb13
-
SHA256
9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2
-
SHA512
f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0
-
SSDEEP
96:YV2qpbvYSflug0Dvxn6GuKM9sh1gdrN9+oB7FT9WibOoBZcko5N/:Yt5lugRK8hlvbwkKV
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/bind.dll
-
Size
62KB
-
MD5
68ab2b372a52864275c3f50a113b3ed4
-
SHA1
3e3311628026f689751853199ab9c9166231cada
-
SHA256
fb57e46a9c429c5149e44807679149f9cf3edc559abaca9c1a72fc9864253456
-
SHA512
9acd0467b449a280733188d12a701ea2ed320a3e8f8e4ba3dce25bcd867ab7c75f1a1fc6bf0e490769ac214ee6c9122c02aec25bac65b91d68ea1e30e5b5442e
-
SSDEEP
768:/eudUvMaTC7XOrfNT9H77HyOnZsqUb0hh2v9kkDwJtn20EDFvCwWGWxS1GJ9rqof:GMUv/mLqN579nU221kDAvCh+GTr3
Score3/10 -
-
-
Target
$PLUGINSDIR/xID.dll
-
Size
9KB
-
MD5
3a5ed71aa9c6846d95d57235c4c443d7
-
SHA1
08156d29bed654f8f8d7f46ddbce84d22d4710cf
-
SHA256
5e3fa4d610cb2d80ed9991cb2562bd70c5b4d49dbcf4e42a1017c59eedbe28a4
-
SHA512
5cdb5059020c20a83f230ae2d75bfb6fd69a03418ba6407336db9f0c653fea1e8f4a51400812da81a8bde2f6e4d95fd80e29eb462e818ddbd881789c00d5d1d1
-
SSDEEP
192:Lq+oDX4BAl9WNd7+1KUl9xLhMVCXuDAx5n35q6yy:Lq+oDfl9WN8QmxlMVCXu0x5g6T
Score3/10 -
-
-
Target
bin/sdad.exe
-
Size
395KB
-
MD5
8f87437f10cd1ae1d2e8a16c74edb3bd
-
SHA1
2439b6b338091402c08fb51355ffaaa251697875
-
SHA256
c5e8d908d64d1c58f8cb458e9ece92231283b48397efbb5ed82ef2f11831d600
-
SHA512
4ae6e48294352a87c34734d5927f73f9728842aa2a23a3ce58717e68b5095b926147f32687b5746520350f0583c76232d430b9d04e21054c890c432ddd1fadd1
-
SSDEEP
6144:tj6ypnUxOMyinsmrkCA7pZKNPWv9wfaH+vaiUbPbdXjq9:tuypnUxOVijrc7KNvfQ+vaisw
Score3/10 -
-
-
Target
bin/shandian.exe
-
Size
1.4MB
-
MD5
5d58564e0c3a20c424c6e2485217773b
-
SHA1
437a5a65403bfca0a56205388d02829af73c0b15
-
SHA256
ec6bc95964de7688d7af92813db866e3188b511c3d9217bd7ba8134c729f329d
-
SHA512
15bc85e95502e09f1edac9720ade75d536ca83e05b051f00998f3786f5fb7c8c577c5b929e1c02bf9d1282579d3be430b7f9dc1fb78d8531a6fc772cdd2d0c92
-
SSDEEP
24576:TKDRGCmOTybrPjgFMMJHrx9xTOITPJbCSsTMEPTAKhm7Zv+N:Ttwy6NTOITPJboTAKhm7Zv+N
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
home.bat
-
Size
691B
-
MD5
9226a826194dccfbe24baeb5ef8625c6
-
SHA1
ffa2856e43e0c0a937561f6d88082a8c10373e7b
-
SHA256
a742f86a3a81a3ffa506797faabe9c107fbe9ae5757ac78e349b5c40831236d3
-
SHA512
9e181541e208b5a60954dea4148b8b7891f45003e26b19ab8398523026b6d5ba5923796524525de03ca2790f4e3eaf3dd58d685b022ee9bc98741d30b451dff8
-
-
-
Target
shandian.exe
-
Size
96KB
-
MD5
3ab67e3bb0941abd2e4c6117904d10d6
-
SHA1
2439498fc2f2e72aa0bf2d489f16acf8e0f8f8ce
-
SHA256
79225f50f7751d9294ef966598fc41e21b0e0b3f750c39a7ac1a6c1615fec05f
-
SHA512
229b64647793b3183409ff31169cfadadc12d8b5387bf68581472533141d232f45a397c5d73248556fc2a4011338e38f0d9fa7d5fb4e1610f7ba5f931461f23a
-
SSDEEP
1536:/Yg/J6/Rngh15G7yd8MvG7OahYg/J6/Rn:ZJZhm7ydxu73hxJ
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
uninst.exe
-
Size
99KB
-
MD5
2d14f7b96c2343e39323637985b8336c
-
SHA1
3f49f6e8e952f0d139969008e90f4bb3440512e5
-
SHA256
a1f870ad82c84b6cf3afefc74238ee47d43e0b7b7faeb7ff3c47a3868e367287
-
SHA512
c0f02e3d81dee28c80dd8148e5c45d350250dea2829a76cf6f04103d71afdaaa1f6321e68c4652a33e528166b56aa3b848708b8bf87c5965d3cc17119c2561a9
-
SSDEEP
3072:3gXdZt9P6D3XJThTjWmUEVF3BVbIJa1sE:3e34lsmUEVRzIJaSE
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/bind.dll
-
Size
62KB
-
MD5
68ab2b372a52864275c3f50a113b3ed4
-
SHA1
3e3311628026f689751853199ab9c9166231cada
-
SHA256
fb57e46a9c429c5149e44807679149f9cf3edc559abaca9c1a72fc9864253456
-
SHA512
9acd0467b449a280733188d12a701ea2ed320a3e8f8e4ba3dce25bcd867ab7c75f1a1fc6bf0e490769ac214ee6c9122c02aec25bac65b91d68ea1e30e5b5442e
-
SSDEEP
768:/eudUvMaTC7XOrfNT9H77HyOnZsqUb0hh2v9kkDwJtn20EDFvCwWGWxS1GJ9rqof:GMUv/mLqN579nU221kDAvCh+GTr3
Score3/10 -
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1