Overview
overview
8Static
static
7201b3ddbae...18.exe
windows7-x64
3201b3ddbae...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CCleaner.exe
windows7-x64
7CCleaner.exe
windows10-2004-x64
1Microsoft.mshtml.dll
windows7-x64
1Microsoft.mshtml.dll
windows10-2004-x64
1cafw.exe
windows7-x64
7cafw.exe
windows10-2004-x64
3cladgenius.chm
windows7-x64
1cladgenius.chm
windows10-2004-x64
1decaptcher.dll
windows7-x64
3decaptcher.dll
windows10-2004-x64
3fbclient.dll
windows7-x64
1fbclient.dll
windows10-2004-x64
1holfix.exe
windows7-x64
8holfix.exe
windows10-2004-x64
8ibprovider.dll
windows7-x64
1ibprovider.dll
windows10-2004-x64
1icudt30.dll
windows7-x64
1icudt30.dll
windows10-2004-x64
1icuin30.dll
windows7-x64
3icuin30.dll
windows10-2004-x64
3icuuc30.dll
windows7-x64
3icuuc30.dll
windows10-2004-x64
3General
-
Target
201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118
-
Size
7.3MB
-
Sample
240702-vgz5hascrf
-
MD5
201b3ddbaeaa3cc5f7480d8fe72fc567
-
SHA1
18fb6b4aa14e9594a5722778fbd77fc8f7a929f9
-
SHA256
95a8e22f4586b962c8bbe268f28b9561ecfafc06bee75f3571ced253d66d5531
-
SHA512
17e4d6fff52a6bec3de4912a7fa616361ea7a758bf2a080505865fb1743c32c50bb69e3f6588b1f4dbaf4f32de855bbcd0766342b887d0acefc0b8f9980bd24b
-
SSDEEP
196608:McQNXCaslUWm2z+msNMl1ADcUjOIEs3jHvau5B38MVCcr9:VSslOJ3cgTjPau5/C+9
Behavioral task
behavioral1
Sample
201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
CCleaner.exe
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
CCleaner.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Microsoft.mshtml.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Microsoft.mshtml.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
cafw.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
cafw.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
cladgenius.chm
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
cladgenius.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
decaptcher.dll
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
decaptcher.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
fbclient.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
fbclient.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
holfix.exe
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
holfix.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
ibprovider.dll
Resource
win7-20240419-en
Behavioral task
behavioral26
Sample
ibprovider.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
icudt30.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
icudt30.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
icuin30.dll
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
icuin30.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
icuuc30.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
icuuc30.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
201b3ddbaeaa3cc5f7480d8fe72fc567_JaffaCakes118
-
Size
7.3MB
-
MD5
201b3ddbaeaa3cc5f7480d8fe72fc567
-
SHA1
18fb6b4aa14e9594a5722778fbd77fc8f7a929f9
-
SHA256
95a8e22f4586b962c8bbe268f28b9561ecfafc06bee75f3571ced253d66d5531
-
SHA512
17e4d6fff52a6bec3de4912a7fa616361ea7a758bf2a080505865fb1743c32c50bb69e3f6588b1f4dbaf4f32de855bbcd0766342b887d0acefc0b8f9980bd24b
-
SSDEEP
196608:McQNXCaslUWm2z+msNMl1ADcUjOIEs3jHvau5B38MVCcr9:VSslOJ3cgTjPau5/C+9
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
a401e590877ef6c928d2a97c66157094
-
SHA1
75e24799cf67e789fadcc8b7fddefc72fdc4cd61
-
SHA256
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
-
SHA512
6093415cd090e69cdcb52b5d381d0a8b3e9e5479dac96be641e0071f1add26403b27a453febd8ccfd16393dc1caa03404a369c768a580781aba3068415ee993f
-
SSDEEP
48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2
Score3/10 -
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
254f13dfd61c5b7d2119eb2550491e1d
-
SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6
-
SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
-
SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7
-
SSDEEP
192:t5ZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRYgsfA:fBo/680dCI5adOjFOg9//p27uNw2bo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
CCleaner.exe
-
Size
1.6MB
-
MD5
fdfb209c5a04b7784bb0bb4af7f0b31c
-
SHA1
fe5a7301bcf0593e59265a24e514b756577c30bd
-
SHA256
c565feb2847bf0d116135db188bafe728e889f8f7319f562d7331a2906fd49c7
-
SHA512
76253a95753039ac72bee37e09eba3617330f656b45bee97250de0f4c9b6ab8e3b2353b2256bb07b0c1636bf2f3069a1f99d33063057f3c8e43b13619efb831f
-
SSDEEP
24576:ojfUhykNTubUrgaJu5nuqrnMevWRIRJ1UuFh3zN815tjoiFW:ojfUhxrrJylndvWRIRsazN815tjBFW
-
Checks for any installed AV software in registry
-
-
-
Target
Microsoft.mshtml.dll
-
Size
7.6MB
-
MD5
3bf7213044dd0701e9e03cfed78bb088
-
SHA1
d3329c2d564a678f9425ce6be50b53fab3167359
-
SHA256
04bc62c7c47b6b3aa8ebbd5a776bc0a83c0e5c43ab1886b56560a404c0fcc74c
-
SHA512
faeb4093f430002a7a1eeaf3563e5406087f2becb01d43f36e61250209a6575eeba8fd56f5f5d56cd5da1cbcbbba0044271ed1db465ad6333ab2a958f53658f4
-
SSDEEP
98304:mpkg8hn86iyAB84gPjKVuH62NhND7BMe8Al:mpkg8hn8RStD7BMe8Al
Score1/10 -
-
-
Target
cafw.exe
-
Size
2.7MB
-
MD5
35c7b08f7f45d54e59496855e17e8a0f
-
SHA1
986209258bba1b838b562a464b597ec26046226f
-
SHA256
8c3111371c153c75f6406e802493120337ed64772e7b94ec87cf2d563c9aba25
-
SHA512
d758fc89be81d3c92b38151e9deda72de86393ddde2ce6cb8f96bd437644632d0a60c791964d9117f45ef343a8897b7073b06f8cecab3c639ac7e1404b660d40
-
SSDEEP
49152:tTn7ZlDGoO49xA+McUhLoNYSmgg0QCL75QNH+BvqLz33vZTi/fspHXXNnd0j7d+Z:9ZlDGH4jABcUhYgZCL75QNeBurvZWHYx
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
cladgenius.chm
-
Size
29KB
-
MD5
dbaa4692ad7c6c55a1405fdde758381f
-
SHA1
8dc2a584d13730b49e84b8c411dffc6f949e04d0
-
SHA256
32821a96e104b7bc8280cfd4821503c396dba907cdd9d66fde9ef185cb32eebb
-
SHA512
a9b918ce2370cdfc3c84bd560462e8075948e13d4eb115b13b925dfb2e8edd1748b02362cf0c6ccee4723df3e104cd885d04c3c101a7dc317bd38ae8207185a1
-
SSDEEP
384:vyg2OYiy87TL43gJRtDUkv56t3U5bi8WMFS1D5XOYjtsTrcujbNJIo:vyyLNlDUc56WsMFSZ9pOcuj3Io
Score1/10 -
-
-
Target
decaptcher.dll
-
Size
72KB
-
MD5
05aa12c2665ebd53f9505d0cf9f37b83
-
SHA1
c0e6e0401fe2bcf40251c3d4514c6b3d58b7a4a3
-
SHA256
6903e1192b4a90bd78f4a0853d6d72bc0fa74ce8800946c698a4406a60c2f239
-
SHA512
586ec510204719da09f2d0761a2d8f9aee0dc15252f9340fcb09137650e21354d3d3c025b362c297d0b3439587d65a3c294cbe2359aa9d6ce224c34fa674bcab
-
SSDEEP
1536:6/3nHtECUPHH0sV2gIHFLJtKbHBlnDLL:g3HtECU/DVVUuzBlnDLL
Score3/10 -
-
-
Target
fbclient.dll
-
Size
3.6MB
-
MD5
b8e93b77d06fe8acc4438bb88f9ae231
-
SHA1
b7b9116db1aae43a58bb8c0f3a002977e10bf834
-
SHA256
688caa8cecbca2a07baded86c567ec844b39aa3dcd50c136ab8ac4bbee8e99f1
-
SHA512
8e3ccb43d67ec90165b44cf5c14db73394ff8d1ac19548a1bc3fe807d361f0a7b5a8c9bb8ca34545a770795fd5f0a07c373039dbc3c6e15fd385eca263e91d23
-
SSDEEP
24576:CmvmNB5rZMCemDjVHBsyEJAYr3RKFgNtXy26oPjdarC/168Cs6RX1HQ46sWJvaKp:CmgdnHTuj0+qHPv203ymNsqYv3jnB
Score1/10 -
-
-
Target
holfix.exe
-
Size
256KB
-
MD5
53f0c95938fdb4b3f0f4814bc8b1b9cc
-
SHA1
08c2a4a3df5381f8f49a5ee2372728400bd24671
-
SHA256
6b3ed396381a68ca58a1f4c73f00b40e2c2f555d031690865a64f26d2c5ed7fb
-
SHA512
2eac3782b5c1e1f45c9492b17910b60f28d2ab69aa7ec1b3e39e3ccf628fe30226c2824309a87d1b84c288b6028b903d3085d01df762ba421c7a5d5a7ddd6f9a
-
SSDEEP
6144:wMWnwQaTtvIa5rD1U8x7Am6OoyFoLp1kvWlp2FN6A5B5dn01:pJQatIerRUAA0o8CTlkFN6Az5dn0
Score8/10-
Drops file in Drivers directory
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
-
-
Target
ibprovider.dll
-
Size
3.1MB
-
MD5
3bca69f43800aed83c069037b8efd9f7
-
SHA1
d6387c347b1614979578c3442ec948e3d69d73d3
-
SHA256
278d40f010c994a458b076d1aa4dec03f3891da394d707a254908a7afabd51b1
-
SHA512
83b81cfc1c2291c0a5478eb600eb3edb15cf2346a3293e9292584f981df11b5ef678962f2b73aa48ebf4a6f59021d5facde0b93565fba0a47c24c3919a7f67bb
-
SSDEEP
49152:TX9oxIdkM+x1VKRANMvTA1wAwspjG/HBFIt/M8xc878qLKXZYemFFU+tEyqhguij:ja1Q/g2MtEs
Score1/10 -
-
-
Target
icudt30.dll
-
Size
1.5MB
-
MD5
38bb7cee2aa52930485939771c44ab2a
-
SHA1
dd028b21c611873c28de3e80f04e787250f97219
-
SHA256
8c04f1ab3a07e21e88d678e6742efc69900bacf73b1e18f97b25115d3cb3e4d5
-
SHA512
b8169042f45b7fd08e7aab17a05fe48dca8ffd203d3b841a990d8836da33bcfaf39ee5953706281c4a47148736c5ed1d51956eca6e8efb67af9d137e1dfe7849
-
SSDEEP
24576:KqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:88BvPy/i0CKwFEvnckB
Score1/10 -
-
-
Target
icuin30.dll
-
Size
408KB
-
MD5
68c9f7fee9aec9b9ced22d48e2b92857
-
SHA1
b16cb5ef5d8dff48186005e1d7a72eb0935e086f
-
SHA256
2b4e8d37415dde11775cabdfea78c92d724b0d031a722cfadc524b8245c63c93
-
SHA512
172940d17e8ef7ace4a92b8a44f269017f0b99b4b4953e851ee6396dbb76964dbdb1a2480c21b86b08900f6d2f685378b707eda28311bb988140927ebfe6d074
-
SSDEEP
12288:f8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/N4:j2NKybE9l0nR/
Score3/10 -
-
-
Target
icuuc30.dll
-
Size
660KB
-
MD5
44f425267038283db1822910679aa32d
-
SHA1
5028fdd93a8e3ea761149ac0d766af207ebedc9d
-
SHA256
a128b8d73f4bc08f0b017789f57a0c20238ff0294361d5ce0233ca75f9eb691a
-
SHA512
918125b249945547d5c263876680867018b9442cd147670c144d6227fe01d1304d5a5305b9d57d24db1eaa4e19dae1a72b0f9f7e32a7bcd4c38b097143b2bd36
-
SSDEEP
12288:rGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxVPLkQGSWDhap:FmKEKEsnJbg4iFoIBliPLkvph
Score3/10 -