General
-
Target
5262da4295e8a62d58d17991b35bf860_JaffaCakes118
-
Size
124KB
-
Sample
240331-kzftgahg76
-
MD5
5262da4295e8a62d58d17991b35bf860
-
SHA1
3fba37528f6b06d2c89c7d86ce6352df438f1855
-
SHA256
058ee0434baf472713da384ee3ba273f64995b9c7f83b7e62a8b3285b334b2cf
-
SHA512
8a82d10997e8b64ab12688e6cb909e405644bfcf2ed0e47df9c16009bf1ae415c17bc5a0cc27717d34f6f5484ca27fe026893b4637ea01cb1209dd0427574c18
-
SSDEEP
1536:HEzzhi6Qu6TDW2rxtene90Ceqhg0Sh1xOeFPa+HNFiS79oe:HEzlQuExvene9zFhgDbsm7TiVe
Static task
static1
Behavioral task
behavioral1
Sample
5262da4295e8a62d58d17991b35bf860_JaffaCakes118.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5262da4295e8a62d58d17991b35bf860_JaffaCakes118.msi
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
5262da4295e8a62d58d17991b35bf860_JaffaCakes118
-
Size
124KB
-
MD5
5262da4295e8a62d58d17991b35bf860
-
SHA1
3fba37528f6b06d2c89c7d86ce6352df438f1855
-
SHA256
058ee0434baf472713da384ee3ba273f64995b9c7f83b7e62a8b3285b334b2cf
-
SHA512
8a82d10997e8b64ab12688e6cb909e405644bfcf2ed0e47df9c16009bf1ae415c17bc5a0cc27717d34f6f5484ca27fe026893b4637ea01cb1209dd0427574c18
-
SSDEEP
1536:HEzzhi6Qu6TDW2rxtene90Ceqhg0Sh1xOeFPa+HNFiS79oe:HEzlQuExvene9zFhgDbsm7TiVe
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-