General

  • Target

    c507dec437e09f01e4cf70dd85d478b1_JaffaCakes118

  • Size

    5.1MB

  • Sample

    240404-3tjbhseg27

  • MD5

    c507dec437e09f01e4cf70dd85d478b1

  • SHA1

    63e8e29b5be8cf19909afbefb0abb4888a024609

  • SHA256

    f16acceaef0ae8c24d8ed49928a0eab7b63bbfd11e13749d2b43321bd3c4f7cd

  • SHA512

    ace7e662c5edb18d0dbacbaaa189395e60ed6c27849d6718b5e841d69c4d4ae56ef25ad1ee498ffbd4441df28179623fe15a66bcbdb8c1fbee5a85a8ab2c63aa

  • SSDEEP

    98304:/WiKgVlAGfphCCYtIiswQz+lmW92jzUO33P29nqhpDK4+:/W+lPqe73z+6P2A9KB

Malware Config

Targets

    • Target

      c507dec437e09f01e4cf70dd85d478b1_JaffaCakes118

    • Size

      5.1MB

    • MD5

      c507dec437e09f01e4cf70dd85d478b1

    • SHA1

      63e8e29b5be8cf19909afbefb0abb4888a024609

    • SHA256

      f16acceaef0ae8c24d8ed49928a0eab7b63bbfd11e13749d2b43321bd3c4f7cd

    • SHA512

      ace7e662c5edb18d0dbacbaaa189395e60ed6c27849d6718b5e841d69c4d4ae56ef25ad1ee498ffbd4441df28179623fe15a66bcbdb8c1fbee5a85a8ab2c63aa

    • SSDEEP

      98304:/WiKgVlAGfphCCYtIiswQz+lmW92jzUO33P29nqhpDK4+:/W+lPqe73z+6P2A9KB

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks