General
-
Target
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118
-
Size
6.6MB
-
Sample
240406-1eennscc75
-
MD5
e35575598dc806a16ca43a2e565bbd3d
-
SHA1
a8494670848886ee5e3cbe2e29c1a549349a9b16
-
SHA256
fedefcfd77d1bf5826b7a94d92481c93a35d19db2d24aa61406954a4b61f7b9e
-
SHA512
6df40380dc586043332ffee3eedc5fb270946c8d083b6229dcea421bc3eb7e9a966354718dc78430478f1567776e0a2bdd833a4fb1f3de506ab7a6f22af22de7
-
SSDEEP
196608:/4CoUiu9Yuw7SEgvOFcjD0azHEWYkjSMzGcb8R:gHUbZw7S9vOFcjLgWfSMFgR
Behavioral task
behavioral1
Sample
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118
-
Size
6.6MB
-
MD5
e35575598dc806a16ca43a2e565bbd3d
-
SHA1
a8494670848886ee5e3cbe2e29c1a549349a9b16
-
SHA256
fedefcfd77d1bf5826b7a94d92481c93a35d19db2d24aa61406954a4b61f7b9e
-
SHA512
6df40380dc586043332ffee3eedc5fb270946c8d083b6229dcea421bc3eb7e9a966354718dc78430478f1567776e0a2bdd833a4fb1f3de506ab7a6f22af22de7
-
SSDEEP
196608:/4CoUiu9Yuw7SEgvOFcjD0azHEWYkjSMzGcb8R:gHUbZw7S9vOFcjLgWfSMFgR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-