General

  • Target

    e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118

  • Size

    6.6MB

  • Sample

    240406-1eennscc75

  • MD5

    e35575598dc806a16ca43a2e565bbd3d

  • SHA1

    a8494670848886ee5e3cbe2e29c1a549349a9b16

  • SHA256

    fedefcfd77d1bf5826b7a94d92481c93a35d19db2d24aa61406954a4b61f7b9e

  • SHA512

    6df40380dc586043332ffee3eedc5fb270946c8d083b6229dcea421bc3eb7e9a966354718dc78430478f1567776e0a2bdd833a4fb1f3de506ab7a6f22af22de7

  • SSDEEP

    196608:/4CoUiu9Yuw7SEgvOFcjD0azHEWYkjSMzGcb8R:gHUbZw7S9vOFcjLgWfSMFgR

Malware Config

Targets

    • Target

      e35575598dc806a16ca43a2e565bbd3d_JaffaCakes118

    • Size

      6.6MB

    • MD5

      e35575598dc806a16ca43a2e565bbd3d

    • SHA1

      a8494670848886ee5e3cbe2e29c1a549349a9b16

    • SHA256

      fedefcfd77d1bf5826b7a94d92481c93a35d19db2d24aa61406954a4b61f7b9e

    • SHA512

      6df40380dc586043332ffee3eedc5fb270946c8d083b6229dcea421bc3eb7e9a966354718dc78430478f1567776e0a2bdd833a4fb1f3de506ab7a6f22af22de7

    • SSDEEP

      196608:/4CoUiu9Yuw7SEgvOFcjD0azHEWYkjSMzGcb8R:gHUbZw7S9vOFcjLgWfSMFgR

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks