General

  • Target

    dcd1f82e2faf41a2e6bf75a3d890d349_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240406-gjcv4acg54

  • MD5

    dcd1f82e2faf41a2e6bf75a3d890d349

  • SHA1

    b928b16d844efba36c7df8c56a8cb3073df5ebdd

  • SHA256

    5d853a66627a8a03b0f52d4e1d62aac7636459a85b5af786a1d688494cc13236

  • SHA512

    14854a096334f1bef3d16e82f449d3d54b84e3a8bf1af05a6f5cbd651a7d25c7231c41a11d34d4b91c3f6872a0496f078825f5ff918f96cd754887bd07cf07a9

  • SSDEEP

    49152:lAB0k4ZhlVSig0G8aHMPNAzolvVUVJYCdfI2cpB8:40tdcj8aAAUlNuJYCL

Malware Config

Targets

    • Target

      dcd1f82e2faf41a2e6bf75a3d890d349_JaffaCakes118

    • Size

      1.6MB

    • MD5

      dcd1f82e2faf41a2e6bf75a3d890d349

    • SHA1

      b928b16d844efba36c7df8c56a8cb3073df5ebdd

    • SHA256

      5d853a66627a8a03b0f52d4e1d62aac7636459a85b5af786a1d688494cc13236

    • SHA512

      14854a096334f1bef3d16e82f449d3d54b84e3a8bf1af05a6f5cbd651a7d25c7231c41a11d34d4b91c3f6872a0496f078825f5ff918f96cd754887bd07cf07a9

    • SSDEEP

      49152:lAB0k4ZhlVSig0G8aHMPNAzolvVUVJYCdfI2cpB8:40tdcj8aAAUlNuJYCL

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks