General

  • Target

    e97eed9881c697283855251ac5b6cb0c_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240409-jlyaxshh39

  • MD5

    e97eed9881c697283855251ac5b6cb0c

  • SHA1

    4bf0c7d1dd45ee2c5f240cc8988031200f631217

  • SHA256

    be995bb944648d74b6b28c0712cd6f4456163881b05dcd19b775a4b798cfe3c5

  • SHA512

    a03b8562bd7864717a23be98c5a98592af00e36cc390fdb6c7ced0fcef9ee6c640d4fe29519ad00c12ac9e4ee66d973038e4c0f0acc882b252def2e6018783c0

  • SSDEEP

    98304:ezC3MYlGTnRVWqH4SatiAvCtt46kaGHPqnrJvQsR:ezC3MY+nRVWk4SatiAvJLyrdQ

Malware Config

Targets

    • Target

      e97eed9881c697283855251ac5b6cb0c_JaffaCakes118

    • Size

      3.3MB

    • MD5

      e97eed9881c697283855251ac5b6cb0c

    • SHA1

      4bf0c7d1dd45ee2c5f240cc8988031200f631217

    • SHA256

      be995bb944648d74b6b28c0712cd6f4456163881b05dcd19b775a4b798cfe3c5

    • SHA512

      a03b8562bd7864717a23be98c5a98592af00e36cc390fdb6c7ced0fcef9ee6c640d4fe29519ad00c12ac9e4ee66d973038e4c0f0acc882b252def2e6018783c0

    • SSDEEP

      98304:ezC3MYlGTnRVWqH4SatiAvCtt46kaGHPqnrJvQsR:ezC3MY+nRVWk4SatiAvJLyrdQ

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks