General

  • Target

    ea48ee45da1f5a95f28d78f1d1138b40_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240409-snkmaadh4v

  • MD5

    ea48ee45da1f5a95f28d78f1d1138b40

  • SHA1

    2f918782735b6231a3de7825d54266460bb6c68c

  • SHA256

    693c0903fa5d55b26a0e21f4e876137cfff012e1dabc8ab1ecbf4223802f4f22

  • SHA512

    e1c1c323579ca8f6ceba29c77281c7867db3db306da6dcd4be70edd528e49e23acaf8005ad03285395110dde06c6518e385add7a8bdd4cee5b9728a24604888b

  • SSDEEP

    49152:6Q/KV6/m1eTl2gbzBmsMjAtrzhAZ6U3wN02cPxyhImAO+:Nm/eTlBzBnMjsrzh9Wk02cZyhZg

Malware Config

Targets

    • Target

      ea48ee45da1f5a95f28d78f1d1138b40_JaffaCakes118

    • Size

      2.5MB

    • MD5

      ea48ee45da1f5a95f28d78f1d1138b40

    • SHA1

      2f918782735b6231a3de7825d54266460bb6c68c

    • SHA256

      693c0903fa5d55b26a0e21f4e876137cfff012e1dabc8ab1ecbf4223802f4f22

    • SHA512

      e1c1c323579ca8f6ceba29c77281c7867db3db306da6dcd4be70edd528e49e23acaf8005ad03285395110dde06c6518e385add7a8bdd4cee5b9728a24604888b

    • SSDEEP

      49152:6Q/KV6/m1eTl2gbzBmsMjAtrzhAZ6U3wN02cPxyhImAO+:Nm/eTlBzBnMjsrzh9Wk02cZyhZg

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks