General

  • Target

    eddea1e0d3c3fdcc83b07f859afff744_JaffaCakes118

  • Size

    4.0MB

  • Sample

    240411-t24gzsag5y

  • MD5

    eddea1e0d3c3fdcc83b07f859afff744

  • SHA1

    ffdaa31c7f2d2a508fc5e8e0e36dbe46a868b09b

  • SHA256

    7743b1f44f0043409fb4791091fefb35ee539313501bc49b99d1d2b9f6d28e73

  • SHA512

    f87b7ce95ba1572d4b09935037fdc55a4a3018baa66c343cc9b08f151e48f70d35958a71dab75468b211d916c01bb67979c477e285a20c868afb36d7fc88e109

  • SSDEEP

    98304:JF1HWX2L7CiI4DrzxJi+GZ81J+JYdfioZ:b1Hg6IeHrrJ+M

Malware Config

Targets

    • Target

      eddea1e0d3c3fdcc83b07f859afff744_JaffaCakes118

    • Size

      4.0MB

    • MD5

      eddea1e0d3c3fdcc83b07f859afff744

    • SHA1

      ffdaa31c7f2d2a508fc5e8e0e36dbe46a868b09b

    • SHA256

      7743b1f44f0043409fb4791091fefb35ee539313501bc49b99d1d2b9f6d28e73

    • SHA512

      f87b7ce95ba1572d4b09935037fdc55a4a3018baa66c343cc9b08f151e48f70d35958a71dab75468b211d916c01bb67979c477e285a20c868afb36d7fc88e109

    • SSDEEP

      98304:JF1HWX2L7CiI4DrzxJi+GZ81J+JYdfioZ:b1Hg6IeHrrJ+M

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks