General

  • Target

    edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240411-vvdhnabd7w

  • MD5

    edf2b27feef650adc22bbaa3a79b5add

  • SHA1

    a88880a6cc945e525caeb8cfbc9e842608a484d5

  • SHA256

    6a1cb64eabc252644931b8d95a86b5625ea0d5610791ed4fae2e8041a79e615e

  • SHA512

    5292e11c77bd2bcccc58acb578298c941dcc48bee44abb18d7198d156b818d97e8b4a5210aef68aa870ffe3098c8eeb0e9d52bde9a53f050292529d0d1c3d377

  • SSDEEP

    49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99G2:tKq4oEa9RQs+Cn4/UK2

Malware Config

Targets

    • Target

      edf2b27feef650adc22bbaa3a79b5add_JaffaCakes118

    • Size

      2.6MB

    • MD5

      edf2b27feef650adc22bbaa3a79b5add

    • SHA1

      a88880a6cc945e525caeb8cfbc9e842608a484d5

    • SHA256

      6a1cb64eabc252644931b8d95a86b5625ea0d5610791ed4fae2e8041a79e615e

    • SHA512

      5292e11c77bd2bcccc58acb578298c941dcc48bee44abb18d7198d156b818d97e8b4a5210aef68aa870ffe3098c8eeb0e9d52bde9a53f050292529d0d1c3d377

    • SSDEEP

      49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99G2:tKq4oEa9RQs+Cn4/UK2

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks