General
-
Target
f6b63376b79682b34cfdaa2fb24b03fd_JaffaCakes118
-
Size
3.0MB
-
Sample
240417-2ezjhsgc36
-
MD5
f6b63376b79682b34cfdaa2fb24b03fd
-
SHA1
ddb0cb899573fa456a4ed7379b6ff927ea30b78e
-
SHA256
2d9455ccec4cdbba6e7cd26a405c74227e7c03fdfa017d3217c443d7ada0d011
-
SHA512
048082ffd04fadbe679c32e8813f39a5414302c7acd9c88b6c74422c850f1987d6d657f451dd0afcfc650669855585757dd1436a4d231f97b646cf22e378adfd
-
SSDEEP
98304:07/rhlGcjcTRsVIoGavZFYE1wM+M6d0MkIM7:8acjcNsVXTkE
Static task
static1
Behavioral task
behavioral1
Sample
f6b63376b79682b34cfdaa2fb24b03fd_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
f6b63376b79682b34cfdaa2fb24b03fd_JaffaCakes118
-
Size
3.0MB
-
MD5
f6b63376b79682b34cfdaa2fb24b03fd
-
SHA1
ddb0cb899573fa456a4ed7379b6ff927ea30b78e
-
SHA256
2d9455ccec4cdbba6e7cd26a405c74227e7c03fdfa017d3217c443d7ada0d011
-
SHA512
048082ffd04fadbe679c32e8813f39a5414302c7acd9c88b6c74422c850f1987d6d657f451dd0afcfc650669855585757dd1436a4d231f97b646cf22e378adfd
-
SSDEEP
98304:07/rhlGcjcTRsVIoGavZFYE1wM+M6d0MkIM7:8acjcNsVXTkE
-
Detects Echelon Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-