General
-
Target
f4e6123b834615cc3d94b58d393f3097_JaffaCakes118
-
Size
10.0MB
-
Sample
240417-dk13jaca34
-
MD5
f4e6123b834615cc3d94b58d393f3097
-
SHA1
26abd8f8c180dcec99a60c2475c4fe7bb69555b5
-
SHA256
9d2f5d46b02f236f8588bb1e0695059744fb3ff5eace01755cd883fafae33b77
-
SHA512
cefae5262428c16464e23e0994d95f382c559f64614b20346c3ae1f846ef03598cac564b457749f7a0c03d490a7c40b05b41715609d64f6faf08829166e9572b
-
SSDEEP
196608:188rXcaGUbxE0H2o8rbowQ8pvwMCquMklnxIt2JWHthvf2bF7CZJbs6Gw1TBB:18q9GbPboQvRCrM2FJWHnvf2bxC/x71n
Malware Config
Targets
-
-
Target
f4e6123b834615cc3d94b58d393f3097_JaffaCakes118
-
Size
10.0MB
-
MD5
f4e6123b834615cc3d94b58d393f3097
-
SHA1
26abd8f8c180dcec99a60c2475c4fe7bb69555b5
-
SHA256
9d2f5d46b02f236f8588bb1e0695059744fb3ff5eace01755cd883fafae33b77
-
SHA512
cefae5262428c16464e23e0994d95f382c559f64614b20346c3ae1f846ef03598cac564b457749f7a0c03d490a7c40b05b41715609d64f6faf08829166e9572b
-
SSDEEP
196608:188rXcaGUbxE0H2o8rbowQ8pvwMCquMklnxIt2JWHthvf2bF7CZJbs6Gw1TBB:18q9GbPboQvRCrM2FJWHnvf2bxC/x71n
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-