General
-
Target
fc3fe9d15a66ea65593c4d07a3b8bf40_JaffaCakes118
-
Size
3.0MB
-
Sample
240420-jdwgcsbg23
-
MD5
fc3fe9d15a66ea65593c4d07a3b8bf40
-
SHA1
917b947f3288cdb268b4008d0625ad96ada116f5
-
SHA256
1e53c858208435c36959bc596b346f112dcccc12ff4e76b506185eea654b58cd
-
SHA512
0ce32d3ae3caf5ab662f9388abf62e111ca9ff5ce910203f2bb0c1267845ee7ee4370b4dc5736c5ac824fd2fffc0dfa0af1d16b6691ab3d43b194157e887b218
-
SSDEEP
49152:4sKfP9MS4qOjZrkvPMCjniz19tmETFPf9W0yDIqBfpBgJhlQg3031D+p99eSFfvh:4sYP9MSHoZrIUCjizzIETkDcJcCjfZ
Malware Config
Targets
-
-
Target
fc3fe9d15a66ea65593c4d07a3b8bf40_JaffaCakes118
-
Size
3.0MB
-
MD5
fc3fe9d15a66ea65593c4d07a3b8bf40
-
SHA1
917b947f3288cdb268b4008d0625ad96ada116f5
-
SHA256
1e53c858208435c36959bc596b346f112dcccc12ff4e76b506185eea654b58cd
-
SHA512
0ce32d3ae3caf5ab662f9388abf62e111ca9ff5ce910203f2bb0c1267845ee7ee4370b4dc5736c5ac824fd2fffc0dfa0af1d16b6691ab3d43b194157e887b218
-
SSDEEP
49152:4sKfP9MS4qOjZrkvPMCjniz19tmETFPf9W0yDIqBfpBgJhlQg3031D+p99eSFfvh:4sYP9MSHoZrIUCjizzIETkDcJcCjfZ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-