General
-
Target
fe5841db0071bf7c34399d6ca86e23c4_JaffaCakes118
-
Size
1.4MB
-
Sample
240421-d81fxaad4v
-
MD5
fe5841db0071bf7c34399d6ca86e23c4
-
SHA1
c2d841b78f213e78c82dcf1ce080caea1dcfce94
-
SHA256
75ced5a4e9c5a9517dc6a8bc1652c3a4dd4a8de59e3e770b1989069038c5ab30
-
SHA512
e4c769758622ee15b95dd7ecde273379ceaa638ddc4494e7a8694eaba26227eb511420c7c47033eb93c9029547887907109e4ae66c68f019c4e798082d1d672d
-
SSDEEP
24576:q6mEIERW91TbmooLXQT58PQKmPh7sh4F45V6UVYPXtxFDiV+uFk51e:qC9RWPvmUq4KmPhC4CV6UVQxVQ5
Static task
static1
Behavioral task
behavioral1
Sample
fe5841db0071bf7c34399d6ca86e23c4_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
fe5841db0071bf7c34399d6ca86e23c4_JaffaCakes118
-
Size
1.4MB
-
MD5
fe5841db0071bf7c34399d6ca86e23c4
-
SHA1
c2d841b78f213e78c82dcf1ce080caea1dcfce94
-
SHA256
75ced5a4e9c5a9517dc6a8bc1652c3a4dd4a8de59e3e770b1989069038c5ab30
-
SHA512
e4c769758622ee15b95dd7ecde273379ceaa638ddc4494e7a8694eaba26227eb511420c7c47033eb93c9029547887907109e4ae66c68f019c4e798082d1d672d
-
SSDEEP
24576:q6mEIERW91TbmooLXQT58PQKmPh7sh4F45V6UVYPXtxFDiV+uFk51e:qC9RWPvmUq4KmPhC4CV6UVQxVQ5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-