General
-
Target
0cd3d8724238e5bc80d2b890c56489ab_JaffaCakes118
-
Size
2.3MB
-
Sample
240501-28gksshh7v
-
MD5
0cd3d8724238e5bc80d2b890c56489ab
-
SHA1
cc6b11f8efe41593e7b9bf83af6c501ada065655
-
SHA256
816a1b2e626d2819767b6667b7e9ce51f704d98899ff4dc2e74db2dc537b9f64
-
SHA512
e24bcd0f26f6f82650c89d9e61335de3b040b7223c3a587b97f164d26012195920cc968920347b1a48e1178f56fc7ea27a7d8debe9fdf9b359af4413f25d24ae
-
SSDEEP
49152:udLroH9hYKB3ZkXUi934XElBgvAPJtyc+:uho91B3yXUKI0lX6c+
Static task
static1
Behavioral task
behavioral1
Sample
0cd3d8724238e5bc80d2b890c56489ab_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
bibinene01.top
moraass05.top
Targets
-
-
Target
0cd3d8724238e5bc80d2b890c56489ab_JaffaCakes118
-
Size
2.3MB
-
MD5
0cd3d8724238e5bc80d2b890c56489ab
-
SHA1
cc6b11f8efe41593e7b9bf83af6c501ada065655
-
SHA256
816a1b2e626d2819767b6667b7e9ce51f704d98899ff4dc2e74db2dc537b9f64
-
SHA512
e24bcd0f26f6f82650c89d9e61335de3b040b7223c3a587b97f164d26012195920cc968920347b1a48e1178f56fc7ea27a7d8debe9fdf9b359af4413f25d24ae
-
SSDEEP
49152:udLroH9hYKB3ZkXUi934XElBgvAPJtyc+:uho91B3yXUKI0lX6c+
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-