General
-
Target
116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118
-
Size
242KB
-
Sample
240504-elljxacf6w
-
MD5
116ec1b12439d8bbd2a4220e8a0c034a
-
SHA1
b9acb1845b16752bfca051cd4f9ddb2487c7493d
-
SHA256
1cc6193073a75d7ab69bc94ba2265ebaf3ee0e4780684acd242bb4eea298be6f
-
SHA512
e33587be241640a30f0cb060a0d55bc140a63ce9d5eefb9c21dfc1f894ee73b4f727ba7d6d8bc2aac095ea6b8357c2118cd4a5bff1ba6d88c4fe94a53d95b6b0
-
SSDEEP
6144:39ka8sKwB/q/4JZmFUq59nT4drJrLOgRHLslh2PA73:3KsRFq/uZmCq59TkVrLRrsr2PA73
Malware Config
Targets
-
-
Target
116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118
-
Size
242KB
-
MD5
116ec1b12439d8bbd2a4220e8a0c034a
-
SHA1
b9acb1845b16752bfca051cd4f9ddb2487c7493d
-
SHA256
1cc6193073a75d7ab69bc94ba2265ebaf3ee0e4780684acd242bb4eea298be6f
-
SHA512
e33587be241640a30f0cb060a0d55bc140a63ce9d5eefb9c21dfc1f894ee73b4f727ba7d6d8bc2aac095ea6b8357c2118cd4a5bff1ba6d88c4fe94a53d95b6b0
-
SSDEEP
6144:39ka8sKwB/q/4JZmFUq59nT4drJrLOgRHLslh2PA73:3KsRFq/uZmCq59TkVrLRrsr2PA73
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-