General
-
Target
342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118
-
Size
18.1MB
-
Sample
240511-mrr8msfg35
-
MD5
342b6eafbc9f18889a492925a33a2cc5
-
SHA1
041fcba34d990603fd63074394c40243312a4dfe
-
SHA256
90263f5e0ceee73af6ee6ca4dac8e6441c1f5c39607512a954e42887a5a0bb3a
-
SHA512
d58819cad03fb0625129dd3a7fc3846ead1e028944b6516af8f3ca0261c2619ebda78be0a6f3d4cf87b03556fd10d5d49f695ce829997128d0eee115ebec4da7
-
SSDEEP
393216:Xm4I12ZQV+9llWqi0a2jVbHp5hAK0w5sXQr+xP9fPACdObQvnQ9ScGnCRByGz/O3:Xm4IcZMQWqzVbpb0IsXQ89npOE1crzm3
Malware Config
Targets
-
-
Target
342b6eafbc9f18889a492925a33a2cc5_JaffaCakes118
-
Size
18.1MB
-
MD5
342b6eafbc9f18889a492925a33a2cc5
-
SHA1
041fcba34d990603fd63074394c40243312a4dfe
-
SHA256
90263f5e0ceee73af6ee6ca4dac8e6441c1f5c39607512a954e42887a5a0bb3a
-
SHA512
d58819cad03fb0625129dd3a7fc3846ead1e028944b6516af8f3ca0261c2619ebda78be0a6f3d4cf87b03556fd10d5d49f695ce829997128d0eee115ebec4da7
-
SSDEEP
393216:Xm4I12ZQV+9llWqi0a2jVbHp5hAK0w5sXQr+xP9fPACdObQvnQ9ScGnCRByGz/O3:Xm4IcZMQWqzVbpb0IsXQ89npOE1crzm3
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
7399323923e3946fe9140132ac388132
-
SHA1
728257d06c452449b1241769b459f091aabcffc5
-
SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
-
SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
SSDEEP
192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
9301577ff4d229347fe33259b43ef3b2
-
SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d
-
SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
-
SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisdl.dll
-
Size
15KB
-
MD5
5fadae311a0c96a8314f463520a08bf3
-
SHA1
7c4445bd00985050546b473f1892e5e917fbb058
-
SHA256
93d03b5b15484e37315f3f0bb1d60a38e666fe714a9a0a28f831f6228c587562
-
SHA512
045d1bbf9802b204354757c94d0b90fc3b9f490dc3d68b12ec0fc83e127c3544c123df3cabb9a4285742d38fa9bcfaf376c800ba3cbbfd84ac624dc89a1dc4b9
-
SSDEEP
384:dhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUOb:dhyd8Y67WGg8B/Eie
Score3/10 -
-
-
Target
$PLUGINSDIR/version.dll
-
Size
22KB
-
MD5
fbe588b15eb1bd86defade69f796b56f
-
SHA1
2f63cf44039addddb22c2c0497673b49e6b3ad7a
-
SHA256
31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f
-
SHA512
e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d
-
SSDEEP
384:6Qx38r8QfiLpVjOXf4Rrd2IpZn8LI2EdGZ5D6PDo3rsyfyC8n:6Qx38r8Qgp1OvYd2zqGZ5D6PDmXf98
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
DriverAssist.exe
-
Size
14.8MB
-
MD5
a705d4503c5d46b58f9c62ff101a4493
-
SHA1
7df14bdda16ecbd268566d812bd43963b7b866b0
-
SHA256
e71e9ad7ebebc5b65dcd3a5f6e90041aaf31896fb7733c984b6a603b79f721f4
-
SHA512
ba47a299e9fa9fe781b09c9e8bd78143dca86af239c1525de70a57eef38736fa7e1934314d81618a7340f6f24ba33383f7e388fa5368274e8885bce1134d8960
-
SSDEEP
196608:eTXEzqkShkYHM6bETH24CIj88o5JvqN2ud4nLKr4RElS9OK:e6qk+M6b224CA88ojvwBqKrD+7
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-