General
-
Target
38e3b021f5cac0bc19bcdd76f6228771_JaffaCakes118
-
Size
4.3MB
-
Sample
240512-h14ktahe25
-
MD5
38e3b021f5cac0bc19bcdd76f6228771
-
SHA1
a6f23a56b70ef3ed327277bfec5eaf37d1505d89
-
SHA256
61540809d55eaa23ba0ac82ff4b530823c93fbc8e7097ccaeb8329e0eb1e48c1
-
SHA512
cd9504a0b317b9efac96999ee3cd6c4869c97d222149216506c971c2de5144f03969885cbd925797f5fe687d10dcf86abfed7581515131b7051ab0e8b521f222
-
SSDEEP
98304:YkeMI+e05/Nm5OJumFPtQAcLFNKJ4LowZkh52h0mPtQAYTTN/:e0FNcmdEBNq4Loek7MQvN/
Malware Config
Targets
-
-
Target
38e3b021f5cac0bc19bcdd76f6228771_JaffaCakes118
-
Size
4.3MB
-
MD5
38e3b021f5cac0bc19bcdd76f6228771
-
SHA1
a6f23a56b70ef3ed327277bfec5eaf37d1505d89
-
SHA256
61540809d55eaa23ba0ac82ff4b530823c93fbc8e7097ccaeb8329e0eb1e48c1
-
SHA512
cd9504a0b317b9efac96999ee3cd6c4869c97d222149216506c971c2de5144f03969885cbd925797f5fe687d10dcf86abfed7581515131b7051ab0e8b521f222
-
SSDEEP
98304:YkeMI+e05/Nm5OJumFPtQAcLFNKJ4LowZkh52h0mPtQAYTTN/:e0FNcmdEBNq4Loek7MQvN/
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1