General
-
Target
3cf040c41c92703f439c9f7e9e3928fc_JaffaCakes118
-
Size
2.2MB
-
Sample
240513-217r1shb8z
-
MD5
3cf040c41c92703f439c9f7e9e3928fc
-
SHA1
2cc2acec057898e67a512107217cdda2fc4d5fa1
-
SHA256
350442635ff576593330b847b158ace7ee273318ba4a6589b73f8003f992cb93
-
SHA512
01a7b52c234254fd16463ee2e91a74f8cc32acaca6db6fd5fbaa557c0ca6598d5d16ea99ad08b63c6acf0ca82ee960273e5f0349a0a4de6a802ea235c479d90a
-
SSDEEP
49152:VjcGr41xHm/X4YsCYCiLFzRf0K8TzTdyPbabsz2mpYJ:9EdMX4Y/kFzpD8TzMWbszIJ
Static task
static1
Behavioral task
behavioral1
Sample
3cf040c41c92703f439c9f7e9e3928fc_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
3cf040c41c92703f439c9f7e9e3928fc_JaffaCakes118
-
Size
2.2MB
-
MD5
3cf040c41c92703f439c9f7e9e3928fc
-
SHA1
2cc2acec057898e67a512107217cdda2fc4d5fa1
-
SHA256
350442635ff576593330b847b158ace7ee273318ba4a6589b73f8003f992cb93
-
SHA512
01a7b52c234254fd16463ee2e91a74f8cc32acaca6db6fd5fbaa557c0ca6598d5d16ea99ad08b63c6acf0ca82ee960273e5f0349a0a4de6a802ea235c479d90a
-
SSDEEP
49152:VjcGr41xHm/X4YsCYCiLFzRf0K8TzTdyPbabsz2mpYJ:9EdMX4Y/kFzpD8TzMWbszIJ
-
Detect ZGRat V1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-