General
-
Target
3c778f009f174d2756a31406830b341b_JaffaCakes118
-
Size
4.4MB
-
Sample
240513-zcbzbsdd37
-
MD5
3c778f009f174d2756a31406830b341b
-
SHA1
62daa8e43f128204883e114ce09e6ca0490d34f4
-
SHA256
9f3fcd5171ab38c5c86259ea5a91fdc64a4e3a965a6fd932218a1bd5064d789d
-
SHA512
42f37cbb1d3c579db0e6cfda99f860be64ae60eaeaee4b1e306619dacd54172dbf76519d58efde8437c438354cbd3ccdf1000bb61acaa81f83e14561919ac4c5
-
SSDEEP
98304:8OiBMegXuL/YtSsM1uw9Wndzg/A7nZJkn1Lq977zseSc59Crv:5imLoYtAukH4TZJkM973lDo
Malware Config
Targets
-
-
Target
3c778f009f174d2756a31406830b341b_JaffaCakes118
-
Size
4.4MB
-
MD5
3c778f009f174d2756a31406830b341b
-
SHA1
62daa8e43f128204883e114ce09e6ca0490d34f4
-
SHA256
9f3fcd5171ab38c5c86259ea5a91fdc64a4e3a965a6fd932218a1bd5064d789d
-
SHA512
42f37cbb1d3c579db0e6cfda99f860be64ae60eaeaee4b1e306619dacd54172dbf76519d58efde8437c438354cbd3ccdf1000bb61acaa81f83e14561919ac4c5
-
SSDEEP
98304:8OiBMegXuL/YtSsM1uw9Wndzg/A7nZJkn1Lq977zseSc59Crv:5imLoYtAukH4TZJkM973lDo
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-