General

  • Target

    4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240517-legqpsbh78

  • MD5

    4f5852d54f7f0333d1b1b5b46b1aa198

  • SHA1

    4f628db7d626873155ee474d22cea3f78cf563fd

  • SHA256

    51d644e7b7d4d80e5404640dfa5f9af5d4b715c61a31f7f7fe43e2a8713d5131

  • SHA512

    d9d1d07db8a68c8ea3557a94b6a390d1377d8efa1c9840975b326149a65726cdacec3d1da8b33529f9b22f102e4d8baa5ecf92bb7ab7cba7abf07c14f47e041b

  • SSDEEP

    49152:jao4F8of+GqWg/681WE99HS0RucgTyWKsGynvo+VXu4wWMo81veBhO3iH:2F8EJwxWY9HhlgTyLynAKXQUUvOhO3i

Malware Config

Targets

    • Target

      4f5852d54f7f0333d1b1b5b46b1aa198_JaffaCakes118

    • Size

      2.7MB

    • MD5

      4f5852d54f7f0333d1b1b5b46b1aa198

    • SHA1

      4f628db7d626873155ee474d22cea3f78cf563fd

    • SHA256

      51d644e7b7d4d80e5404640dfa5f9af5d4b715c61a31f7f7fe43e2a8713d5131

    • SHA512

      d9d1d07db8a68c8ea3557a94b6a390d1377d8efa1c9840975b326149a65726cdacec3d1da8b33529f9b22f102e4d8baa5ecf92bb7ab7cba7abf07c14f47e041b

    • SSDEEP

      49152:jao4F8of+GqWg/681WE99HS0RucgTyWKsGynvo+VXu4wWMo81veBhO3iH:2F8EJwxWY9HhlgTyLynAKXQUUvOhO3i

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks