General
-
Target
735ac388b98e49a50708023b296273cf_JaffaCakes118
-
Size
1.4MB
-
Sample
240525-1n4n6abf4v
-
MD5
735ac388b98e49a50708023b296273cf
-
SHA1
ab475a9d86968b5246a8ae7275760ac4e5477557
-
SHA256
a9476caf6b51a10f7fc99d1ab4d922db71b3309dab81ce0ca2ee0124fe851b21
-
SHA512
e8633838b568f09e9c7a1bd3059c6a3edcc13f1d6a98b4fd3e6c27f769f8317412e74ec3788226248184b640a08ed19aa17a86cc88e8b5298ee0f673e60b545e
-
SSDEEP
24576:6tRJN4z+G7wSBGrL/2Gv1yxy71YU10Q/0qIz4oJoBSCiOagzF5Z/l2+U:G4zV7If2GkxE1UQ/0qA/JoBPaiF5Z/JU
Static task
static1
Behavioral task
behavioral1
Sample
FatalSquad.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FatalSquad.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
grabber_0.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
grabber_0.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
FatalSquad.exe
-
Size
473KB
-
MD5
d4959c95e7ab861797b1871629c81177
-
SHA1
e7acd541ea148cf13dd27aa3df5b53868fe6d707
-
SHA256
f8b562015da3c511d0f123049b85ea7b6639c5ebc0c504f18a0225ca765695eb
-
SHA512
9e8ec214603a16bf4ea60e1597f290b06248b4f13679cfa0364b467c78f764dd864ea6899e4bc5b43d82dd8d2533a3dff86f63bc32e676e67ea8e44d040d7afc
-
SSDEEP
3072:5bkgc9mF1/xr+OhRki4iBebwpmoYqDIRjVDC8nWg6tQ:5GmFDiOhRk+9YqDIRo
Score3/10 -
-
-
Target
grabber_0.exe
-
Size
1.3MB
-
MD5
72b531e6f7ab6cc4c2c62f878f492fa5
-
SHA1
7e4fecc4d6c37096d7637ee58725bcfd3ed1a7d4
-
SHA256
ceaffbe4b9e99f4fdceb8bc5d3e4b052b79381d2e34c6f97db49378d9a4a610f
-
SHA512
c950cc6bd5c157483dcef6def3763388e5a3770fe563042be35bac3a7e2f9a82af10f3d527f039e7bd80f6b37fcc99c6b5014fb85b8e749d68cf22fca347cbf9
-
SSDEEP
24576:b6BPE+oAXY4MYGAA9Q4/yfRDzyXLkdZzv9OsERa4xg99wLF20Ddq:cP9lq19wJKovkbg9mLFbq
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-