General
-
Target
7246695e06de9c71eb2ed84fa4121448_JaffaCakes118
-
Size
3.1MB
-
Sample
240525-rwc2qsgc27
-
MD5
7246695e06de9c71eb2ed84fa4121448
-
SHA1
1ceaa0e776a20982048a6e2bf84115b77c4c5380
-
SHA256
0ede85e79e9c14808d4de76e57d4c198196c4ea588ae01b56570bb76e55416eb
-
SHA512
9fbaa4964eacb97f96b63e629ade4e2b5700f5ccdef6e4a440a5624d9f7fe8c9f65e5f7e88d5e094e5b7f6d07b52ced2da3cda306cb9f159217c271800581e47
-
SSDEEP
49152:H7WDsRdQjaUOUuelYEv8atNt8i/PosmB5OxofJk4wiBDwCXYO/:H2sAOUOUuelBVqsskxofq4w6
Static task
static1
Behavioral task
behavioral1
Sample
7246695e06de9c71eb2ed84fa4121448_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
vidar
4.2
207
http://binacoirel.com/
-
profile_id
207
Targets
-
-
Target
7246695e06de9c71eb2ed84fa4121448_JaffaCakes118
-
Size
3.1MB
-
MD5
7246695e06de9c71eb2ed84fa4121448
-
SHA1
1ceaa0e776a20982048a6e2bf84115b77c4c5380
-
SHA256
0ede85e79e9c14808d4de76e57d4c198196c4ea588ae01b56570bb76e55416eb
-
SHA512
9fbaa4964eacb97f96b63e629ade4e2b5700f5ccdef6e4a440a5624d9f7fe8c9f65e5f7e88d5e094e5b7f6d07b52ced2da3cda306cb9f159217c271800581e47
-
SSDEEP
49152:H7WDsRdQjaUOUuelYEv8atNt8i/PosmB5OxofJk4wiBDwCXYO/:H2sAOUOUuelBVqsskxofq4w6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-