General
-
Target
729bd917fdec61841edaa84e74c2e83e_JaffaCakes118
-
Size
4.3MB
-
Sample
240525-vaa7ssah6x
-
MD5
729bd917fdec61841edaa84e74c2e83e
-
SHA1
6d7dff01d55ee110186f4d1181214c8ac2fd6dbd
-
SHA256
cfb55929f093fc7b2b92d4bf53ea5850b787daa1337034d038274c709f29b4f0
-
SHA512
2977260b37cdfb9bc1bcb7333c42194ab18cee059c9364f25120f111a4a15bbc97b4430df70da497a06096241c54e6189f09eb7e1d4d774ee273a4f0184931a3
-
SSDEEP
98304:aqSh5zRZwYeMMIV3PsU6Z8y6TaOphYLYSHinQpUt/YV5DyzFf:ajHYOpCm/s9y
Malware Config
Targets
-
-
Target
729bd917fdec61841edaa84e74c2e83e_JaffaCakes118
-
Size
4.3MB
-
MD5
729bd917fdec61841edaa84e74c2e83e
-
SHA1
6d7dff01d55ee110186f4d1181214c8ac2fd6dbd
-
SHA256
cfb55929f093fc7b2b92d4bf53ea5850b787daa1337034d038274c709f29b4f0
-
SHA512
2977260b37cdfb9bc1bcb7333c42194ab18cee059c9364f25120f111a4a15bbc97b4430df70da497a06096241c54e6189f09eb7e1d4d774ee273a4f0184931a3
-
SSDEEP
98304:aqSh5zRZwYeMMIV3PsU6Z8y6TaOphYLYSHinQpUt/YV5DyzFf:ajHYOpCm/s9y
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-