General
-
Target
9132f38d07551a01a621e887b92f84e8_JaffaCakes118
-
Size
2.7MB
-
Sample
240603-kv6t4aah34
-
MD5
9132f38d07551a01a621e887b92f84e8
-
SHA1
0e0871abf5b16b731107be4c1c3b4fd912be0b5a
-
SHA256
0b1ce2c44e41074ef79fd8ab66dc29059f9e35b1bc2cfdf43e68c9eef7db09b5
-
SHA512
b542ddaa200b108f37f73dfd36e511a7aea64ee6570a275ec376e8e6a260d3adb91e39a6e0356cd2848ab3d52f2ed219303e77196883b5c71649f876a6db499d
-
SSDEEP
49152:iGkA4N1Dym4cLSI7WojJgo07wQLMX8T/PnRO3kMnVCruVj5D+PoJN:jkA4rV4DIn90DMsTxO3nVnj5qPoH
Static task
static1
Behavioral task
behavioral1
Sample
9132f38d07551a01a621e887b92f84e8_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
9132f38d07551a01a621e887b92f84e8_JaffaCakes118
-
Size
2.7MB
-
MD5
9132f38d07551a01a621e887b92f84e8
-
SHA1
0e0871abf5b16b731107be4c1c3b4fd912be0b5a
-
SHA256
0b1ce2c44e41074ef79fd8ab66dc29059f9e35b1bc2cfdf43e68c9eef7db09b5
-
SHA512
b542ddaa200b108f37f73dfd36e511a7aea64ee6570a275ec376e8e6a260d3adb91e39a6e0356cd2848ab3d52f2ed219303e77196883b5c71649f876a6db499d
-
SSDEEP
49152:iGkA4N1Dym4cLSI7WojJgo07wQLMX8T/PnRO3kMnVCruVj5D+PoJN:jkA4rV4DIn90DMsTxO3nVnj5qPoH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-