General

  • Target

    914acb0e4d15d20ffd6454795990fd70_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240603-lhy46abd92

  • MD5

    914acb0e4d15d20ffd6454795990fd70

  • SHA1

    5fd229adb8d623ee4d88241e345cbddb05f76c48

  • SHA256

    f7ceb08d2f953aaf94f31098e116d72d2e9dd1f6c2498bfd03fb7ad77c55717f

  • SHA512

    987edcf675748aba99882d9efc9527e1582cb82fc5489f22e3186ce72fe913e692804d5b1d06c07973e5995cb43031e4057fe34bb7be4bdf9b859ab60f8a2853

  • SSDEEP

    98304:JJ5RHOktBboDyQqUErbe2AVxCOshLPFLXkwnIzzCb/YV5DyzFfFni:/7YDy9yQ5fb/s9y7i

Malware Config

Targets

    • Target

      914acb0e4d15d20ffd6454795990fd70_JaffaCakes118

    • Size

      4.2MB

    • MD5

      914acb0e4d15d20ffd6454795990fd70

    • SHA1

      5fd229adb8d623ee4d88241e345cbddb05f76c48

    • SHA256

      f7ceb08d2f953aaf94f31098e116d72d2e9dd1f6c2498bfd03fb7ad77c55717f

    • SHA512

      987edcf675748aba99882d9efc9527e1582cb82fc5489f22e3186ce72fe913e692804d5b1d06c07973e5995cb43031e4057fe34bb7be4bdf9b859ab60f8a2853

    • SSDEEP

      98304:JJ5RHOktBboDyQqUErbe2AVxCOshLPFLXkwnIzzCb/YV5DyzFfFni:/7YDy9yQ5fb/s9y7i

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks