General

  • Target

    b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118

  • Size

    7.8MB

  • Sample

    240617-arhyrazcqk

  • MD5

    b5f3dd325087df34a6b65d6f5bf6d006

  • SHA1

    1acc502f8c7df367baae91ec250150834fee4c39

  • SHA256

    07874567640891e46b85c10b0322354736e97ff60886a1320eaf9005b09632cc

  • SHA512

    7c3e6331a0ab2c58e54848e0715074439be526bbd90b377fe1ef65bfde00c35023bdb70e28a5418099d30c147f2d0af401dd0a93bbd12efc5720a67e3578b48f

  • SSDEEP

    98304:FLVXc22cD7I0oHkBfIza8DYhMFgGAz9EqXvfRzkB1XTlL0fY+YFWvOGJatmZTarW:7VmkBwa8DYOF9Az7WBpJAfYRFWCgwJYt

Malware Config

Targets

    • Target

      b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118

    • Size

      7.8MB

    • MD5

      b5f3dd325087df34a6b65d6f5bf6d006

    • SHA1

      1acc502f8c7df367baae91ec250150834fee4c39

    • SHA256

      07874567640891e46b85c10b0322354736e97ff60886a1320eaf9005b09632cc

    • SHA512

      7c3e6331a0ab2c58e54848e0715074439be526bbd90b377fe1ef65bfde00c35023bdb70e28a5418099d30c147f2d0af401dd0a93bbd12efc5720a67e3578b48f

    • SSDEEP

      98304:FLVXc22cD7I0oHkBfIza8DYhMFgGAz9EqXvfRzkB1XTlL0fY+YFWvOGJatmZTarW:7VmkBwa8DYOF9Az7WBpJAfYRFWCgwJYt

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks