General
-
Target
b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118
-
Size
7.8MB
-
Sample
240617-arhyrazcqk
-
MD5
b5f3dd325087df34a6b65d6f5bf6d006
-
SHA1
1acc502f8c7df367baae91ec250150834fee4c39
-
SHA256
07874567640891e46b85c10b0322354736e97ff60886a1320eaf9005b09632cc
-
SHA512
7c3e6331a0ab2c58e54848e0715074439be526bbd90b377fe1ef65bfde00c35023bdb70e28a5418099d30c147f2d0af401dd0a93bbd12efc5720a67e3578b48f
-
SSDEEP
98304:FLVXc22cD7I0oHkBfIza8DYhMFgGAz9EqXvfRzkB1XTlL0fY+YFWvOGJatmZTarW:7VmkBwa8DYOF9Az7WBpJAfYRFWCgwJYt
Static task
static1
Behavioral task
behavioral1
Sample
b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
b5f3dd325087df34a6b65d6f5bf6d006_JaffaCakes118
-
Size
7.8MB
-
MD5
b5f3dd325087df34a6b65d6f5bf6d006
-
SHA1
1acc502f8c7df367baae91ec250150834fee4c39
-
SHA256
07874567640891e46b85c10b0322354736e97ff60886a1320eaf9005b09632cc
-
SHA512
7c3e6331a0ab2c58e54848e0715074439be526bbd90b377fe1ef65bfde00c35023bdb70e28a5418099d30c147f2d0af401dd0a93bbd12efc5720a67e3578b48f
-
SSDEEP
98304:FLVXc22cD7I0oHkBfIza8DYhMFgGAz9EqXvfRzkB1XTlL0fY+YFWvOGJatmZTarW:7VmkBwa8DYOF9Az7WBpJAfYRFWCgwJYt
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-