General
-
Target
043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118
-
Size
876KB
-
Sample
240622-2thvbaybqg
-
MD5
043f3061b5b97d60b539e2fd7c0450ac
-
SHA1
6d84525ffc3ca9d7792f33883f7a51e133797ba2
-
SHA256
1d4d5f90b2ae553582a8a621595eabe8d2e4bd5573eb5f95c974e58f8f6308c4
-
SHA512
d48735f57574fdc897d009085aa5b0d169821886258021c824e03bc1d1c6a846a50240030f60d0a73dbb43cdc873a58f78a15e02049d66ecc1578180bc93e8ec
-
SSDEEP
12288:f0Ts0GIFWKY4pJImq/TJk2J2gqR01Mf/Ygz8TUw7XdkeCnkI4N8266WySF6/UgWN:fP0GIO+O/dHrM3MUDe6dyJWPCVB49
Static task
static1
Behavioral task
behavioral1
Sample
043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
043f3061b5b97d60b539e2fd7c0450ac_JaffaCakes118
-
Size
876KB
-
MD5
043f3061b5b97d60b539e2fd7c0450ac
-
SHA1
6d84525ffc3ca9d7792f33883f7a51e133797ba2
-
SHA256
1d4d5f90b2ae553582a8a621595eabe8d2e4bd5573eb5f95c974e58f8f6308c4
-
SHA512
d48735f57574fdc897d009085aa5b0d169821886258021c824e03bc1d1c6a846a50240030f60d0a73dbb43cdc873a58f78a15e02049d66ecc1578180bc93e8ec
-
SSDEEP
12288:f0Ts0GIFWKY4pJImq/TJk2J2gqR01Mf/Ygz8TUw7XdkeCnkI4N8266WySF6/UgWN:fP0GIO+O/dHrM3MUDe6dyJWPCVB49
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-