General
-
Target
04b660dd7d39fa9cc3e95e1dd2656c03_JaffaCakes118
-
Size
2.8MB
-
Sample
240623-3xywdayfng
-
MD5
04b660dd7d39fa9cc3e95e1dd2656c03
-
SHA1
c3f73d9a1327c40282ad9f7827c39f7d132d9925
-
SHA256
c8c1efbb81508f5f6aa047cef3bf470e9f547bc0dfec2d4fb4a4fccd0ab481ec
-
SHA512
7a4e60b8467a3d0fe3a90ac9a073d08d50f196e8c9e0e658da376edd879f75763dba77aaecf5dfbc056fefa0f8ef56c4fff3c8a4d0eefea79b7b0e2c11d72879
-
SSDEEP
49152:0TcsW/bL2aJY6gyuJZ010dTkz2CqEr36KmZa8kawTuTPmMTzfqCx:0gt/JY6gJZaqTkzd6KNzTuyMHh
Malware Config
Targets
-
-
Target
04b660dd7d39fa9cc3e95e1dd2656c03_JaffaCakes118
-
Size
2.8MB
-
MD5
04b660dd7d39fa9cc3e95e1dd2656c03
-
SHA1
c3f73d9a1327c40282ad9f7827c39f7d132d9925
-
SHA256
c8c1efbb81508f5f6aa047cef3bf470e9f547bc0dfec2d4fb4a4fccd0ab481ec
-
SHA512
7a4e60b8467a3d0fe3a90ac9a073d08d50f196e8c9e0e658da376edd879f75763dba77aaecf5dfbc056fefa0f8ef56c4fff3c8a4d0eefea79b7b0e2c11d72879
-
SSDEEP
49152:0TcsW/bL2aJY6gyuJZ010dTkz2CqEr36KmZa8kawTuTPmMTzfqCx:0gt/JY6gJZaqTkzd6KNzTuyMHh
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-