General
-
Target
4bf71b3abd284ac0ff360e12aaceda9e_JaffaCakes118
-
Size
1.3MB
-
Sample
240715-3zlzlaybjh
-
MD5
4bf71b3abd284ac0ff360e12aaceda9e
-
SHA1
b161f1a5907cad83fdc2ff66ca403cccd49b9620
-
SHA256
c70bfe96cc1c6ffd6b105305cc973bc30ca7224fa269a3c743cbe74e40f6b5f8
-
SHA512
650077b9d3bc569848bc255765a8a6729dc6d07909213b6418f862ceb63ace51490fb4bb616a41fe822f8a09fe6945a743646c11407dae474210461838045284
-
SSDEEP
24576:P2vn/if79Qf2qHlFfwjiDXyAq5U7sz4G9YJQFAqKsihO5QIeW2glD5m0mssS4tqO:PSfLAj0CAq5U7Q4/Cih3Ml/hsS4oO
Malware Config
Targets
-
-
Target
u1201.exe
-
Size
1.4MB
-
MD5
a6d19c2381ad7af78b13e6160f69c375
-
SHA1
356623a843c6d7fd46200e9437b8bff0ccc403a6
-
SHA256
902d0d7835a5d79092fab5c0ae62d2fa48138d354d06ad869969b48aa912ea9f
-
SHA512
716f26c05e19589a6e9b6cd9dbad695fbaa3c4b5c17c55f3e738e69766ec77fb5fb2df5d78eb5167fd28e5d09186ab9ece1f6be57c6c0c7c8e4463d9ba6d3866
-
SSDEEP
24576:hVvnPiktFpjyx9g6FAd60OXmEKIa15GeZ6Z4bJnou3Aa5AM5dzBSyuKlx1x0fSEg:Jpjn6Fo6AdIa15rZ64toaAM0Yx1eaD
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-