General
-
Target
747af7ee58944a2f1ad8cbcac3b788a7_JaffaCakes118
-
Size
2.9MB
-
Sample
240726-r2354sxeqg
-
MD5
747af7ee58944a2f1ad8cbcac3b788a7
-
SHA1
fc5c44b83017339e07a386397f13d06939a5d8fd
-
SHA256
026b73f612f4c1a9a6144aca74a0e17cd9b767e3b9547af4844c01a5dd31e0fd
-
SHA512
fd406a2edbc4b8e4698ca593baac8f816707fb6e03a60d92cbd9e293b2406f75dc0e771eaff21c08bbcd359feb27011e25ebec8862927c666291e3f8db70c6ea
-
SSDEEP
49152:fOvbJp7HMUgLNu6e4t8dmr2Ar7TRjGSHR4jA4/rmCE6uXuHj4AmS1a2bf:Wf7G46FtwmqU7TRB4jAg+Xu0s57
Static task
static1
Behavioral task
behavioral1
Sample
747af7ee58944a2f1ad8cbcac3b788a7_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
747af7ee58944a2f1ad8cbcac3b788a7_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
747af7ee58944a2f1ad8cbcac3b788a7_JaffaCakes118
-
Size
2.9MB
-
MD5
747af7ee58944a2f1ad8cbcac3b788a7
-
SHA1
fc5c44b83017339e07a386397f13d06939a5d8fd
-
SHA256
026b73f612f4c1a9a6144aca74a0e17cd9b767e3b9547af4844c01a5dd31e0fd
-
SHA512
fd406a2edbc4b8e4698ca593baac8f816707fb6e03a60d92cbd9e293b2406f75dc0e771eaff21c08bbcd359feb27011e25ebec8862927c666291e3f8db70c6ea
-
SSDEEP
49152:fOvbJp7HMUgLNu6e4t8dmr2Ar7TRjGSHR4jA4/rmCE6uXuHj4AmS1a2bf:Wf7G46FtwmqU7TRB4jAg+Xu0s57
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-