General
-
Target
8bf51901b82464d18dd5e91c0736f411_JaffaCakes118
-
Size
1.7MB
-
Sample
240811-ztr2wasbrf
-
MD5
8bf51901b82464d18dd5e91c0736f411
-
SHA1
431c89078ee1d3ba489fe12ae415c7c83be632bb
-
SHA256
65b180f8cd123d8004d25686f07595a8ee69ace42c1c44e9f751b81f5e5d42b8
-
SHA512
8d9fabcf136defff821d20027ee66d4046ed5fe05a37b51515f211bc43d67e819e5099995ed9f22803d5b32e84954e510702e28cb297aae646c07129d8eacc28
-
SSDEEP
24576:V0Z60MGbKHWm+rPuB7ADEODRimQ6ugPExpmzTTWICkdrzGDPvJtLVj7T9H9w3dpg:uZTtLGtsDkmQFlzm5xd3GDVj7Lwtavv
Malware Config
Targets
-
-
Target
8bf51901b82464d18dd5e91c0736f411_JaffaCakes118
-
Size
1.7MB
-
MD5
8bf51901b82464d18dd5e91c0736f411
-
SHA1
431c89078ee1d3ba489fe12ae415c7c83be632bb
-
SHA256
65b180f8cd123d8004d25686f07595a8ee69ace42c1c44e9f751b81f5e5d42b8
-
SHA512
8d9fabcf136defff821d20027ee66d4046ed5fe05a37b51515f211bc43d67e819e5099995ed9f22803d5b32e84954e510702e28cb297aae646c07129d8eacc28
-
SSDEEP
24576:V0Z60MGbKHWm+rPuB7ADEODRimQ6ugPExpmzTTWICkdrzGDPvJtLVj7T9H9w3dpg:uZTtLGtsDkmQFlzm5xd3GDVj7Lwtavv
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-