General
-
Target
8eca83d9c612875250282821af24a863_JaffaCakes118
-
Size
5.3MB
-
Sample
240812-py5hnawaqf
-
MD5
8eca83d9c612875250282821af24a863
-
SHA1
561b80ee86c3e494c4f96d98da9c25e61fe7f3a4
-
SHA256
dd5c72b89990df36fcd4a859a711cb2fb6af98a519f17a7269e2beb7ee083186
-
SHA512
44369ca35342864f4742d7da2c42bd761e0b3b9c4c4c593220a4e38f4a942e6dad0804eb0c8c93b2696c0ec88bae6af212b2aa8419d4972615b6346fc304fe14
-
SSDEEP
98304:iAGGJ8J4v0YCOJuQQGABrPxnzD5KJDv9pfwIx5tsmPUihXPIVOSgVDj4pLdl2vC:lMJrwJuQLAPxnivJ5t9ssXPIsSQX4pLD
Malware Config
Targets
-
-
Target
8eca83d9c612875250282821af24a863_JaffaCakes118
-
Size
5.3MB
-
MD5
8eca83d9c612875250282821af24a863
-
SHA1
561b80ee86c3e494c4f96d98da9c25e61fe7f3a4
-
SHA256
dd5c72b89990df36fcd4a859a711cb2fb6af98a519f17a7269e2beb7ee083186
-
SHA512
44369ca35342864f4742d7da2c42bd761e0b3b9c4c4c593220a4e38f4a942e6dad0804eb0c8c93b2696c0ec88bae6af212b2aa8419d4972615b6346fc304fe14
-
SSDEEP
98304:iAGGJ8J4v0YCOJuQQGABrPxnzD5KJDv9pfwIx5tsmPUihXPIVOSgVDj4pLdl2vC:lMJrwJuQLAPxnivJ5t9ssXPIsSQX4pLD
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-