General
-
Target
d5d27e590e5e167859c6d8fdde8a9519_JaffaCakes118
-
Size
767KB
-
Sample
240909-hp599swdpj
-
MD5
d5d27e590e5e167859c6d8fdde8a9519
-
SHA1
a2689e51d7d68e2f5f941f615ec67ed8e35742ac
-
SHA256
3505dddb588b32470f61feb5bd15352c843a65d787f2ab4a52589b70da03e405
-
SHA512
11de5c61ffe790645a40d85cc8619739872bd971343b96e6099804f5ad0a80d7238e0103eebeb107ac0ebfbe0ace3ff75c9e04998bdb930773067e34ed32b2cb
-
SSDEEP
12288:N62XlzDBPF+QzMfkptiWscrb3YCuP04yCWtegnZsDHgaju1f4x/O6mmNpAVmjZoz:N6KVDBPsQx5pb3EP04yNeUZsDHgaK1lm
Malware Config
Targets
-
-
Target
d5d27e590e5e167859c6d8fdde8a9519_JaffaCakes118
-
Size
767KB
-
MD5
d5d27e590e5e167859c6d8fdde8a9519
-
SHA1
a2689e51d7d68e2f5f941f615ec67ed8e35742ac
-
SHA256
3505dddb588b32470f61feb5bd15352c843a65d787f2ab4a52589b70da03e405
-
SHA512
11de5c61ffe790645a40d85cc8619739872bd971343b96e6099804f5ad0a80d7238e0103eebeb107ac0ebfbe0ace3ff75c9e04998bdb930773067e34ed32b2cb
-
SSDEEP
12288:N62XlzDBPF+QzMfkptiWscrb3YCuP04yCWtegnZsDHgaju1f4x/O6mmNpAVmjZoz:N6KVDBPsQx5pb3EP04yNeUZsDHgaK1lm
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-