General
-
Target
ea9959027a40f8f790dc0437babbe4f5_JaffaCakes118
-
Size
1.8MB
-
Sample
240919-e9jp8a1ene
-
MD5
ea9959027a40f8f790dc0437babbe4f5
-
SHA1
1a36009d24064efe1990191aa8f680f94b54a837
-
SHA256
298ecd7b16625f49a3e79c0480788afdcfbe1bfd46e42f0871a544e27a75e665
-
SHA512
a3b77ec01ca31de2fc42a4f08e91c21026dc4eca3cf7b71e970618988c50b654b7743b31fd59f24294e21796d5f1b40c6da2dd86f2f8c143eb6e1140289792c3
-
SSDEEP
49152:+6hpLjGi4n7PvMlN9s1UgAmMkp12yX3dObIJfN:+LiKPvoKmgHMwndOi
Malware Config
Targets
-
-
Target
ea9959027a40f8f790dc0437babbe4f5_JaffaCakes118
-
Size
1.8MB
-
MD5
ea9959027a40f8f790dc0437babbe4f5
-
SHA1
1a36009d24064efe1990191aa8f680f94b54a837
-
SHA256
298ecd7b16625f49a3e79c0480788afdcfbe1bfd46e42f0871a544e27a75e665
-
SHA512
a3b77ec01ca31de2fc42a4f08e91c21026dc4eca3cf7b71e970618988c50b654b7743b31fd59f24294e21796d5f1b40c6da2dd86f2f8c143eb6e1140289792c3
-
SSDEEP
49152:+6hpLjGi4n7PvMlN9s1UgAmMkp12yX3dObIJfN:+LiKPvoKmgHMwndOi
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-