General
-
Target
2cad591b1c5a2d87cb20de38ca1116d7_JaffaCakes118
-
Size
2.3MB
-
Sample
241009-hjfgnazeml
-
MD5
2cad591b1c5a2d87cb20de38ca1116d7
-
SHA1
f3ae7f08b3bb0a141c7469cee441e5626d1e87fa
-
SHA256
2732405a4130bb555040b053178e15b7f7002578eb336129778e434cc47ed0a4
-
SHA512
6a118b525aa1fa46b93d150f09f42278914c1537f5ba7a972c4cbcbc9a43570c721d159eb3bbf43beba97ccf48299bdcdb9b66c6731b6ea9484444911349f85d
-
SSDEEP
49152:Pm7fqoot4ZKhywlLR6NmWjsQk6eSZjDZ2w6fNhUProRq4oW1S9:wawKhyo16N5sQLeGDZRcq4I9
Malware Config
Targets
-
-
Target
2cad591b1c5a2d87cb20de38ca1116d7_JaffaCakes118
-
Size
2.3MB
-
MD5
2cad591b1c5a2d87cb20de38ca1116d7
-
SHA1
f3ae7f08b3bb0a141c7469cee441e5626d1e87fa
-
SHA256
2732405a4130bb555040b053178e15b7f7002578eb336129778e434cc47ed0a4
-
SHA512
6a118b525aa1fa46b93d150f09f42278914c1537f5ba7a972c4cbcbc9a43570c721d159eb3bbf43beba97ccf48299bdcdb9b66c6731b6ea9484444911349f85d
-
SSDEEP
49152:Pm7fqoot4ZKhywlLR6NmWjsQk6eSZjDZ2w6fNhUProRq4oW1S9:wawKhyo16N5sQLeGDZRcq4I9
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-