General
-
Target
6eea66a6e9875547c9f9215428141902_JaffaCakes118
-
Size
1.8MB
-
Sample
241023-pmxcxa1hpn
-
MD5
6eea66a6e9875547c9f9215428141902
-
SHA1
d5b36df76d684df1693c359061d1de086fbe64e0
-
SHA256
4b2ed73de06d0ca3fc62179593223adf95f7118c542d1c5a8761f0629ef0cad7
-
SHA512
fe406ab7568715f2d07d798bbf6158615a9a7b2de299f9a816f168dea0560dc67ff769fd7dc60f5f6354adbe544a85b97f63d389df33641d9b5cb1bc0f46cf69
-
SSDEEP
49152:4vyv0jQUJhNzP5QeQybVoXpRtbv9IjPkCh9/:4g0jQ754QtBIgS
Static task
static1
Behavioral task
behavioral1
Sample
6eea66a6e9875547c9f9215428141902_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
6eea66a6e9875547c9f9215428141902_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
buer
http://lodddd01.info/
http://lodddd02.info/
Targets
-
-
Target
6eea66a6e9875547c9f9215428141902_JaffaCakes118
-
Size
1.8MB
-
MD5
6eea66a6e9875547c9f9215428141902
-
SHA1
d5b36df76d684df1693c359061d1de086fbe64e0
-
SHA256
4b2ed73de06d0ca3fc62179593223adf95f7118c542d1c5a8761f0629ef0cad7
-
SHA512
fe406ab7568715f2d07d798bbf6158615a9a7b2de299f9a816f168dea0560dc67ff769fd7dc60f5f6354adbe544a85b97f63d389df33641d9b5cb1bc0f46cf69
-
SSDEEP
49152:4vyv0jQUJhNzP5QeQybVoXpRtbv9IjPkCh9/:4g0jQ754QtBIgS
Score10/10-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-