General
-
Target
f6296d424541b3b74136f828030da575_JaffaCakes118
-
Size
1.5MB
-
Sample
241215-26l3ha1qgt
-
MD5
f6296d424541b3b74136f828030da575
-
SHA1
325717fbfcbad31e9fd4716117d6d6baf4cc9771
-
SHA256
bd5ebfb042a28eb07da247ca70cf85b139b3dc9b0c36eeb2defa09f27c4e3e49
-
SHA512
4e2f372ba64753bcf6fed19f0e7e994a7fe20309f6f201d58b619c70a22c550bae81b6914581317998a9a8d542070ebf6b90fac56416b5f2ecdd90bcc99e0dd2
-
SSDEEP
24576:ixUZDVO3WbxBltnsiu3iAYj1/YSY993LvWlz/+xFAMEtW:ZZDM07lRs93fk0xFANW
Behavioral task
behavioral1
Sample
f6296d424541b3b74136f828030da575_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f6296d424541b3b74136f828030da575_JaffaCakes118
-
Size
1.5MB
-
MD5
f6296d424541b3b74136f828030da575
-
SHA1
325717fbfcbad31e9fd4716117d6d6baf4cc9771
-
SHA256
bd5ebfb042a28eb07da247ca70cf85b139b3dc9b0c36eeb2defa09f27c4e3e49
-
SHA512
4e2f372ba64753bcf6fed19f0e7e994a7fe20309f6f201d58b619c70a22c550bae81b6914581317998a9a8d542070ebf6b90fac56416b5f2ecdd90bcc99e0dd2
-
SSDEEP
24576:ixUZDVO3WbxBltnsiu3iAYj1/YSY993LvWlz/+xFAMEtW:ZZDM07lRs93fk0xFANW
-
Darkcomet family
-
Modifies firewall policy service
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Virtualization/Sandbox Evasion
1