General
-
Target
JaffaCakes118_dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78
-
Size
4.1MB
-
Sample
241224-akfj2swnfk
-
MD5
65b9a2bb5e5510eda9a351da1f95e508
-
SHA1
673472622fed797b1afb577d0053c9ee2d83d675
-
SHA256
dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78
-
SHA512
028aa956ebaf1e20219f8d25fb55f087bbcc68f93e13833ae2be70995cd16696c3cd36fe9accafc00ef20975e3bb016ecd924e264217629cd814971d761020f8
-
SSDEEP
98304:xly2wGPLwrHKNVXf1WOWxQmeaVPnNPi0ambpBcs/zdPvHrCi9FZF:PwGPLwLKNlkOWzPd/pBdLr9bF
Behavioral task
behavioral1
Sample
JaffaCakes118_dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
3.01
1ce576
-
install_dir
91a0189a82
-
install_file
tkools.exe
-
strings_key
5031c806169b48d93a79100688ba0f46
-
url_paths
/g8lvleE2z/index.php
Targets
-
-
Target
JaffaCakes118_dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78
-
Size
4.1MB
-
MD5
65b9a2bb5e5510eda9a351da1f95e508
-
SHA1
673472622fed797b1afb577d0053c9ee2d83d675
-
SHA256
dfc643f0c12447398ce3700e22d52442a4773494bc6a7ebc836e6260a0eb3f78
-
SHA512
028aa956ebaf1e20219f8d25fb55f087bbcc68f93e13833ae2be70995cd16696c3cd36fe9accafc00ef20975e3bb016ecd924e264217629cd814971d761020f8
-
SSDEEP
98304:xly2wGPLwrHKNVXf1WOWxQmeaVPnNPi0ambpBcs/zdPvHrCi9FZF:PwGPLwLKNlkOWzPd/pBdLr9bF
-
Amadey family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-