General
-
Target
JaffaCakes118_3748697efdcd300b7e0849b5a09ea08d
-
Size
7.3MB
-
Sample
241231-z3d7daskbl
-
MD5
3748697efdcd300b7e0849b5a09ea08d
-
SHA1
3f84385c51be2a835b53de332152db66fccb2f04
-
SHA256
87d396818c0a218924f68d6e8ab15e995178babb08cf695f15f8c6645e68907e
-
SHA512
b897705af00a9100526c88e5972d1b41c36f94a8de886be91d89a846d0ed72c1585f09a084fc9e381fdaa2c830fa48546ce3fd1b92d5dd1dbdfc4106ded96f3e
-
SSDEEP
98304:r4YPAsGmUpoa6y9dgn92fq+lGMOHhNo22mELD3bSAHUfQhVmQAW4thYeQXUpLsOm:sDV9IEqoG3Ho2XELd0YDmPawLsUI
Malware Config
Targets
-
-
Target
JaffaCakes118_3748697efdcd300b7e0849b5a09ea08d
-
Size
7.3MB
-
MD5
3748697efdcd300b7e0849b5a09ea08d
-
SHA1
3f84385c51be2a835b53de332152db66fccb2f04
-
SHA256
87d396818c0a218924f68d6e8ab15e995178babb08cf695f15f8c6645e68907e
-
SHA512
b897705af00a9100526c88e5972d1b41c36f94a8de886be91d89a846d0ed72c1585f09a084fc9e381fdaa2c830fa48546ce3fd1b92d5dd1dbdfc4106ded96f3e
-
SSDEEP
98304:r4YPAsGmUpoa6y9dgn92fq+lGMOHhNo22mELD3bSAHUfQhVmQAW4thYeQXUpLsOm:sDV9IEqoG3Ho2XELd0YDmPawLsUI
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Privateloader family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-