General
-
Target
JaffaCakes118_b4ed4ecab8f70b7f1c845aff6d6d4395
-
Size
11.3MB
-
Sample
250109-asyqlasnfm
-
MD5
b4ed4ecab8f70b7f1c845aff6d6d4395
-
SHA1
5eb39a1f6083945169485a328071376b5595caa3
-
SHA256
fd90d547cf8c1075a9cb5cc51c70c5aad5eac3f9f16b7211b252417f287cafa1
-
SHA512
347d9441fd59b1339d68d8548ad3e8236cb853e210bead6781cbbd42e4ff034210cbeb1841be8f45e5c1cb1603f64f34fe907140bf719daffb8a22b42bab56ff
-
SSDEEP
196608:FG7LtKmheQrlMoYQWhGnbSKbGd6g53HRVu7vHDpS1IqBRU7kCs2q:FWUQrlMFrEbS753xVu7vHhqBa4Cs
Behavioral task
behavioral1
Sample
JaffaCakes118_b4ed4ecab8f70b7f1c845aff6d6d4395.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
JaffaCakes118_b4ed4ecab8f70b7f1c845aff6d6d4395
-
Size
11.3MB
-
MD5
b4ed4ecab8f70b7f1c845aff6d6d4395
-
SHA1
5eb39a1f6083945169485a328071376b5595caa3
-
SHA256
fd90d547cf8c1075a9cb5cc51c70c5aad5eac3f9f16b7211b252417f287cafa1
-
SHA512
347d9441fd59b1339d68d8548ad3e8236cb853e210bead6781cbbd42e4ff034210cbeb1841be8f45e5c1cb1603f64f34fe907140bf719daffb8a22b42bab56ff
-
SSDEEP
196608:FG7LtKmheQrlMoYQWhGnbSKbGd6g53HRVu7vHDpS1IqBRU7kCs2q:FWUQrlMFrEbS753xVu7vHhqBa4Cs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-