General

  • Target

    JaffaCakes118_b4ed4ecab8f70b7f1c845aff6d6d4395

  • Size

    11.3MB

  • Sample

    250109-asyqlasnfm

  • MD5

    b4ed4ecab8f70b7f1c845aff6d6d4395

  • SHA1

    5eb39a1f6083945169485a328071376b5595caa3

  • SHA256

    fd90d547cf8c1075a9cb5cc51c70c5aad5eac3f9f16b7211b252417f287cafa1

  • SHA512

    347d9441fd59b1339d68d8548ad3e8236cb853e210bead6781cbbd42e4ff034210cbeb1841be8f45e5c1cb1603f64f34fe907140bf719daffb8a22b42bab56ff

  • SSDEEP

    196608:FG7LtKmheQrlMoYQWhGnbSKbGd6g53HRVu7vHDpS1IqBRU7kCs2q:FWUQrlMFrEbS753xVu7vHhqBa4Cs

Malware Config

Targets

    • Target

      JaffaCakes118_b4ed4ecab8f70b7f1c845aff6d6d4395

    • Size

      11.3MB

    • MD5

      b4ed4ecab8f70b7f1c845aff6d6d4395

    • SHA1

      5eb39a1f6083945169485a328071376b5595caa3

    • SHA256

      fd90d547cf8c1075a9cb5cc51c70c5aad5eac3f9f16b7211b252417f287cafa1

    • SHA512

      347d9441fd59b1339d68d8548ad3e8236cb853e210bead6781cbbd42e4ff034210cbeb1841be8f45e5c1cb1603f64f34fe907140bf719daffb8a22b42bab56ff

    • SSDEEP

      196608:FG7LtKmheQrlMoYQWhGnbSKbGd6g53HRVu7vHDpS1IqBRU7kCs2q:FWUQrlMFrEbS753xVu7vHhqBa4Cs

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks