General
-
Target
JaffaCakes118_bd699ddc84aab6948f952d2f08dbad12
-
Size
3.0MB
-
Sample
250109-e3xy9s1kgr
-
MD5
bd699ddc84aab6948f952d2f08dbad12
-
SHA1
b983ff066083f62d4b8ee8832256c1e745eca1ff
-
SHA256
95b609ceb06e3e98fa3f2d380bb9cfff4816610f416523aa684b68743a8c5f79
-
SHA512
aed7e1966fc9e61bbf56e90a78ea31e23500e33317e5b7d8bd8c7fe66473f5084ab70976947e879e76da4560535290007c27dd74813dd92f84befe45b6223e93
-
SSDEEP
98304:LGrj7Ltr7xuKP4Fi3xQNCrZdOpPuTPWncwlQ4:YvJV74EWNCrZd4mrWncW
Behavioral task
behavioral1
Sample
JaffaCakes118_bd699ddc84aab6948f952d2f08dbad12.exe
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
0.5.7B
asd
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
asd
-
delay
3
-
install
true
-
install_file
virus.exe
-
install_folder
%AppData%
Targets
-
-
Target
JaffaCakes118_bd699ddc84aab6948f952d2f08dbad12
-
Size
3.0MB
-
MD5
bd699ddc84aab6948f952d2f08dbad12
-
SHA1
b983ff066083f62d4b8ee8832256c1e745eca1ff
-
SHA256
95b609ceb06e3e98fa3f2d380bb9cfff4816610f416523aa684b68743a8c5f79
-
SHA512
aed7e1966fc9e61bbf56e90a78ea31e23500e33317e5b7d8bd8c7fe66473f5084ab70976947e879e76da4560535290007c27dd74813dd92f84befe45b6223e93
-
SSDEEP
98304:LGrj7Ltr7xuKP4Fi3xQNCrZdOpPuTPWncwlQ4:YvJV74EWNCrZd4mrWncW
-
Asyncrat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-