General
-
Target
0140a745a3d50602f682794dee1d706a_JaffaCakes118
-
Size
2.1MB
-
Sample
240426-vpqwssha8y
-
MD5
0140a745a3d50602f682794dee1d706a
-
SHA1
92e80b0de3d4e7a2f26269324c7fc1018d066fdf
-
SHA256
ee5b09954a950e20e33ce451943a8c5175952debebc38e9e2ef936919024ac0d
-
SHA512
41d6b17efc1cbec2433feb2dd0b39bf51c16f6c2cc384ce975b3d44c4286f8c00caa9209360eb656221ef6b67dc867ddd5b1f81bd71869fdefdaac15058ae4f7
-
SSDEEP
49152:ysUNRFq5IlO39JyC1lgRlX2S3aTYg0dB8nrDpH:yZdqEONJz16vmS3lg5N
Static task
static1
Behavioral task
behavioral1
Sample
0140a745a3d50602f682794dee1d706a_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
cryptbot
bibinene03.top
moraass05.top
Targets
-
-
Target
0140a745a3d50602f682794dee1d706a_JaffaCakes118
-
Size
2.1MB
-
MD5
0140a745a3d50602f682794dee1d706a
-
SHA1
92e80b0de3d4e7a2f26269324c7fc1018d066fdf
-
SHA256
ee5b09954a950e20e33ce451943a8c5175952debebc38e9e2ef936919024ac0d
-
SHA512
41d6b17efc1cbec2433feb2dd0b39bf51c16f6c2cc384ce975b3d44c4286f8c00caa9209360eb656221ef6b67dc867ddd5b1f81bd71869fdefdaac15058ae4f7
-
SSDEEP
49152:ysUNRFq5IlO39JyC1lgRlX2S3aTYg0dB8nrDpH:yZdqEONJz16vmS3lg5N
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-