General
-
Target
0b0968b621bce390ddbcffe8cb910837_JaffaCakes118
-
Size
2.0MB
-
Sample
240501-entnashe64
-
MD5
0b0968b621bce390ddbcffe8cb910837
-
SHA1
c82603d8a9086cfa8b7de41e74dc5d5203b87b39
-
SHA256
010a6069f6885e4a5a67e3e91759e7938a32ab157342d5e51eb168e57b73d7f7
-
SHA512
c81cf7ad2ecfa9223bc7ef30cc59fa8c7e4ccd3916405dd9b1b6079536da948dd92405ecbfcff67655fa8c0f861f7c13dc70328bf3899f7610d747557a77c3b1
-
SSDEEP
49152:WRnh8X/iBdNckR2Tqe93bRl2lYkT9H4KmEpjppTeCQB783z5hTI2bKf:WRn2PiBPckoOKRl2lPVpzeCM78jbKf
Static task
static1
Behavioral task
behavioral1
Sample
0b0968b621bce390ddbcffe8cb910837_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
bibinene01.top
moraass05.top
Targets
-
-
Target
0b0968b621bce390ddbcffe8cb910837_JaffaCakes118
-
Size
2.0MB
-
MD5
0b0968b621bce390ddbcffe8cb910837
-
SHA1
c82603d8a9086cfa8b7de41e74dc5d5203b87b39
-
SHA256
010a6069f6885e4a5a67e3e91759e7938a32ab157342d5e51eb168e57b73d7f7
-
SHA512
c81cf7ad2ecfa9223bc7ef30cc59fa8c7e4ccd3916405dd9b1b6079536da948dd92405ecbfcff67655fa8c0f861f7c13dc70328bf3899f7610d747557a77c3b1
-
SSDEEP
49152:WRnh8X/iBdNckR2Tqe93bRl2lYkT9H4KmEpjppTeCQB783z5hTI2bKf:WRn2PiBPckoOKRl2lPVpzeCM78jbKf
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-