General
-
Target
13842292b894939dabc62c2370c0094c_JaffaCakes118
-
Size
4.2MB
-
Sample
240504-trx78aah8t
-
MD5
13842292b894939dabc62c2370c0094c
-
SHA1
405bfa3788bcf6fbab169e90442134f4e9bedeb9
-
SHA256
9a1d6cabb8a80b1ff7ac31d8c01f3522ca64860a8b9816eda57d44d7e994ec5a
-
SHA512
6e77bea261b8100d2288f8ee8f13fef033a2dc3a8d45d4198fe955bec63b82e66d6f1d542b3767e498188251d951825caaf44e4a9a40e0f15e185f59d3e828b3
-
SSDEEP
98304:hFhmmnjy6kFUpuf0xK/7UqS+Xv7yn3EeeQ069sWU/:hFhvm6kykf0xK/TBXmn33eCsl
Static task
static1
Behavioral task
behavioral1
Sample
13842292b894939dabc62c2370c0094c_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
bibinene01.top
moraass05.top
Targets
-
-
Target
13842292b894939dabc62c2370c0094c_JaffaCakes118
-
Size
4.2MB
-
MD5
13842292b894939dabc62c2370c0094c
-
SHA1
405bfa3788bcf6fbab169e90442134f4e9bedeb9
-
SHA256
9a1d6cabb8a80b1ff7ac31d8c01f3522ca64860a8b9816eda57d44d7e994ec5a
-
SHA512
6e77bea261b8100d2288f8ee8f13fef033a2dc3a8d45d4198fe955bec63b82e66d6f1d542b3767e498188251d951825caaf44e4a9a40e0f15e185f59d3e828b3
-
SSDEEP
98304:hFhmmnjy6kFUpuf0xK/7UqS+Xv7yn3EeeQ069sWU/:hFhvm6kykf0xK/TBXmn33eCsl
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-