General
-
Target
328ebad3b9024940b56a758598dd9811_JaffaCakes118
-
Size
4.3MB
-
Sample
240511-eb1wvabf3v
-
MD5
328ebad3b9024940b56a758598dd9811
-
SHA1
915ad091b5d250ff94aa2aec146dc5214558b0d8
-
SHA256
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
SHA512
2975063ec08f72a5d8747c84cb32efba335263f35f21daa137839262f82197b79658b450dec676a3a6887c229929210823fedc56630cea2137e2b9728bb405a1
-
SSDEEP
98304:F8FVXoBFq2fxnpNjMuSEO+RHh2qnRCZAgB1z2:0XBipxSI8IRczTz2
Static task
static1
Behavioral task
behavioral1
Sample
328ebad3b9024940b56a758598dd9811_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
rifat05.info
Targets
-
-
Target
328ebad3b9024940b56a758598dd9811_JaffaCakes118
-
Size
4.3MB
-
MD5
328ebad3b9024940b56a758598dd9811
-
SHA1
915ad091b5d250ff94aa2aec146dc5214558b0d8
-
SHA256
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
SHA512
2975063ec08f72a5d8747c84cb32efba335263f35f21daa137839262f82197b79658b450dec676a3a6887c229929210823fedc56630cea2137e2b9728bb405a1
-
SSDEEP
98304:F8FVXoBFq2fxnpNjMuSEO+RHh2qnRCZAgB1z2:0XBipxSI8IRczTz2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-