General
-
Target
67b369f0a0ed76a6013bc9aeecdbae31_JaffaCakes118
-
Size
2.0MB
-
Sample
240522-spnekaff49
-
MD5
67b369f0a0ed76a6013bc9aeecdbae31
-
SHA1
902a13d8565b3d47e14ee042474ae7589e5c67ea
-
SHA256
594d68c6b76ccac03aeec7e6c336f8abe3ce680c74c3f4eae350d2bcd3966c56
-
SHA512
956685aeb621c7671f219059bb54627d49e01f76b2badf39c214f1361c77002f38fb00d671029f701bcd8fb481a683581cd24eeccfc6e4f9ca57547a565980b9
-
SSDEEP
49152:ZzXxQzLE0M8C8pHs/XAvLX32Qfoh3tFNL2Ro6:Z7xQfplFvLXNfoJp6R
Static task
static1
Behavioral task
behavioral1
Sample
67b369f0a0ed76a6013bc9aeecdbae31_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
cryptbot
bibinene01.top
moraass05.top
Targets
-
-
Target
67b369f0a0ed76a6013bc9aeecdbae31_JaffaCakes118
-
Size
2.0MB
-
MD5
67b369f0a0ed76a6013bc9aeecdbae31
-
SHA1
902a13d8565b3d47e14ee042474ae7589e5c67ea
-
SHA256
594d68c6b76ccac03aeec7e6c336f8abe3ce680c74c3f4eae350d2bcd3966c56
-
SHA512
956685aeb621c7671f219059bb54627d49e01f76b2badf39c214f1361c77002f38fb00d671029f701bcd8fb481a683581cd24eeccfc6e4f9ca57547a565980b9
-
SSDEEP
49152:ZzXxQzLE0M8C8pHs/XAvLX32Qfoh3tFNL2Ro6:Z7xQfplFvLXNfoJp6R
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-