General
-
Target
7feaba431a42a40cb1e8587456b904db_JaffaCakes118
-
Size
2.1MB
-
Sample
240529-h6xdpaeg6v
-
MD5
7feaba431a42a40cb1e8587456b904db
-
SHA1
d8b91ad566fd2779895d188c8b9b8f2d48e898f1
-
SHA256
687b6bd075c80985f5e38c24da153e1aeaf53afa2643eb5d0d00c936f6591c85
-
SHA512
abff85eeb883c6cd5a038294c019fa3961751d55090cc59f076bfc6946f73713842da5f62bc951f199a6275cf9ed9a3a0eff564b60db47f91a56693bf32d9279
-
SSDEEP
49152:qIOygdzOYVih2MT3YeWRSFzN6Yr0yCSZL:qI2zTMoPeN3Cq
Static task
static1
Behavioral task
behavioral1
Sample
7feaba431a42a40cb1e8587456b904db_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
cryptbot
bibinene03.top
moraass05.top
Targets
-
-
Target
7feaba431a42a40cb1e8587456b904db_JaffaCakes118
-
Size
2.1MB
-
MD5
7feaba431a42a40cb1e8587456b904db
-
SHA1
d8b91ad566fd2779895d188c8b9b8f2d48e898f1
-
SHA256
687b6bd075c80985f5e38c24da153e1aeaf53afa2643eb5d0d00c936f6591c85
-
SHA512
abff85eeb883c6cd5a038294c019fa3961751d55090cc59f076bfc6946f73713842da5f62bc951f199a6275cf9ed9a3a0eff564b60db47f91a56693bf32d9279
-
SSDEEP
49152:qIOygdzOYVih2MT3YeWRSFzN6Yr0yCSZL:qI2zTMoPeN3Cq
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-