General
-
Target
84ed617163c46602cbac577800ca9af0_JaffaCakes118
-
Size
2.1MB
-
Sample
240530-v6qblagd53
-
MD5
84ed617163c46602cbac577800ca9af0
-
SHA1
44ece41b2f92117655b0aed8180890ab3a2e79a9
-
SHA256
7cedfec517d2cb0967ed42266802acbbdb12dfbac5f32d677f7b5a8d43544cf9
-
SHA512
455a990ee280a9445d1c3884e2ba2841e964f37d429a2742a91076e1bd819c0f8f692923700929d0fad88144c7916f2393d049b964bf9cba5cb99b42c1822233
-
SSDEEP
49152:T2pgPMMANpMshiMAZPMQQMCzTEBliSd/FTJEQbatj:T2pgPrssZLdBltd9TJ
Static task
static1
Behavioral task
behavioral1
Sample
84ed617163c46602cbac577800ca9af0_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
cryptbot
bibinene03.top
moraass05.top
Targets
-
-
Target
84ed617163c46602cbac577800ca9af0_JaffaCakes118
-
Size
2.1MB
-
MD5
84ed617163c46602cbac577800ca9af0
-
SHA1
44ece41b2f92117655b0aed8180890ab3a2e79a9
-
SHA256
7cedfec517d2cb0967ed42266802acbbdb12dfbac5f32d677f7b5a8d43544cf9
-
SHA512
455a990ee280a9445d1c3884e2ba2841e964f37d429a2742a91076e1bd819c0f8f692923700929d0fad88144c7916f2393d049b964bf9cba5cb99b42c1822233
-
SSDEEP
49152:T2pgPMMANpMshiMAZPMQQMCzTEBliSd/FTJEQbatj:T2pgPrssZLdBltd9TJ
-
CryptBot payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-