General
-
Target
1a95ab857da467d5cb3cd01d4aceffbf_JaffaCakes118
-
Size
9.6MB
-
Sample
240701-j93wbavbpq
-
MD5
1a95ab857da467d5cb3cd01d4aceffbf
-
SHA1
1443211540fcc95ff06bebcfef107b4bd6aa9464
-
SHA256
5c8c1ba308589209ee021928be751c9bc3d077afc9cc258445aabc872832c3df
-
SHA512
56f8613860a7a25307d4de3ebd281678e9fc799bc61b3d6602cec5d0f70c8ef331a406bcbdf43ddb3562205def8f7d27d67dd66fd5af74927ec70f2c3b0af147
-
SSDEEP
196608:RASnM9FkLVn4OOWpOTISSgVU6KXJfFeD/pnjM3/0uUKY5avetwfgl40:R9B45WpO/SHfFKdg6Kxetwa40
Malware Config
Targets
-
-
Target
bin/SuperRecovery.exe
-
Size
3.1MB
-
MD5
c4ea6ec77547e2ae10aaccd3703758ad
-
SHA1
d074ef159ec92a1ff3285d9c9fc3f8361c0d667c
-
SHA256
0427e32b4aad5bb2cf29c5d086b8c67ed18850372203f866ee3b46da80af0c53
-
SHA512
dd1b2c2f7c933a95ad1e3ceab9397f70df2858d2a6511fbc0f8a337afb5b9c4a0b1480fe0425a30734ede6d0250eb3f96b39abb12edd6c4864f93f0bd8b464ff
-
SSDEEP
98304:+sPsBnixR8FjC3j3fj6HPzm/02bL3rVlG:++xRujCTjUe1fy
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
SuperRecovery.exe
-
Size
3.1MB
-
MD5
c4ea6ec77547e2ae10aaccd3703758ad
-
SHA1
d074ef159ec92a1ff3285d9c9fc3f8361c0d667c
-
SHA256
0427e32b4aad5bb2cf29c5d086b8c67ed18850372203f866ee3b46da80af0c53
-
SHA512
dd1b2c2f7c933a95ad1e3ceab9397f70df2858d2a6511fbc0f8a337afb5b9c4a0b1480fe0425a30734ede6d0250eb3f96b39abb12edd6c4864f93f0bd8b464ff
-
SSDEEP
98304:+sPsBnixR8FjC3j3fj6HPzm/02bL3rVlG:++xRujCTjUe1fy
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
gdiplus.dll
-
Size
1.6MB
-
MD5
3317698f2090dd811f0aa93190e13c82
-
SHA1
c38988e544df349bcfe4b51cb383ab206e2fc06b
-
SHA256
830915b87cbc95217f58b8b499f73b618607c0164e0aa1217722eae18c1fb321
-
SHA512
12e6ebfba3a9639ebc83056f20c8d4307104d7198736e52236e94fd10edbb4bd9de9d29bbff630279c3a770c3f0c158497ac8e32798505709c50bf3c7df8b2ae
-
SSDEEP
24576:TSWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/KjO:ThwltF7C3/ouMvoslp3onL
Score3/10 -
-
-
Target
bin/gdiplus.dll
-
Size
1.6MB
-
MD5
3317698f2090dd811f0aa93190e13c82
-
SHA1
c38988e544df349bcfe4b51cb383ab206e2fc06b
-
SHA256
830915b87cbc95217f58b8b499f73b618607c0164e0aa1217722eae18c1fb321
-
SHA512
12e6ebfba3a9639ebc83056f20c8d4307104d7198736e52236e94fd10edbb4bd9de9d29bbff630279c3a770c3f0c158497ac8e32798505709c50bf3c7df8b2ae
-
SSDEEP
24576:TSWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/KjO:ThwltF7C3/ouMvoslp3onL
Score3/10 -
-
-
Target
bin/新云软件.url
-
Size
133B
-
MD5
4f0017b3b346bd0626f0c3b915e6e734
-
SHA1
823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
-
SHA256
df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
-
SHA512
0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score1/10 -
-
-
Target
使用帮助.chm
-
Size
4.0MB
-
MD5
ef06423fc07a7a9f79560d3cbbb27235
-
SHA1
e0701fd0a9fa857972c0f044409ddda39b85c7f0
-
SHA256
7a5d8a8e9539fb99cbb0f99ae1cb9db40315a2f0ae8301fbfbb20472c2cb2daa
-
SHA512
656dd5f2f4631798ea7fd3a6e720e9cd13585d413bde95937dc079f1a0f2a77ebcdd02d5b90f652805552ef020b9f359f6b98e17edf5430f47e85c8e3ca708f3
-
SSDEEP
98304:4AqoDOHhrn9OURmBsSYX+TPMNzBdAqoDOHhrn9OURmBsSYX+TPMNzBY:2oDURAU6lYXpzZoDURAU6lYXpz6
Score1/10 -
-
-
Target
数据恢复软件.exe
-
Size
256KB
-
MD5
be55444862f0fe75c2e88b2827c70778
-
SHA1
e4776e94fbd113a612d34972e456a0206b5f9b9a
-
SHA256
630681e67850ee544ef80f85ac9d5d5b8a8286897daff2dae97058d82945f209
-
SHA512
eb0740a38663f5ebba3373283968254819d8091617d05ba79f4cdbcde2ecbc2325a39842b6c4e81eeb807cd93c857dbd3b91151a33a04e6a0765170b9c5b2dd7
-
SSDEEP
3072:IB5ZN4WOq0EpSnTAvNVyHcOXt4nMKUVC/9QOAEZl87xzA2IFOOOOOYBYUYUYUYUh:IB5Z6fEpSnsvHM/cl87NIa9CA3w
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
点此购买软件.url
-
Size
172B
-
MD5
3de31c1f8b1983400dab7b6b393ed394
-
SHA1
96cecad693a28d376fb8b5366ff4e57948a6f5fe
-
SHA256
039f38b7448cf23f6bbcdf3e61cf9a5de7a85d9ae2d3fdcf48fb4fe4c1f30084
-
SHA512
4079d89392ca570c5fa1860fcd20f49c7624f94982849184a9581df5b1a72060aa8020a5aaae296782181a126e3a2da96ef3bef3faedfdbdb87a8ffb9ccc66ed
Score1/10 -