General
-
Target
1bd241a838e2a5c6a90fbb18c7df6872_JaffaCakes118
-
Size
2.4MB
-
Sample
240701-vqhltatdjj
-
MD5
1bd241a838e2a5c6a90fbb18c7df6872
-
SHA1
c2e201a59b4e5596b30471636d6a39ff5eb20863
-
SHA256
3b2f71e5570d5c609bebf61fd2e9975fb1e5f3243013284fc6cb3a04b763d704
-
SHA512
8366159cab9e990628630a88ea3f07a43b7f670c2b58838a3f7a2da92d5fc3d6227cbcc19b8a18af08c65f63b288181dd4aae585650d669c324d156418dfc0e4
-
SSDEEP
49152:HkbHiSRFfrG+palCHHvZgWe7UoJJeIS3e:
Static task
static1
Behavioral task
behavioral1
Sample
1bd241a838e2a5c6a90fbb18c7df6872_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
1bd241a838e2a5c6a90fbb18c7df6872_JaffaCakes118
-
Size
2.4MB
-
MD5
1bd241a838e2a5c6a90fbb18c7df6872
-
SHA1
c2e201a59b4e5596b30471636d6a39ff5eb20863
-
SHA256
3b2f71e5570d5c609bebf61fd2e9975fb1e5f3243013284fc6cb3a04b763d704
-
SHA512
8366159cab9e990628630a88ea3f07a43b7f670c2b58838a3f7a2da92d5fc3d6227cbcc19b8a18af08c65f63b288181dd4aae585650d669c324d156418dfc0e4
-
SSDEEP
49152:HkbHiSRFfrG+palCHHvZgWe7UoJJeIS3e:
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-