4d72bb1b2cc125798455739c93abe80c4c43b9813458b2fd748c728c7ca8605f | Triage

Sharing

General

Target

1490734d2cb04eb7c49635b7fccd9734_JaffaCakes118
Size

1.7MB
Sample

240329-bds28sdh86
MD5

1490734d2cb04eb7c49635b7fccd9734
SHA1

50f0486c1e02484d3322385f57b123e252485bad
SHA256

4d72bb1b2cc125798455739c93abe80c4c43b9813458b2fd748c728c7ca8605f
SHA512

e8d09efbc6aad609d2075c44d031a503dbe4b3fe6f9599c60306da0fa63d68d5b866388e26fc75c6ca999bd66121dbe5e94ee0019d7aaf4533b1a0219a139c50
SSDEEP

12288:bICRzoU6wL0Yq67NvNbIRFbjanFszhRMuYPqRfKwxCBpknawwfhUp:bICMW1q6BqFbS2zn2FLyn/wfhU

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1490734d2cb04eb7c49635b7fccd9734_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  1490734d2cb04eb7c49635b7fccd9734
- SHA1
  
  50f0486c1e02484d3322385f57b123e252485bad
- SHA256
  
  4d72bb1b2cc125798455739c93abe80c4c43b9813458b2fd748c728c7ca8605f
- SHA512
  
  e8d09efbc6aad609d2075c44d031a503dbe4b3fe6f9599c60306da0fa63d68d5b866388e26fc75c6ca999bd66121dbe5e94ee0019d7aaf4533b1a0219a139c50
- SSDEEP
  
  12288:bICRzoU6wL0Yq67NvNbIRFbjanFszhRMuYPqRfKwxCBpknawwfhUp:bICMW1q6BqFbS2zn2FLyn/wfhU
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2