General
-
Target
e5ed6dbdeb7754f7fad7427c1dd6007c_JaffaCakes118
-
Size
856KB
-
Sample
240407-1mr9qsfe93
-
MD5
e5ed6dbdeb7754f7fad7427c1dd6007c
-
SHA1
9fcde531902ddc849c0a565c41e780bfcca00707
-
SHA256
844a48b6f4257a94d563db0038bb9478968cf8b6208a3b7c1cb7bb244d0be4c0
-
SHA512
b8bf700ce0af188eb52acc595d2fa73c5b1e041d05ba0363bdce514b31df6ff7bf6463b6308fbbd7c01dd261e3afe507624e802b352c4eab3ab619a2986c7d09
-
SSDEEP
12288:Z+oNficcDBhKhxjm/1OFYmRXEwoqA7BjWjlh5ChVMfC8566nkRaCTKKkH8GE4nsA:Z+oJqAxjm/otEJ7BjY5lfncfwHRYRgp
Static task
static1
Behavioral task
behavioral1
Sample
e5ed6dbdeb7754f7fad7427c1dd6007c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e5ed6dbdeb7754f7fad7427c1dd6007c_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Targets
-
-
Target
e5ed6dbdeb7754f7fad7427c1dd6007c_JaffaCakes118
-
Size
856KB
-
MD5
e5ed6dbdeb7754f7fad7427c1dd6007c
-
SHA1
9fcde531902ddc849c0a565c41e780bfcca00707
-
SHA256
844a48b6f4257a94d563db0038bb9478968cf8b6208a3b7c1cb7bb244d0be4c0
-
SHA512
b8bf700ce0af188eb52acc595d2fa73c5b1e041d05ba0363bdce514b31df6ff7bf6463b6308fbbd7c01dd261e3afe507624e802b352c4eab3ab619a2986c7d09
-
SSDEEP
12288:Z+oNficcDBhKhxjm/1OFYmRXEwoqA7BjWjlh5ChVMfC8566nkRaCTKKkH8GE4nsA:Z+oJqAxjm/otEJ7BjY5lfncfwHRYRgp
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1