82ae45fafd5e733228c16bd003fc6bda8c85e4d3e649de6dc9bff77eae41a513 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb7d7ce5f09fd437aa9cbbc0962272f7_JaffaCakes118
Size

1.4MB
Sample

240410-tyb9bsdh28
MD5

eb7d7ce5f09fd437aa9cbbc0962272f7
SHA1

2c3fb0bc7c8feb64f63ad1ce8367a3bca01901ad
SHA256

82ae45fafd5e733228c16bd003fc6bda8c85e4d3e649de6dc9bff77eae41a513
SHA512

795c7d5aef84072b77f8f222e0e945e5327dabc6e2f3d2a38d831acdeac86b844a41aeb624dbbc36196ce123c32fc039d07bba568f84a1638fec07310f8e45be
SSDEEP

24576:s7g3itGD6xAtJrBlUoVV/L1Gl61qK9RHPFeYG+SYyDsi4ET1azU34+/7XhULJ:ugStkSAH/FL1Gl6tFxG+Xi4ET1azS4+W

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  eb7d7ce5f09fd437aa9cbbc0962272f7_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  eb7d7ce5f09fd437aa9cbbc0962272f7
- SHA1
  
  2c3fb0bc7c8feb64f63ad1ce8367a3bca01901ad
- SHA256
  
  82ae45fafd5e733228c16bd003fc6bda8c85e4d3e649de6dc9bff77eae41a513
- SHA512
  
  795c7d5aef84072b77f8f222e0e945e5327dabc6e2f3d2a38d831acdeac86b844a41aeb624dbbc36196ce123c32fc039d07bba568f84a1638fec07310f8e45be
- SSDEEP
  
  24576:s7g3itGD6xAtJrBlUoVV/L1Gl61qK9RHPFeYG+SYyDsi4ET1azU34+/7XhULJ:ugStkSAH/FL1Gl6tFxG+Xi4ET1azS4+W
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2