Overview

overview

10

Static

static

1

022392e5a1...18.exe

windows7-x64

10

022392e5a1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    022392e5a18655eb36d27f34a0bf3366_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240427-b79bbage89

  • MD5

    022392e5a18655eb36d27f34a0bf3366

  • SHA1

    5853d671be7fdb81d29cdf7c8ef67e4879adf972

  • SHA256

    413d437af5e6401d2585907578e5f69b14f34172e1f0a734aebeb85d76038669

  • SHA512

    eba2cf8d70c4293ece11bf4a3387b4c036a224e01a4a268de153b4210ec31345b55e18f05ce50b52799fd447ce1298eced4fb56cd2dac5c01d1cdf30ed85296b

  • SSDEEP

    24576:Ktuv1am/ddzGsb/KmeYUIRllpwpGZu6rg8o1cNXQ9rGzYgkMJQYg:zvP/7iM/KmeYUIDIGZu6rg8kqmMO

Score
10/10
adwareevasionstealertrojan

Malware Config

Targets

    • Target

      022392e5a18655eb36d27f34a0bf3366_JaffaCakes118

    • Size

      1.0MB

    • MD5

      022392e5a18655eb36d27f34a0bf3366

    • SHA1

      5853d671be7fdb81d29cdf7c8ef67e4879adf972

    • SHA256

      413d437af5e6401d2585907578e5f69b14f34172e1f0a734aebeb85d76038669

    • SHA512

      eba2cf8d70c4293ece11bf4a3387b4c036a224e01a4a268de153b4210ec31345b55e18f05ce50b52799fd447ce1298eced4fb56cd2dac5c01d1cdf30ed85296b

    • SSDEEP

      24576:Ktuv1am/ddzGsb/KmeYUIRllpwpGZu6rg8o1cNXQ9rGzYgkMJQYg:zvP/7iM/KmeYUIDIGZu6rg8kqmMO

    Score
    10/10
    adwareevasionstealertrojan

    • UAC bypass

      evasiontrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks