32b7fdc1308d2414383dc5cda0942e84bdc3072b5157f4175254bd064b21b802 | Triage

Sharing

General

Target

03087282bff4648494fad71faaf8176c_JaffaCakes118
Size

1.1MB
Sample

240427-mdc7kahb6w
MD5

03087282bff4648494fad71faaf8176c
SHA1

2c2db6864fbd030691de8fd66eec882b5f89ffc1
SHA256

32b7fdc1308d2414383dc5cda0942e84bdc3072b5157f4175254bd064b21b802
SHA512

0c7e03498869a8ec16411ff76a474cdc6161d38a287114b3ccfe8c0d086ac1b8519adaa0041fca919af7c4477f728b16315c353323bbeb0dea5dd1be8420017b
SSDEEP

24576:hax2z+5P9W4bveC4KuEemOw8iz5GKRgB8V9Urv0Jf:Ex2z2VDbveC4KucT8yGKe872v0Jf

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  03087282bff4648494fad71faaf8176c_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  03087282bff4648494fad71faaf8176c
- SHA1
  
  2c2db6864fbd030691de8fd66eec882b5f89ffc1
- SHA256
  
  32b7fdc1308d2414383dc5cda0942e84bdc3072b5157f4175254bd064b21b802
- SHA512
  
  0c7e03498869a8ec16411ff76a474cdc6161d38a287114b3ccfe8c0d086ac1b8519adaa0041fca919af7c4477f728b16315c353323bbeb0dea5dd1be8420017b
- SSDEEP
  
  24576:hax2z+5P9W4bveC4KuEemOw8iz5GKRgB8V9Urv0Jf:Ex2z2VDbveC4KucT8yGKe872v0Jf
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2