156b938650396ca58781396ab4c9f98f01188d61a9aeeeb8d7cfc5119960e4cd | Triage

Sharing

General

Target

41de873fc32e644ca9d5b7fbfd0e9fd3_JaffaCakes118
Size

1.1MB
Sample

240514-r3297sbc9s
MD5

41de873fc32e644ca9d5b7fbfd0e9fd3
SHA1

73aa931e8c6f7437cb3e7234a5860aef201ce957
SHA256

156b938650396ca58781396ab4c9f98f01188d61a9aeeeb8d7cfc5119960e4cd
SHA512

7d544d2bc2d6cb69c836fe74766054b9a104c77cdfb20ad4ba14001ac01f65ab11755371d9f48f80066b9013f4afe996122cb9ec9d841e6ea69356facffa9d82
SSDEEP

24576:iGwsWy/7Cab83RI3i0Iw+76n9cmnYiMSCMKrUDy:iOnDKI3iXwSw9Bn4Sqiy

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  41de873fc32e644ca9d5b7fbfd0e9fd3_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  41de873fc32e644ca9d5b7fbfd0e9fd3
- SHA1
  
  73aa931e8c6f7437cb3e7234a5860aef201ce957
- SHA256
  
  156b938650396ca58781396ab4c9f98f01188d61a9aeeeb8d7cfc5119960e4cd
- SHA512
  
  7d544d2bc2d6cb69c836fe74766054b9a104c77cdfb20ad4ba14001ac01f65ab11755371d9f48f80066b9013f4afe996122cb9ec9d841e6ea69356facffa9d82
- SSDEEP
  
  24576:iGwsWy/7Cab83RI3i0Iw+76n9cmnYiMSCMKrUDy:iOnDKI3iXwSw9Bn4Sqiy
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2