9a6624f1026bb119414c3d6f45c0012f9cfd6592a3fd39e48497a2811b8a6a25 | Triage

Sharing

General

Target

4f22d084d8ea61a5bd04105d5adf696a_JaffaCakes118
Size

9.5MB
Sample

240517-j61a1shd49
MD5

4f22d084d8ea61a5bd04105d5adf696a
SHA1

7407a472eb3fc38ce535965a12a03056e67b16dc
SHA256

9a6624f1026bb119414c3d6f45c0012f9cfd6592a3fd39e48497a2811b8a6a25
SHA512

281e02f269b3fa04f9bbbdab517461c8cd0c834b61176540414cd49a5e937e9b12ac5c1eda12b7608576e9d3ac16b4aab9132cb92182f0c7fb839dbea1ee9f62
SSDEEP

196608:hqBcRH2WLL5eUt0q3sTg2jvWfQ7KjbCLl1zRgM6x9C1Vj:EBcRx5B0q3s7vL2jbyfmx9Aj

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  4f22d084d8ea61a5bd04105d5adf696a_JaffaCakes118
- Size
  
  9.5MB
- MD5
  
  4f22d084d8ea61a5bd04105d5adf696a
- SHA1
  
  7407a472eb3fc38ce535965a12a03056e67b16dc
- SHA256
  
  9a6624f1026bb119414c3d6f45c0012f9cfd6592a3fd39e48497a2811b8a6a25
- SHA512
  
  281e02f269b3fa04f9bbbdab517461c8cd0c834b61176540414cd49a5e937e9b12ac5c1eda12b7608576e9d3ac16b4aab9132cb92182f0c7fb839dbea1ee9f62
- SSDEEP
  
  196608:hqBcRH2WLL5eUt0q3sTg2jvWfQ7KjbCLl1zRgM6x9C1Vj:EBcRx5B0q3s7vL2jbyfmx9Aj
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2