General

  • Target

    735ac388b98e49a50708023b296273cf_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240525-1n4n6abf4v

  • MD5

    735ac388b98e49a50708023b296273cf

  • SHA1

    ab475a9d86968b5246a8ae7275760ac4e5477557

  • SHA256

    a9476caf6b51a10f7fc99d1ab4d922db71b3309dab81ce0ca2ee0124fe851b21

  • SHA512

    e8633838b568f09e9c7a1bd3059c6a3edcc13f1d6a98b4fd3e6c27f769f8317412e74ec3788226248184b640a08ed19aa17a86cc88e8b5298ee0f673e60b545e

  • SSDEEP

    24576:6tRJN4z+G7wSBGrL/2Gv1yxy71YU10Q/0qIz4oJoBSCiOagzF5Z/l2+U:G4zV7If2GkxE1UQ/0qA/JoBPaiF5Z/JU

Score
9/10

Malware Config

Targets

    • Target

      FatalSquad.exe

    • Size

      473KB

    • MD5

      d4959c95e7ab861797b1871629c81177

    • SHA1

      e7acd541ea148cf13dd27aa3df5b53868fe6d707

    • SHA256

      f8b562015da3c511d0f123049b85ea7b6639c5ebc0c504f18a0225ca765695eb

    • SHA512

      9e8ec214603a16bf4ea60e1597f290b06248b4f13679cfa0364b467c78f764dd864ea6899e4bc5b43d82dd8d2533a3dff86f63bc32e676e67ea8e44d040d7afc

    • SSDEEP

      3072:5bkgc9mF1/xr+OhRki4iBebwpmoYqDIRjVDC8nWg6tQ:5GmFDiOhRk+9YqDIRo

    Score
    3/10
    • Target

      grabber_0.exe

    • Size

      1.3MB

    • MD5

      72b531e6f7ab6cc4c2c62f878f492fa5

    • SHA1

      7e4fecc4d6c37096d7637ee58725bcfd3ed1a7d4

    • SHA256

      ceaffbe4b9e99f4fdceb8bc5d3e4b052b79381d2e34c6f97db49378d9a4a610f

    • SHA512

      c950cc6bd5c157483dcef6def3763388e5a3770fe563042be35bac3a7e2f9a82af10f3d527f039e7bd80f6b37fcc99c6b5014fb85b8e749d68cf22fca347cbf9

    • SSDEEP

      24576:b6BPE+oAXY4MYGAA9Q4/yfRDzyXLkdZzv9OsERa4xg99wLF20Ddq:cP9lq19wJKovkbg9mLFbq

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks