Overview

overview

9

Static

static

7

85937231af...18.exe

windows10-1703-x64

9

Resubmissions

31/05/2024, 01:37

240531-b2bsvsbe26 9

31/05/2024, 01:24

240531-bskz6sah73 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    85937231afe7626ac4fac8659248b994_JaffaCakes118

  • Size

    5.9MB

  • Sample

    240531-b2bsvsbe26

  • MD5

    85937231afe7626ac4fac8659248b994

  • SHA1

    fdce7cddb02f74648580d09fb0264ba24a60ee12

  • SHA256

    fdd1c899d2c7e8d4b36cf79f4a19b1dd902ebacabaa9d7cfa9d326d11561db59

  • SHA512

    2b940f82fe9922a43b622b37317f62a4fd1cc04c25288202f9d37dd69e78aa9757c6d201483a753e4a42dee74c8aae242b17be18905dbf9a14bbad6cc08e6f3a

  • SSDEEP

    98304:FDMC9BBn2qfS6gzfnU65TGbSGKGUKOHKrRtXkc43ZymItN/i0hj10s:FISBF2qfSvnUiMS9KPXD4/If/i052s

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      85937231afe7626ac4fac8659248b994_JaffaCakes118

    • Size

      5.9MB

    • MD5

      85937231afe7626ac4fac8659248b994

    • SHA1

      fdce7cddb02f74648580d09fb0264ba24a60ee12

    • SHA256

      fdd1c899d2c7e8d4b36cf79f4a19b1dd902ebacabaa9d7cfa9d326d11561db59

    • SHA512

      2b940f82fe9922a43b622b37317f62a4fd1cc04c25288202f9d37dd69e78aa9757c6d201483a753e4a42dee74c8aae242b17be18905dbf9a14bbad6cc08e6f3a

    • SSDEEP

      98304:FDMC9BBn2qfS6gzfnU65TGbSGKGUKOHKrRtXkc43ZymItN/i0hj10s:FISBF2qfSvnUiMS9KPXD4/If/i052s

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks