8f2a167dd6f3f34ff6feb34e87d86b1cd606f8e8f1efb689c661c129e59206fe | Triage

Sharing

General

Target

a4adcadbee21838b0665a5fc9eb11b89_JaffaCakes118
Size

1.3MB
Sample

240613-klsaca1fng
MD5

a4adcadbee21838b0665a5fc9eb11b89
SHA1

5c400d52700658880a1e66bb7b4d55f206d207ae
SHA256

8f2a167dd6f3f34ff6feb34e87d86b1cd606f8e8f1efb689c661c129e59206fe
SHA512

bf69d29e06c15a2470b67cf784793ca45dafc60d80ebdd55298f182c8238edfeb66ec599285f34599c93ec43bdd5294f003ea50609f2d8ea4b3b20331795751b
SSDEEP

24576:O54E9wEN2K/AvAePZAfqYBOzRY+3zgFOFz1+UDon2+E7GJE5Wsver2pJRGTEcKlg:E4SwpK/tCZAfqIOB3zu8z4UDo2hQE8e4

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  efriendplus.exe
- Size
  
  1.4MB
- MD5
  
  143aa9f41bdc16a2da132b34b108588e
- SHA1
  
  498aaae404e3fa8c08c17717cab87d4e28c9832c
- SHA256
  
  8d34adebf7360dff60c3f8cf90534d27cc38dfef79f6f208240f0416ad39ab18
- SHA512
  
  702c949e972abedc6424686654f104e7b5f96a42163bad963e25d7b114587c37a1921527bb28dbc7ce53093dd4cc9a3fb1c8beff09fbb240e53019886ffd4cb9
- SSDEEP
  
  24576:J/g09wCN2LBc/AI6PPcpZyDDEBCBo/WLVSO29tqAlEwTAnoZODMH6euly2P9FRP6:RgCw3K/p6PPcpZ5UBNVSFk1wUoTaeW9e
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2