dffe35828f1ab5e3e9497931e6b9f978ba821e001c991910da64b828abb3356f | Triage

Sharing

General

Target

a9596cf66d30bd58d31dd7cd2bdc71af_JaffaCakes118
Size

17.2MB
Sample

240614-m7vzgaxhlh
MD5

a9596cf66d30bd58d31dd7cd2bdc71af
SHA1

4ecd94260fcff2847b22b03619eed4d87dcf231c
SHA256

dffe35828f1ab5e3e9497931e6b9f978ba821e001c991910da64b828abb3356f
SHA512

a78f8ac79103a5814d38b2d1b4ed181e2284588b42962db25a216b9e33a4bc26f34c87884f2cae6c4ccfca396c764029e90179154b6cc264af6baeef3b1275fb
SSDEEP

393216:9+CVBDT8fEiR/uTfAWZuax7sXvJa1wW88JTsnDIzD5tEW1G2qex:dBDT8fHGEyZ7yE5JTaDetEYfpx

Score

9^/10

agilenet discovery evasion upx

Malware Config

Targets

- Target
  
  a9596cf66d30bd58d31dd7cd2bdc71af_JaffaCakes118
- Size
  
  17.2MB
- MD5
  
  a9596cf66d30bd58d31dd7cd2bdc71af
- SHA1
  
  4ecd94260fcff2847b22b03619eed4d87dcf231c
- SHA256
  
  dffe35828f1ab5e3e9497931e6b9f978ba821e001c991910da64b828abb3356f
- SHA512
  
  a78f8ac79103a5814d38b2d1b4ed181e2284588b42962db25a216b9e33a4bc26f34c87884f2cae6c4ccfca396c764029e90179154b6cc264af6baeef3b1275fb
- SSDEEP
  
  393216:9+CVBDT8fEiR/uTfAWZuax7sXvJa1wW88JTsnDIzD5tEW1G2qex:dBDT8fHGEyZ7yE5JTaDetEYfpx
Score

7^/10

agilenet discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  7399323923e3946fe9140132ac388132
- SHA1
  
  728257d06c452449b1241769b459f091aabcffc5
- SHA256
  
  5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
- SHA512
  
  d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
- SSDEEP
  
  192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  9301577ff4d229347fe33259b43ef3b2
- SHA1
  
  5e39eb4f99920005a4b2303c8089d77f589c133d
- SHA256
  
  090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
- SHA512
  
  77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  15KB
- MD5
  
  5fadae311a0c96a8314f463520a08bf3
- SHA1
  
  7c4445bd00985050546b473f1892e5e917fbb058
- SHA256
  
  93d03b5b15484e37315f3f0bb1d60a38e666fe714a9a0a28f831f6228c587562
- SHA512
  
  045d1bbf9802b204354757c94d0b90fc3b9f490dc3d68b12ec0fc83e127c3544c123df3cabb9a4285742d38fa9bcfaf376c800ba3cbbfd84ac624dc89a1dc4b9
- SSDEEP
  
  384:dhyd8Y6pu8ZaLf6Uksnw1g8BUcyHisUOb:dhyd8Y67WGg8B/Eie
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/version.dll
- Size
  
  22KB
- MD5
  
  fbe588b15eb1bd86defade69f796b56f
- SHA1
  
  2f63cf44039addddb22c2c0497673b49e6b3ad7a
- SHA256
  
  31144e8b156fe87317073c48a09abcb033fda8dbdd96986c4abea8c00c00355f
- SHA512
  
  e1a9e29e4c62e77a2ec2c539344f0b5a8cd67ca3fd8dfefb0b0666a992eb2fabadb0034d439c4adbbdffd9c9439f23ee5757fac0ed669d3c9db48f50c677143d
- SSDEEP
  
  384:6Qx38r8QfiLpVjOXf4Rrd2IpZn8LI2EdGZ5D6PDo3rsyfyC8n:6Qx38r8Qgp1OvYd2zqGZ5D6PDmXf98
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  DriverAssist.exe
- Size
  
  11.7MB
- MD5
  
  036d06fa413ad407295796ec0fbe352f
- SHA1
  
  4b883a6935a444e2a4a4dcd3d8e35b3b58c8b001
- SHA256
  
  f38f3fdd23c7eef008a0690451d431dee8f496cd54d839cc14f4ba62e859f0f6
- SHA512
  
  ae8d44db000a8dabc2ad8818cbcbc318f0dce7b7ac62a07eb47524032e2c0f8fdc94318c98730008b906382c073be5d2e67ed2e326c4bd3509de4190c963f97c
- SSDEEP
  
  196608:CqFmGl2KACjiHt7uEnLZbUaIGPUuFe4Moa6MR8x4XK9uiub9lo87fVqpRI:CqFNNACjOuELqdGvFe486s8aXKJKlo8h
Score

9^/10

agilenet evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetdiscoveryupx

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

agilenetevasion

behavioral12

agilenetevasion