Overview

overview

7

Static

static

3

b74cf245e3...18.exe

windows7-x64

7

b74cf245e3...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b74cf245e3b7ee3efc4e6c987acf092d_JaffaCakes118

  • Size

    216KB

  • Sample

    240617-hw1clazarb

  • MD5

    b74cf245e3b7ee3efc4e6c987acf092d

  • SHA1

    ed02aef8f1f30f67a4e40acb60af0076061e362e

  • SHA256

    4dfd38dbb39f3ed69c713f601bc52b663a5cd08d37a2ececcbf8d54d8d179f05

  • SHA512

    27178f5a008669245cec97d7b901e580615b71d03ae64cf8b94eaaa9b9df95c646fea2b3a8770f358cd24ec1979ab66b58202f07bd0b2303f972a409a06ab40b

  • SSDEEP

    1536:/sbV7O4JpivB5elpDx9oFq6CEgZLdkX24VEkDomTkb5Y:/kV7rpiTevnowE4g24Vl0Akb+

Score
7/10
evasionpersistence

Malware Config

Targets

    • Target

      b74cf245e3b7ee3efc4e6c987acf092d_JaffaCakes118

    • Size

      216KB

    • MD5

      b74cf245e3b7ee3efc4e6c987acf092d

    • SHA1

      ed02aef8f1f30f67a4e40acb60af0076061e362e

    • SHA256

      4dfd38dbb39f3ed69c713f601bc52b663a5cd08d37a2ececcbf8d54d8d179f05

    • SHA512

      27178f5a008669245cec97d7b901e580615b71d03ae64cf8b94eaaa9b9df95c646fea2b3a8770f358cd24ec1979ab66b58202f07bd0b2303f972a409a06ab40b

    • SSDEEP

      1536:/sbV7O4JpivB5elpDx9oFq6CEgZLdkX24VEkDomTkb5Y:/kV7rpiTevnowE4g24Vl0Akb+

    Score
    7/10
    evasionpersistence

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks