4807863a205d9dc91ef16a0ba3fdc4f94eda5c690f06dc08e74807e88352497d | Triage

Sharing

General

Target

07e0befab0632424eeb9a5ffecd7b2ed_JaffaCakes118
Size

1.4MB
Sample

240624-l6kaxawhna
MD5

07e0befab0632424eeb9a5ffecd7b2ed
SHA1

30cc0ac5b4a807e9f9581bf6550d10e9d46ab12f
SHA256

4807863a205d9dc91ef16a0ba3fdc4f94eda5c690f06dc08e74807e88352497d
SHA512

804d65ec76a1c713a280061d543fd01c9cfd9bdd76f16e9a8eb183a14b3d1fa64315d9f9d34cb9220c046a6ca534519674eb4ebb9aa40f5934ef435ac24f3da6
SSDEEP

24576:CUQ2Cl81uflb28w9wo1P5tT7pdkasdvCchIkOoXM7gmecoV+YC/g1YZlj:B04uflNw9bVFdk5Cc3ZXUigYUSY

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  07e0befab0632424eeb9a5ffecd7b2ed_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  07e0befab0632424eeb9a5ffecd7b2ed
- SHA1
  
  30cc0ac5b4a807e9f9581bf6550d10e9d46ab12f
- SHA256
  
  4807863a205d9dc91ef16a0ba3fdc4f94eda5c690f06dc08e74807e88352497d
- SHA512
  
  804d65ec76a1c713a280061d543fd01c9cfd9bdd76f16e9a8eb183a14b3d1fa64315d9f9d34cb9220c046a6ca534519674eb4ebb9aa40f5934ef435ac24f3da6
- SSDEEP
  
  24576:CUQ2Cl81uflb28w9wo1P5tT7pdkasdvCchIkOoXM7gmecoV+YC/g1YZlj:B04uflNw9bVFdk5Cc3ZXUigYUSY
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2