Overview

overview

10

Static

static

3

0835e13b41...18.exe

windows7-x64

10

0835e13b41...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0835e13b41113aef9a60d9da21732541_JaffaCakes118

  • Size

    875KB

  • Sample

    240624-ngjzysshnm

  • MD5

    0835e13b41113aef9a60d9da21732541

  • SHA1

    f40de80a873404da05cdd75bcf6da7c96fc0f86d

  • SHA256

    a39c2fc21549f76acf8fc48ea788b9d9763096c20ee3e082caddd41fa4478b81

  • SHA512

    6012283eabbc8dfa69bb43dcdb379f3add76a336178fe055ab0ff950c3d3f92ca4d4dd20ab316d77878f2be9b0d054d49ae0c576e7a336873e8a3e171e86d158

  • SSDEEP

    24576:NOmIWDQjXHObpdcwYfdVkpDbGd6KiAchtL+1:NdJbsmAWt

Score
10/10
evasion

Malware Config

Targets

    • Target

      0835e13b41113aef9a60d9da21732541_JaffaCakes118

    • Size

      875KB

    • MD5

      0835e13b41113aef9a60d9da21732541

    • SHA1

      f40de80a873404da05cdd75bcf6da7c96fc0f86d

    • SHA256

      a39c2fc21549f76acf8fc48ea788b9d9763096c20ee3e082caddd41fa4478b81

    • SHA512

      6012283eabbc8dfa69bb43dcdb379f3add76a336178fe055ab0ff950c3d3f92ca4d4dd20ab316d77878f2be9b0d054d49ae0c576e7a336873e8a3e171e86d158

    • SSDEEP

      24576:NOmIWDQjXHObpdcwYfdVkpDbGd6KiAchtL+1:NdJbsmAWt

    Score
    10/10
    evasion

    • Modifies security service

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks