Overview

overview

7

Static

static

7

15117857a0...18.exe

windows7-x64

7

15117857a0...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    15117857a0032d3c5a335ac4c41135d8_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240627-hr1skaxfja

  • MD5

    15117857a0032d3c5a335ac4c41135d8

  • SHA1

    a9f7df25ef933419f96db801f9e39d796a1e5af4

  • SHA256

    ca817f16f636dd4b2b3257a68a9a2fa2c45d7680c5349106418f8dce3b35f6ea

  • SHA512

    d305df20944096c340dfa80e60781b44abe9820cf047285876f87b1184d78809fe75a1a5e26b280a83e910bc9739db6bcdd12747de79f5a88a46b2318c513541

  • SSDEEP

    24576:UzS/CjmnOuYlWAyISUhmfeMez2qt9DLLJhmxJusWmdz6Xc3jnCXEa:zKjmnOuyWv7UhJ3XtVLLJhmXusNgXMry

Score
7/10
evasionpersistencethemida

Malware Config

Targets

    • Target

      15117857a0032d3c5a335ac4c41135d8_JaffaCakes118

    • Size

      1.3MB

    • MD5

      15117857a0032d3c5a335ac4c41135d8

    • SHA1

      a9f7df25ef933419f96db801f9e39d796a1e5af4

    • SHA256

      ca817f16f636dd4b2b3257a68a9a2fa2c45d7680c5349106418f8dce3b35f6ea

    • SHA512

      d305df20944096c340dfa80e60781b44abe9820cf047285876f87b1184d78809fe75a1a5e26b280a83e910bc9739db6bcdd12747de79f5a88a46b2318c513541

    • SSDEEP

      24576:UzS/CjmnOuYlWAyISUhmfeMez2qt9DLLJhmxJusWmdz6Xc3jnCXEa:zKjmnOuyWv7UhJ3XtVLLJhmXusNgXMry

    Score
    7/10
    evasionpersistencethemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks