2fbd975da6c95f3fce1c45660e18713e556e6005db2d30f7a0b850ca890eff18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

178e1af4db5070376d483ab651a459b3_JaffaCakes118
Size

1.1MB
Sample

240627-z3676a1eje
MD5

178e1af4db5070376d483ab651a459b3
SHA1

bc940e40c956eb2343081d00b09c2bc869cde90c
SHA256

2fbd975da6c95f3fce1c45660e18713e556e6005db2d30f7a0b850ca890eff18
SHA512

fb9712cf88d5064fa8f635150f8695382d25d608517e162b17291c29376e0be38e7b69311fa83dcba0fd849df5cec49a157e5ebba051a7a52fbd5ef03e49098c
SSDEEP

24576:WCe46tTE/LMppBv/EeDycEzgyxzKp9V4vV87Ao:WCejnpp1/ESlyx8WK7Ao

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  178e1af4db5070376d483ab651a459b3_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  178e1af4db5070376d483ab651a459b3
- SHA1
  
  bc940e40c956eb2343081d00b09c2bc869cde90c
- SHA256
  
  2fbd975da6c95f3fce1c45660e18713e556e6005db2d30f7a0b850ca890eff18
- SHA512
  
  fb9712cf88d5064fa8f635150f8695382d25d608517e162b17291c29376e0be38e7b69311fa83dcba0fd849df5cec49a157e5ebba051a7a52fbd5ef03e49098c
- SSDEEP
  
  24576:WCe46tTE/LMppBv/EeDycEzgyxzKp9V4vV87Ao:WCejnpp1/ESlyx8WK7Ao
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2