2d5a09de0c0242faf391ac58b34df37ac2bd005221a4e9aa8c06837f9012407a | Triage

Sharing

General

Target

1a506c9af6eff57b32a827c6e3984392_JaffaCakes118
Size

8.9MB
Sample

240628-qt2fwavdrm
MD5

1a506c9af6eff57b32a827c6e3984392
SHA1

0c83aba332ffe7f1bc58199610b5df74617197ea
SHA256

2d5a09de0c0242faf391ac58b34df37ac2bd005221a4e9aa8c06837f9012407a
SHA512

19eced3e24baec2297e83d83df73d43949616767bebe66aa738b8180c8f11a1650cae2a6db3271cda859518fa0623ba30b84239e727f5bb97a5526d3731eb4bb
SSDEEP

196608:Nahxq/gv17eat25iXgBwScFV/+neSZbdwfsz/L/SkPbsWdKRry7NT5U8T:Naa/gvhRk5iwB9cFV/+neSx/cdRrytUK

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1a506c9af6eff57b32a827c6e3984392_JaffaCakes118
- Size
  
  8.9MB
- MD5
  
  1a506c9af6eff57b32a827c6e3984392
- SHA1
  
  0c83aba332ffe7f1bc58199610b5df74617197ea
- SHA256
  
  2d5a09de0c0242faf391ac58b34df37ac2bd005221a4e9aa8c06837f9012407a
- SHA512
  
  19eced3e24baec2297e83d83df73d43949616767bebe66aa738b8180c8f11a1650cae2a6db3271cda859518fa0623ba30b84239e727f5bb97a5526d3731eb4bb
- SSDEEP
  
  196608:Nahxq/gv17eat25iXgBwScFV/+neSZbdwfsz/L/SkPbsWdKRry7NT5U8T:Naa/gvhRk5iwB9cFV/+neSx/cdRrytUK
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2