10dbf43e94a68415f85d0dc5d3ab802f8401e78b83e2afafe7be89953df809f7 | Triage

Sharing

General

Target

1a8587fcd3b71f44dbbb2c47a62c2260_JaffaCakes118
Size

1.6MB
Sample

240701-jvk2ystdqp
MD5

1a8587fcd3b71f44dbbb2c47a62c2260
SHA1

e812d9f0672aed417399fafc59b11e97617ee38a
SHA256

10dbf43e94a68415f85d0dc5d3ab802f8401e78b83e2afafe7be89953df809f7
SHA512

39937ff5b29126f91f93930fb8c1989e73b4e73b05f42819a721d324d008fe790e66bb961c875b6d3f6a6104540a29aaea924280361ff6dc758abcddc12bc55b
SSDEEP

24576:VC56xZ7Yo7DFErXE4brDFpY3IvERGaFT56qkBMqaT24oBI3FFq5xqYwc:VK6H73tEDpX6IvERjFT0rBkABgSDqYw

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  1a8587fcd3b71f44dbbb2c47a62c2260_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  1a8587fcd3b71f44dbbb2c47a62c2260
- SHA1
  
  e812d9f0672aed417399fafc59b11e97617ee38a
- SHA256
  
  10dbf43e94a68415f85d0dc5d3ab802f8401e78b83e2afafe7be89953df809f7
- SHA512
  
  39937ff5b29126f91f93930fb8c1989e73b4e73b05f42819a721d324d008fe790e66bb961c875b6d3f6a6104540a29aaea924280361ff6dc758abcddc12bc55b
- SSDEEP
  
  24576:VC56xZ7Yo7DFErXE4brDFpY3IvERGaFT56qkBMqaT24oBI3FFq5xqYwc:VK6H73tEDpX6IvERjFT0rBkABgSDqYw
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2