1af37f76582d97686f776042d0758998851a8c7bbf062e2e309b3f721d37e602 | Triage

Sharing

General

Target

3661ec874675d322fdf2cf72614df4e8_JaffaCakes118
Size

715KB
Sample

240710-zx5gdasdpa
MD5

3661ec874675d322fdf2cf72614df4e8
SHA1

a728bc7399332022b09e6bd4a17729b1cace52e9
SHA256

1af37f76582d97686f776042d0758998851a8c7bbf062e2e309b3f721d37e602
SHA512

94e3b6b3b16c7fedef01f68462cfa8af1f00b550b52ba69b0fc883c68edacaf7ce1e326d39ef0d7c4c8f76b859e022754c499d9f90a011dfbe7c62f8746be396
SSDEEP

12288:rXHYMFdBjhQHjZ+RGE7ylsuiafgvBrJHT5OTEAstFY4V5u+ePqvaHRUT1kJ52:rInDZ+MEueBrN5aETtW4VY3PqvNRkJ52

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  SiroSix's Public D3D H4CK V5.7/Sir0s1x Public D3D 5.7.dll
- Size
  
  724KB
- MD5
  
  9aa862fd9f4c9e9772e86f8dddc26d62
- SHA1
  
  2dab7417c22c841582c55255fb09d3be71082e3e
- SHA256
  
  64ddf54948b0499c0a70285a1968bd8b113c7fbecd184aacfbb8f0f82cdbed85
- SHA512
  
  aac9a56dc516b37ca4230ef1f0490dddaba6d91c308a994e5f230db89fa88bc03c21bb58d1c831a513c233c4d35f30bafb092e3fba39a2016a3ac9b8b2b0adf8
- SSDEEP
  
  12288:g768ZiJym1wRN1EXtq2BEXTuh1tTVewmIWjqQ7SxgWhvS5hW50J63:ge8dmKRN1as2z1VO7/Whq5aL
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2