935f62cbc32bc8e67a3afcfeacf8cedb0e586c880a9c7ee9d3c7f167d5f56631 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b4f3ace67e510625837bd9bbfe81638_JaffaCakes118
Size

1.1MB
Sample

240712-aq84js1cqr
MD5

3b4f3ace67e510625837bd9bbfe81638
SHA1

308e1304eff4279c0b59a82d8ed2b920a879a3da
SHA256

935f62cbc32bc8e67a3afcfeacf8cedb0e586c880a9c7ee9d3c7f167d5f56631
SHA512

9e60ca3c1bce8b022a62368a8a5d11be85f91531c9589a0f1d5e5c72f3b54ba0fc22f0bfff0330dc950cb2d0b174b4b3509ce64ec5abfc85ec9812e12c5e1c92
SSDEEP

24576:5hY9YQWAz7E39PIXYqNFNn9j9/Z9HZENipa:vi1z7sqhnDvZ9a

Score

7^/10

evasion themida

Malware Config

Targets

- Target
  
  3b4f3ace67e510625837bd9bbfe81638_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  3b4f3ace67e510625837bd9bbfe81638
- SHA1
  
  308e1304eff4279c0b59a82d8ed2b920a879a3da
- SHA256
  
  935f62cbc32bc8e67a3afcfeacf8cedb0e586c880a9c7ee9d3c7f167d5f56631
- SHA512
  
  9e60ca3c1bce8b022a62368a8a5d11be85f91531c9589a0f1d5e5c72f3b54ba0fc22f0bfff0330dc950cb2d0b174b4b3509ce64ec5abfc85ec9812e12c5e1c92
- SSDEEP
  
  24576:5hY9YQWAz7E39PIXYqNFNn9j9/Z9HZENipa:vi1z7sqhnDvZ9a
Score

7^/10

evasion themida
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2