Overview

overview

7

Static

static

3

3d3155c4aa...18.exe

windows7-x64

7

3d3155c4aa...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d3155c4aad15b59a2bbc9398b20a284_JaffaCakes118

  • Size

    718KB

  • Sample

    240712-nlw53stekf

  • MD5

    3d3155c4aad15b59a2bbc9398b20a284

  • SHA1

    016f7dae43d05d9a17c7ab08dde1b181b0998daa

  • SHA256

    01251e084a1a124820e003abebd019cb8ba018057eb197339fbf4447b03dafb7

  • SHA512

    eb534fa62f9d968d73a509d0f04ca482851c04028455715b1a86c37e78ff0de71d25981aa80603d20c3b07950b8eeee4f9fa9ce112fd02eee584926294f56a83

  • SSDEEP

    12288:x1zHhIYVqS+A+tmEuq0eDRgbClLMHUCSKedPrQfapu2DlIeO6/9wbM1Mgx4GsBf1:PcS+lNAeebC40eelrQfwOeOkGbhhITIL

Score
7/10
evasionpersistence

Malware Config

Targets

    • Target

      3d3155c4aad15b59a2bbc9398b20a284_JaffaCakes118

    • Size

      718KB

    • MD5

      3d3155c4aad15b59a2bbc9398b20a284

    • SHA1

      016f7dae43d05d9a17c7ab08dde1b181b0998daa

    • SHA256

      01251e084a1a124820e003abebd019cb8ba018057eb197339fbf4447b03dafb7

    • SHA512

      eb534fa62f9d968d73a509d0f04ca482851c04028455715b1a86c37e78ff0de71d25981aa80603d20c3b07950b8eeee4f9fa9ce112fd02eee584926294f56a83

    • SSDEEP

      12288:x1zHhIYVqS+A+tmEuq0eDRgbClLMHUCSKedPrQfapu2DlIeO6/9wbM1Mgx4GsBf1:PcS+lNAeebC40eelrQfwOeOkGbhhITIL

    Score
    7/10
    evasionpersistence

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks