0ba34d3aad32b30372231b93bff38fbf0c431fe852d41638aa8be13f21131c30 | Triage

Sharing

General

Target

5c282579c4e07e786650900b1794b22b_JaffaCakes118
Size

1.3MB
Sample

240719-qvxt3stdrq
MD5

5c282579c4e07e786650900b1794b22b
SHA1

b2d7d1f1f5319b829d2dde80a605a280b9f514b0
SHA256

0ba34d3aad32b30372231b93bff38fbf0c431fe852d41638aa8be13f21131c30
SHA512

935d1ea73f8c385ac6eb1592b27975e1cc50e1e75bd6ddc65a5d3e68d89358758b8a20268f1b863ed14aae0edf5b97910813a1f66db2df3a458beb061bfc918c
SSDEEP

24576:GHtV6cA8sRCfdRB9HJBzyg4WiW87eQpAlrxXxbHtYHcvXk45gs1EFzkP1wgGn:Gy6dRrnifrCAUrxXxpk5s1ek8n

Score

7^/10

aspackv2 evasion

Malware Config

Targets

- Target
  
  5c282579c4e07e786650900b1794b22b_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5c282579c4e07e786650900b1794b22b
- SHA1
  
  b2d7d1f1f5319b829d2dde80a605a280b9f514b0
- SHA256
  
  0ba34d3aad32b30372231b93bff38fbf0c431fe852d41638aa8be13f21131c30
- SHA512
  
  935d1ea73f8c385ac6eb1592b27975e1cc50e1e75bd6ddc65a5d3e68d89358758b8a20268f1b863ed14aae0edf5b97910813a1f66db2df3a458beb061bfc918c
- SSDEEP
  
  24576:GHtV6cA8sRCfdRB9HJBzyg4WiW87eQpAlrxXxbHtYHcvXk45gs1EFzkP1wgGn:Gy6dRrnifrCAUrxXxpk5s1ek8n
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2