94bb154b5fbf9459ed4de401374117871b9cd18e07cc791c0c8f86bae13ee212 | Triage

Sharing

General

Target

81cd57839a7b4e31d769a9fd3d63a870_JaffaCakes118
Size

300KB
Sample

240801-1d937axanl
MD5

81cd57839a7b4e31d769a9fd3d63a870
SHA1

9a90ca429321f259d945b385f56feaa503308dea
SHA256

94bb154b5fbf9459ed4de401374117871b9cd18e07cc791c0c8f86bae13ee212
SHA512

5a8d0cadb0facf4a3b0f6e94994d57b0b4b86b9c95c896575c0e49a21ec7f59f68b369cd49965360ea6f2e3bddbf7a8e0ab470a7546ff82f3a7afa4fe6282afe
SSDEEP

6144:nF6xefqseRSOI1SeQRfZQn1ClZuzvS7668aim:FIefqscSR1GRkGCS65rm

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  81cd57839a7b4e31d769a9fd3d63a870_JaffaCakes118
- Size
  
  300KB
- MD5
  
  81cd57839a7b4e31d769a9fd3d63a870
- SHA1
  
  9a90ca429321f259d945b385f56feaa503308dea
- SHA256
  
  94bb154b5fbf9459ed4de401374117871b9cd18e07cc791c0c8f86bae13ee212
- SHA512
  
  5a8d0cadb0facf4a3b0f6e94994d57b0b4b86b9c95c896575c0e49a21ec7f59f68b369cd49965360ea6f2e3bddbf7a8e0ab470a7546ff82f3a7afa4fe6282afe
- SSDEEP
  
  6144:nF6xefqseRSOI1SeQRfZQn1ClZuzvS7668aim:FIefqscSR1GRkGCS65rm
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion