4af046735325646d888f6b7546eaf87c186bd1dfab29db801ced56d7009f99ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ce7e21752039c215c05e41900b70d63_JaffaCakes118
Size

540KB
Sample

240812-cmfzpsvdlh
MD5

8ce7e21752039c215c05e41900b70d63
SHA1

c761e242cb1337bed16739679e08215945074eda
SHA256

4af046735325646d888f6b7546eaf87c186bd1dfab29db801ced56d7009f99ea
SHA512

8f4ca0985af8d4aceaa9689f1bded61687fa44854bfe87b243df614fdf241e8236ce1ff77e363125a2d1f9fc390ce197ff93f92196a8f393e6d25adf11a9fcf8
SSDEEP

12288:QkgF6ywCqoGbURkLEpOzyHA9MRXg26z8XTMOw:vgFgCqBpLE2yHGQg26kw

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  8ce7e21752039c215c05e41900b70d63_JaffaCakes118
- Size
  
  540KB
- MD5
  
  8ce7e21752039c215c05e41900b70d63
- SHA1
  
  c761e242cb1337bed16739679e08215945074eda
- SHA256
  
  4af046735325646d888f6b7546eaf87c186bd1dfab29db801ced56d7009f99ea
- SHA512
  
  8f4ca0985af8d4aceaa9689f1bded61687fa44854bfe87b243df614fdf241e8236ce1ff77e363125a2d1f9fc390ce197ff93f92196a8f393e6d25adf11a9fcf8
- SSDEEP
  
  12288:QkgF6ywCqoGbURkLEpOzyHA9MRXg26z8XTMOw:vgFgCqBpLE2yHGQg26kw
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion