42ecc4c092ca212c7cd07f4b441cea7eda2c3787a07df82eff5752783942b44e | Triage

Sharing

General

Target

944d1fe4b5692eec34df0aab4f39db13_JaffaCakes118
Size

1.1MB
Sample

240813-xfh6pszgpc
MD5

944d1fe4b5692eec34df0aab4f39db13
SHA1

9d363aead6012d567308a1a262e59de52dd4f0a3
SHA256

42ecc4c092ca212c7cd07f4b441cea7eda2c3787a07df82eff5752783942b44e
SHA512

8213044ef952f235f6ab1bcd5db71a2ff84f3fd0c2b22b671d95ddb40867db08bbab72f1c39705f2fde0f488161289e2826d8859ed30a1d4fad83c3c3c7eef5c
SSDEEP

24576:LUT0hTh3ii1mukbX7le+e/2hSrmpSPhLHSzLQri63lz91tUghohD:LC0hTh3heLwl/2HihHSHsiSX17S

Score

9^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  944d1fe4b5692eec34df0aab4f39db13_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  944d1fe4b5692eec34df0aab4f39db13
- SHA1
  
  9d363aead6012d567308a1a262e59de52dd4f0a3
- SHA256
  
  42ecc4c092ca212c7cd07f4b441cea7eda2c3787a07df82eff5752783942b44e
- SHA512
  
  8213044ef952f235f6ab1bcd5db71a2ff84f3fd0c2b22b671d95ddb40867db08bbab72f1c39705f2fde0f488161289e2826d8859ed30a1d4fad83c3c3c7eef5c
- SSDEEP
  
  24576:LUT0hTh3ii1mukbX7le+e/2hSrmpSPhLHSzLQri63lz91tUghohD:LC0hTh3heLwl/2HihHSHsiSX17S
Score

9^/10

evasion trojan discovery
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion