d869ab6d3b4006b7732be179e5efe09025f4664e84bf7ac1b186ca7c8f633700 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94cb70bec12f72d7add5cc385e0b09dd_JaffaCakes118
Size

773KB
Sample

240813-z9bd3axamc
MD5

94cb70bec12f72d7add5cc385e0b09dd
SHA1

007974e4747acb0a2917a6d1c62daa4797871eba
SHA256

d869ab6d3b4006b7732be179e5efe09025f4664e84bf7ac1b186ca7c8f633700
SHA512

b3a54ee75a11db99b5651ff9a0822567080614ce456ea0bb1986657c9b8b6c9dcff324aca21b4d80661d146b6ab40c21b576aaba279048ddf1ba4305487668e3
SSDEEP

12288:YN/2AmIKG7+YyKQIDDCxc4liVJGuVTLDU1ntK3jAQ2l8diSG4G3dQWBf+QtIGe1:YNK45JicVBhLQ16j/dCjlB2Kg

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  94cb70bec12f72d7add5cc385e0b09dd_JaffaCakes118
- Size
  
  773KB
- MD5
  
  94cb70bec12f72d7add5cc385e0b09dd
- SHA1
  
  007974e4747acb0a2917a6d1c62daa4797871eba
- SHA256
  
  d869ab6d3b4006b7732be179e5efe09025f4664e84bf7ac1b186ca7c8f633700
- SHA512
  
  b3a54ee75a11db99b5651ff9a0822567080614ce456ea0bb1986657c9b8b6c9dcff324aca21b4d80661d146b6ab40c21b576aaba279048ddf1ba4305487668e3
- SSDEEP
  
  12288:YN/2AmIKG7+YyKQIDDCxc4liVJGuVTLDU1ntK3jAQ2l8diSG4G3dQWBf+QtIGe1:YNK45JicVBhLQ16j/dCjlB2Kg
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion