General
-
Target
a43fec6f8c3ac8b4e4ec33ed94012df5_JaffaCakes118
-
Size
188KB
-
Sample
240817-1k388a1eqn
-
MD5
a43fec6f8c3ac8b4e4ec33ed94012df5
-
SHA1
01840b26362488f3d30e734ad014449c42051e77
-
SHA256
7a3c423a2f8fa01107ae49ef8b02afd04f2ebbf5bbdc98601f3923c14c324542
-
SHA512
3d3926872b955e6a8e37943cc3dddb1654df289a502ba2e1e2f5001ab1b1181703a24f79dc552b12dc6bef1ef5237030b44498c6ac418057de46e71908a95128
-
SSDEEP
3072:Yh8I/xXog0Jpg9KV2mXye60C+TMcXk2SE1C86UQfyuV8lIR//AXzA:YXopFV2uyH+IcXkZE1LtuV8lIZ/AjA
Malware Config
Targets
-
-
Target
a43fec6f8c3ac8b4e4ec33ed94012df5_JaffaCakes118
-
Size
188KB
-
MD5
a43fec6f8c3ac8b4e4ec33ed94012df5
-
SHA1
01840b26362488f3d30e734ad014449c42051e77
-
SHA256
7a3c423a2f8fa01107ae49ef8b02afd04f2ebbf5bbdc98601f3923c14c324542
-
SHA512
3d3926872b955e6a8e37943cc3dddb1654df289a502ba2e1e2f5001ab1b1181703a24f79dc552b12dc6bef1ef5237030b44498c6ac418057de46e71908a95128
-
SSDEEP
3072:Yh8I/xXog0Jpg9KV2mXye60C+TMcXk2SE1C86UQfyuV8lIR//AXzA:YXopFV2uyH+IcXkZE1LtuV8lIZ/AjA
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-