c48c72bf9dd886223b789ca3a61b36f52bfd7238ced3a4a171e837b3776e3099 | Triage

Sharing

General

Target

a0a9da7f804db3e631c1e90d5caeb7b3_JaffaCakes118
Size

652KB
Sample

240817-blybxssanr
MD5

a0a9da7f804db3e631c1e90d5caeb7b3
SHA1

fc4a2a31a32f0073de4426d3a4153f31b90b5e83
SHA256

c48c72bf9dd886223b789ca3a61b36f52bfd7238ced3a4a171e837b3776e3099
SHA512

d7a587411820219b465e3efbcd308885b3f217b3661590f2512043d8dd6429b10812025fb34c40b4d62fb17f67c61df3df9d6dc29b50e842085ef7a19dd76372
SSDEEP

12288:tWBscp1EriphBYt22SqfUwr1+tIedanqJBGt/oBHTTWlHRSQlB68hq6Rjpt0:tWaq1Er8hBY4dqfhwIeMqJgtoZ2dgQlE

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  a0a9da7f804db3e631c1e90d5caeb7b3_JaffaCakes118
- Size
  
  652KB
- MD5
  
  a0a9da7f804db3e631c1e90d5caeb7b3
- SHA1
  
  fc4a2a31a32f0073de4426d3a4153f31b90b5e83
- SHA256
  
  c48c72bf9dd886223b789ca3a61b36f52bfd7238ced3a4a171e837b3776e3099
- SHA512
  
  d7a587411820219b465e3efbcd308885b3f217b3661590f2512043d8dd6429b10812025fb34c40b4d62fb17f67c61df3df9d6dc29b50e842085ef7a19dd76372
- SSDEEP
  
  12288:tWBscp1EriphBYt22SqfUwr1+tIedanqJBGt/oBHTTWlHRSQlB68hq6Rjpt0:tWaq1Er8hBY4dqfhwIeMqJgtoZ2dgQlE
Score

7^/10

evasion discovery
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion