Overview

overview

7

Static

static

7

a65bbd2e81...18.exe

windows7-x64

7

a65bbd2e81...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a65bbd2e819e6336534e9048842bb1ff_JaffaCakes118

  • Size

    938KB

  • Sample

    240818-l4nkjs1flp

  • MD5

    a65bbd2e819e6336534e9048842bb1ff

  • SHA1

    e2451d4785cb34de58f0a10ba333f3221a82cf2d

  • SHA256

    80b4fdc6b7d336e61cca3b47ae34cacd2587d6609bc4f4f0979cb249b5a29fab

  • SHA512

    3a013f693bb79b463e5e01b0aa61a7e99e24b7a46960f79b6d70633a4aa6e0d8f98015d7fa0955e5740e9067c099d5c9c43a9623d30d49a3828a48ee368abed1

  • SSDEEP

    24576:K1z7uyP0SAoDuFQqGGbbTcdJLpmgvmK40ksC7gMvUYBrqra:8/0PoDuarGb/KpLrMvu

Score
7/10
discoveryevasionpersistencethemida

Malware Config

Targets

    • Target

      a65bbd2e819e6336534e9048842bb1ff_JaffaCakes118

    • Size

      938KB

    • MD5

      a65bbd2e819e6336534e9048842bb1ff

    • SHA1

      e2451d4785cb34de58f0a10ba333f3221a82cf2d

    • SHA256

      80b4fdc6b7d336e61cca3b47ae34cacd2587d6609bc4f4f0979cb249b5a29fab

    • SHA512

      3a013f693bb79b463e5e01b0aa61a7e99e24b7a46960f79b6d70633a4aa6e0d8f98015d7fa0955e5740e9067c099d5c9c43a9623d30d49a3828a48ee368abed1

    • SSDEEP

      24576:K1z7uyP0SAoDuFQqGGbbTcdJLpmgvmK40ksC7gMvUYBrqra:8/0PoDuarGb/KpLrMvu

    Score
    7/10
    discoveryevasionpersistencethemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks