c84b73ed62e9bda391de1ea3bf97686444e4e8e303773f3c23bbf227feb474ff | Triage

Sharing

General

Target

a7a55c9a46d586d5e1e619bf127bd937_JaffaCakes118
Size

4.3MB
Sample

240818-wkk1eswenb
MD5

a7a55c9a46d586d5e1e619bf127bd937
SHA1

6de0ed9eeed222aa68bd4863664cc669cb3c2bda
SHA256

c84b73ed62e9bda391de1ea3bf97686444e4e8e303773f3c23bbf227feb474ff
SHA512

732bb08560a85c2acf79a5328664e307fe5842085b3becae028eb1239607ccd98292b9b80c363a86c7a3fffe8f0ddf985c14e019483b7bf4d23a0892cded6f94
SSDEEP

98304:8okniuoP1kOaCqYHa93+Ty2ozLJYtJbTxyuTMZ:HPuoW5Cba9OT6z1YnbTsD

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  a7a55c9a46d586d5e1e619bf127bd937_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  a7a55c9a46d586d5e1e619bf127bd937
- SHA1
  
  6de0ed9eeed222aa68bd4863664cc669cb3c2bda
- SHA256
  
  c84b73ed62e9bda391de1ea3bf97686444e4e8e303773f3c23bbf227feb474ff
- SHA512
  
  732bb08560a85c2acf79a5328664e307fe5842085b3becae028eb1239607ccd98292b9b80c363a86c7a3fffe8f0ddf985c14e019483b7bf4d23a0892cded6f94
- SSDEEP
  
  98304:8okniuoP1kOaCqYHa93+Ty2ozLJYtJbTxyuTMZ:HPuoW5Cba9OT6z1YnbTsD
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion