9d9611b777a7c92a5643fae000d6c982110c0bbeb0e5c787f88d828ad7ab5c0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b54611143d14fa89ce8941eebc17e22d_JaffaCakes118
Size

535KB
Sample

240821-19933ateqf
MD5

b54611143d14fa89ce8941eebc17e22d
SHA1

d8e0cf9faa97dd55f5e023c9b052109ae96f99cf
SHA256

9d9611b777a7c92a5643fae000d6c982110c0bbeb0e5c787f88d828ad7ab5c0b
SHA512

546c52bc1bd5e99943cd15118e53ec148959bf524ae3039b9df4d326e0f6693b7ec5aae422cf818a6174f73239441d6ccd05b70a24e41dcd4f1e9a260e62f4fa
SSDEEP

12288:jl6zUU9IFNz4sOVnCvc+tJFE7ErkpyLJw9P+A:56zUUOFNz4sOVCkUJHrMyCD

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  b54611143d14fa89ce8941eebc17e22d_JaffaCakes118
- Size
  
  535KB
- MD5
  
  b54611143d14fa89ce8941eebc17e22d
- SHA1
  
  d8e0cf9faa97dd55f5e023c9b052109ae96f99cf
- SHA256
  
  9d9611b777a7c92a5643fae000d6c982110c0bbeb0e5c787f88d828ad7ab5c0b
- SHA512
  
  546c52bc1bd5e99943cd15118e53ec148959bf524ae3039b9df4d326e0f6693b7ec5aae422cf818a6174f73239441d6ccd05b70a24e41dcd4f1e9a260e62f4fa
- SSDEEP
  
  12288:jl6zUU9IFNz4sOVnCvc+tJFE7ErkpyLJw9P+A:56zUUOFNz4sOVCkUJHrMyCD
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion