7fb5905a251dcbd47fb530f92fa5a2923130d5d2163bc049e0390f69a7704704 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b33b4d8c065d3d1378bcaf15534c2218_JaffaCakes118
Size

1.2MB
Sample

240821-m9arbavele
MD5

b33b4d8c065d3d1378bcaf15534c2218
SHA1

f8bc76f5f6d298b2a8d82b6b0abf552c1629c869
SHA256

7fb5905a251dcbd47fb530f92fa5a2923130d5d2163bc049e0390f69a7704704
SHA512

fd66b0aa1e3911a6a964aeccdb39483ba62c260327b250afeb694a0f7fa195ea75797c55605f94114f6da5c0aa4ef28fde21b4d5a0bbbf4d4585fc435e3df1c9
SSDEEP

24576:uQh+t3Y25OsoPA1gpjiU5yW977oS56thCNhgk2zbVZDA:ud4rPA1gpuU5yMx4fchR+i

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  b33b4d8c065d3d1378bcaf15534c2218_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  b33b4d8c065d3d1378bcaf15534c2218
- SHA1
  
  f8bc76f5f6d298b2a8d82b6b0abf552c1629c869
- SHA256
  
  7fb5905a251dcbd47fb530f92fa5a2923130d5d2163bc049e0390f69a7704704
- SHA512
  
  fd66b0aa1e3911a6a964aeccdb39483ba62c260327b250afeb694a0f7fa195ea75797c55605f94114f6da5c0aa4ef28fde21b4d5a0bbbf4d4585fc435e3df1c9
- SSDEEP
  
  24576:uQh+t3Y25OsoPA1gpjiU5yW977oS56thCNhgk2zbVZDA:ud4rPA1gpuU5yMx4fchR+i
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion