General
-
Target
b3d6293f5ae50f6861211c7d03569ef6_JaffaCakes118
-
Size
719KB
-
Sample
240821-rvgzasxaqn
-
MD5
b3d6293f5ae50f6861211c7d03569ef6
-
SHA1
8c1e1b8812a9fcd4c149ef7eeb2f5b7db8978ee8
-
SHA256
08eaad0edf24023dd354bbf87bf57b02f41ee5f214df0bcc8509b265f17c0e86
-
SHA512
59cdfeb7026a0064b4874e58bf4e8600e1c7d948ca6cd9375619b6e3c90eb8cf03d419b963aac72b09f5fdbf181665cf040957737d13f27b105b83bf74c04700
-
SSDEEP
12288:AZ+P8/0IWk1rtHvWssOmNgQ6DMY2cO8qLKLfY/ZnmaRoSmCqK5hIqlDG:4/0bcrtHBmNtS2x8sKTjNSmHyRl
Malware Config
Targets
-
-
Target
b3d6293f5ae50f6861211c7d03569ef6_JaffaCakes118
-
Size
719KB
-
MD5
b3d6293f5ae50f6861211c7d03569ef6
-
SHA1
8c1e1b8812a9fcd4c149ef7eeb2f5b7db8978ee8
-
SHA256
08eaad0edf24023dd354bbf87bf57b02f41ee5f214df0bcc8509b265f17c0e86
-
SHA512
59cdfeb7026a0064b4874e58bf4e8600e1c7d948ca6cd9375619b6e3c90eb8cf03d419b963aac72b09f5fdbf181665cf040957737d13f27b105b83bf74c04700
-
SSDEEP
12288:AZ+P8/0IWk1rtHvWssOmNgQ6DMY2cO8qLKLfY/ZnmaRoSmCqK5hIqlDG:4/0bcrtHBmNtS2x8sKTjNSmHyRl
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
1Virtualization/Sandbox Evasion
1