e01e1d9577b817073482842767e19fb3a612d2b888496ab42a8a7822ee6eacb7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7954a22bd74f55269b887f6f48cf2d1_JaffaCakes118
Size

984KB
Sample

240822-pdpayaygmn
MD5

b7954a22bd74f55269b887f6f48cf2d1
SHA1

0d1e20eceaa47961318d97b7839f9f0fa62dae97
SHA256

e01e1d9577b817073482842767e19fb3a612d2b888496ab42a8a7822ee6eacb7
SHA512

d9d8f959e51d75b4026db1fee6faeb6580d291374226a581948a18157f68c9696aba6ee40bfdfa55b701cd8751d4104cd600d69869c96b3a9099b617086f7b34
SSDEEP

24576:/iy4TabEI+jyVs8R6H5KSissh09NIunhg7RtnNyMcgbi:KBagI+jFgRtNfcge

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  b7954a22bd74f55269b887f6f48cf2d1_JaffaCakes118
- Size
  
  984KB
- MD5
  
  b7954a22bd74f55269b887f6f48cf2d1
- SHA1
  
  0d1e20eceaa47961318d97b7839f9f0fa62dae97
- SHA256
  
  e01e1d9577b817073482842767e19fb3a612d2b888496ab42a8a7822ee6eacb7
- SHA512
  
  d9d8f959e51d75b4026db1fee6faeb6580d291374226a581948a18157f68c9696aba6ee40bfdfa55b701cd8751d4104cd600d69869c96b3a9099b617086f7b34
- SSDEEP
  
  24576:/iy4TabEI+jyVs8R6H5KSissh09NIunhg7RtnNyMcgbi:KBagI+jFgRtNfcge
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion