b6944a41b3c2a52777276ad2574234f8adf0016858e4e7079a89653122e33eb2 | Triage

Sharing

General

Target

ba314d4ff578ef84b0ba0bf5d2f61320_JaffaCakes118
Size

1.9MB
Sample

240823-d3sh4stanf
MD5

ba314d4ff578ef84b0ba0bf5d2f61320
SHA1

ab9cba53f35567f91c53bb5089e2efd6517a2b0f
SHA256

b6944a41b3c2a52777276ad2574234f8adf0016858e4e7079a89653122e33eb2
SHA512

15f0257b0e17ad77e4cd4d977248668300b2aea5bead649638927f24df37ea6c7da2402095f4e736167a9415ba64a10ca760bcca41b64b7b15f25d566d35572b
SSDEEP

49152:lKGBTgYZ6G+tsivOCzWcQ5A+NE4qPeabVrsnj4:cGJx6W6OCicsNE4qPFR4n0

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  ba314d4ff578ef84b0ba0bf5d2f61320_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  ba314d4ff578ef84b0ba0bf5d2f61320
- SHA1
  
  ab9cba53f35567f91c53bb5089e2efd6517a2b0f
- SHA256
  
  b6944a41b3c2a52777276ad2574234f8adf0016858e4e7079a89653122e33eb2
- SHA512
  
  15f0257b0e17ad77e4cd4d977248668300b2aea5bead649638927f24df37ea6c7da2402095f4e736167a9415ba64a10ca760bcca41b64b7b15f25d566d35572b
- SSDEEP
  
  49152:lKGBTgYZ6G+tsivOCzWcQ5A+NE4qPeabVrsnj4:cGJx6W6OCicsNE4qPFR4n0
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion