cb13319217c269d40846ce0d7ea785cffce80bcdb6b7196c89a6315004102015 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf0ecad9d64422e60c8987a2eb62d8ac_JaffaCakes118
Size

936KB
Sample

240824-vk2gqssarp
MD5

bf0ecad9d64422e60c8987a2eb62d8ac
SHA1

5c2c4af58c29cb4b71691d4d796b652bf6709afc
SHA256

cb13319217c269d40846ce0d7ea785cffce80bcdb6b7196c89a6315004102015
SHA512

903957c6b19eaa6437c03310dbe37e4fdfc73cb7ea5af115737c379c97e64747b3e982dd79a06d9200473a6be4be851cd8006968c9c61410222f214dc45889e7
SSDEEP

24576:JsUSMo6Jjmp4A8YkDZh06tirQXLDncZDPlG7382vxRVac:yp4hTiWgDNS5fVac

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  bf0ecad9d64422e60c8987a2eb62d8ac_JaffaCakes118
- Size
  
  936KB
- MD5
  
  bf0ecad9d64422e60c8987a2eb62d8ac
- SHA1
  
  5c2c4af58c29cb4b71691d4d796b652bf6709afc
- SHA256
  
  cb13319217c269d40846ce0d7ea785cffce80bcdb6b7196c89a6315004102015
- SHA512
  
  903957c6b19eaa6437c03310dbe37e4fdfc73cb7ea5af115737c379c97e64747b3e982dd79a06d9200473a6be4be851cd8006968c9c61410222f214dc45889e7
- SSDEEP
  
  24576:JsUSMo6Jjmp4A8YkDZh06tirQXLDncZDPlG7382vxRVac:yp4hTiWgDNS5fVac
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion