1abecb2b80daae03b5c4d05eeeaead8b3f7e9f85c18db61a7b38cafde3d54bd1 | Triage

Sharing

General

Target

c856456ae5e1d253232805413cd0fc52_JaffaCakes118
Size

738KB
Sample

240829-gsrevaygkk
MD5

c856456ae5e1d253232805413cd0fc52
SHA1

9215d041278e6a331b5f017befa73c0a945513f4
SHA256

1abecb2b80daae03b5c4d05eeeaead8b3f7e9f85c18db61a7b38cafde3d54bd1
SHA512

7ceb9df9ae8baef508134ee53a190eaa51a38cf07e772e031dc2364b2270cdb260d32cd2bc79d84fd0903c8d3545588e34e4fc865d1abefe1d4f5f94ff201781
SSDEEP

12288:CNI4l2uVSU4Jc5EuMhAhEf9RBSKuHNd3LDtbc9OogV5deLmE6J4fWxYdR:C5PCqGhOhEVPduHrJc9OXp2fWK

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  c856456ae5e1d253232805413cd0fc52_JaffaCakes118
- Size
  
  738KB
- MD5
  
  c856456ae5e1d253232805413cd0fc52
- SHA1
  
  9215d041278e6a331b5f017befa73c0a945513f4
- SHA256
  
  1abecb2b80daae03b5c4d05eeeaead8b3f7e9f85c18db61a7b38cafde3d54bd1
- SHA512
  
  7ceb9df9ae8baef508134ee53a190eaa51a38cf07e772e031dc2364b2270cdb260d32cd2bc79d84fd0903c8d3545588e34e4fc865d1abefe1d4f5f94ff201781
- SSDEEP
  
  12288:CNI4l2uVSU4Jc5EuMhAhEf9RBSKuHNd3LDtbc9OogV5deLmE6J4fWxYdR:C5PCqGhOhEVPduHrJc9OXp2fWK
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion