c9a5a578c0ee00747f9b6511ad11cd568be769d3bff4f43ca7eb3e4378bf8bb1 | Triage

Sharing

General

Target

d2fea4ae9b191b43ab8701f1bc0ae33c_JaffaCakes118
Size

525KB
Sample

240907-2rv2vsscnb
MD5

d2fea4ae9b191b43ab8701f1bc0ae33c
SHA1

3108ffa78de2748c1c1d12af28b38d8877fca926
SHA256

c9a5a578c0ee00747f9b6511ad11cd568be769d3bff4f43ca7eb3e4378bf8bb1
SHA512

32f5034e86201843cdf033cf8a08418150729fb440f366566c2b55dc3f0aac0cf071dea21663e76a97de938eec7570a94b9dd95d9d6b1f412382d867398086b2
SSDEEP

12288:0jL/9FLoPuYRMQ9uudDcGL5+DLkla8DAqqFqqFqqJL:kLbL0u3utcGL5+DLaa8sqMqMqS

Score

9^/10

aspackv2 discovery evasion

Malware Config

Targets

- Target
  
  d2fea4ae9b191b43ab8701f1bc0ae33c_JaffaCakes118
- Size
  
  525KB
- MD5
  
  d2fea4ae9b191b43ab8701f1bc0ae33c
- SHA1
  
  3108ffa78de2748c1c1d12af28b38d8877fca926
- SHA256
  
  c9a5a578c0ee00747f9b6511ad11cd568be769d3bff4f43ca7eb3e4378bf8bb1
- SHA512
  
  32f5034e86201843cdf033cf8a08418150729fb440f366566c2b55dc3f0aac0cf071dea21663e76a97de938eec7570a94b9dd95d9d6b1f412382d867398086b2
- SSDEEP
  
  12288:0jL/9FLoPuYRMQ9uudDcGL5+DLkla8DAqqFqqFqqJL:kLbL0u3utcGL5+DLaa8sqMqMqS
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion