05b644656378330614e5edb705a0cbc93c98ee7940864d48c8e5bb8a73599ab6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118
Size

697KB
Sample

240907-m2n9qs1bpa
MD5

d1c6dbb3436f9eeb0b358bba2df42ec4
SHA1

ebae489645b984b7f38f5608b3a86680e9f014cd
SHA256

05b644656378330614e5edb705a0cbc93c98ee7940864d48c8e5bb8a73599ab6
SHA512

053abc7f2d0b95f012675d6a7295c44634eaba04fabf30638951dfa995a06555019381d475a9c5aa54e75daca0f33684c410a8e2c3f7e202ed8820f547c20775
SSDEEP

12288:HOKLaeVlr1JGDb1scd6SNouvXM1otw+qItSRkEqe+bOD5W+bPgUDuUAzsqnu+Yu8:l9tcd6SNoy81yw+OwOD0yPgQos+uTx

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118
- Size
  
  697KB
- MD5
  
  d1c6dbb3436f9eeb0b358bba2df42ec4
- SHA1
  
  ebae489645b984b7f38f5608b3a86680e9f014cd
- SHA256
  
  05b644656378330614e5edb705a0cbc93c98ee7940864d48c8e5bb8a73599ab6
- SHA512
  
  053abc7f2d0b95f012675d6a7295c44634eaba04fabf30638951dfa995a06555019381d475a9c5aa54e75daca0f33684c410a8e2c3f7e202ed8820f547c20775
- SSDEEP
  
  12288:HOKLaeVlr1JGDb1scd6SNouvXM1otw+qItSRkEqe+bOD5W+bPgUDuUAzsqnu+Yu8:l9tcd6SNoy81yw+OwOD0yPgQos+uTx
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion