Overview

overview

7

Static

static

3

de44fab031...18.exe

windows7-x64

7

de44fab031...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    de44fab031822cde7937c0ac77a9d9fd_JaffaCakes118

  • Size

    920KB

  • Sample

    240913-nz289azgpb

  • MD5

    de44fab031822cde7937c0ac77a9d9fd

  • SHA1

    4bd10ba8fffdf7c9bae96a56c3c7b1873fd03985

  • SHA256

    fc694ec63a52725b50b2d208b510b23ed36e3115c411aabe8964c34ac393cbc6

  • SHA512

    f92917d72bf495d8abb9e38b9a74c8a453bde7345b450fe6ea72b12106d2c85dd211383532df7050e7cf41592652220adbd4c53d51d91fc8b001b276b4f4ecc8

  • SSDEEP

    24576:QEXv7J8gOIUje+i8Qdo1irOfbbGeVOfUa20:QE/y7iQ1f8s

Score
7/10
discoveryevasion

Malware Config

Targets

    • Target

      de44fab031822cde7937c0ac77a9d9fd_JaffaCakes118

    • Size

      920KB

    • MD5

      de44fab031822cde7937c0ac77a9d9fd

    • SHA1

      4bd10ba8fffdf7c9bae96a56c3c7b1873fd03985

    • SHA256

      fc694ec63a52725b50b2d208b510b23ed36e3115c411aabe8964c34ac393cbc6

    • SHA512

      f92917d72bf495d8abb9e38b9a74c8a453bde7345b450fe6ea72b12106d2c85dd211383532df7050e7cf41592652220adbd4c53d51d91fc8b001b276b4f4ecc8

    • SSDEEP

      24576:QEXv7J8gOIUje+i8Qdo1irOfbbGeVOfUa20:QE/y7iQ1f8s

    Score
    7/10
    discoveryevasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks