4a599be4fdb5c028a8903d1a9921ecfeeb4bf1b37ed456f0307ce1ddc29c78ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfa5669e07c88cde6d331dbc84355e02_JaffaCakes118
Size

688KB
Sample

240914-g5prsa1cja
MD5

dfa5669e07c88cde6d331dbc84355e02
SHA1

cccb6ce7284fb0746d8858faa6df770adbe2bbec
SHA256

4a599be4fdb5c028a8903d1a9921ecfeeb4bf1b37ed456f0307ce1ddc29c78ad
SHA512

e9c431bf5d245e62ae531784b49050b62c140a617df0122a551f5cc71b22fd93c0df390c2015b420f44076906c009c51831f8c05d7a143dcc8b6896d3c9125e8
SSDEEP

12288:0uR9XiHuJRCDMqTsMo8W0VTVp0ZRHjfYxjztQtLexUNwyjkOqgT+OQp+IQ50:0SiOJRsMqFw010ZRHjoatCvyT+OQp+I7

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  dfa5669e07c88cde6d331dbc84355e02_JaffaCakes118
- Size
  
  688KB
- MD5
  
  dfa5669e07c88cde6d331dbc84355e02
- SHA1
  
  cccb6ce7284fb0746d8858faa6df770adbe2bbec
- SHA256
  
  4a599be4fdb5c028a8903d1a9921ecfeeb4bf1b37ed456f0307ce1ddc29c78ad
- SHA512
  
  e9c431bf5d245e62ae531784b49050b62c140a617df0122a551f5cc71b22fd93c0df390c2015b420f44076906c009c51831f8c05d7a143dcc8b6896d3c9125e8
- SSDEEP
  
  12288:0uR9XiHuJRCDMqTsMo8W0VTVp0ZRHjfYxjztQtLexUNwyjkOqgT+OQp+IQ50:0SiOJRsMqFw010ZRHjoatCvyT+OQp+I7
Score

7^/10

discovery evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion