0be691c6ca785aeb6c18b7544a160d78cd7e85f9c30b2e62d54ec39b83b9bff1 | Triage

Sharing

General

Target

e0aab02d148e304dcb3c0d05b9114eb9_JaffaCakes118
Size

1.0MB
Sample

240914-vzprgswemd
MD5

e0aab02d148e304dcb3c0d05b9114eb9
SHA1

ea645b43caffaecbcba9356fa85707c7d4541dcf
SHA256

0be691c6ca785aeb6c18b7544a160d78cd7e85f9c30b2e62d54ec39b83b9bff1
SHA512

36f6b80c53bcad2ca979e3ea2c11189bd5ee09122f20ae477600bafa3cacb8674189f4cc9329e27fbdf5ffe141cdb359f3f89a59b6aa5dc2b3e93dc35882c71c
SSDEEP

24576:bjhqSDKGWMEdM1+9wrxNO98NVxOVEC4OYpRnvC8p1MzdY:/ZkdMQyrxNO98XxO943pRnvfv

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  e0aab02d148e304dcb3c0d05b9114eb9_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  e0aab02d148e304dcb3c0d05b9114eb9
- SHA1
  
  ea645b43caffaecbcba9356fa85707c7d4541dcf
- SHA256
  
  0be691c6ca785aeb6c18b7544a160d78cd7e85f9c30b2e62d54ec39b83b9bff1
- SHA512
  
  36f6b80c53bcad2ca979e3ea2c11189bd5ee09122f20ae477600bafa3cacb8674189f4cc9329e27fbdf5ffe141cdb359f3f89a59b6aa5dc2b3e93dc35882c71c
- SSDEEP
  
  24576:bjhqSDKGWMEdM1+9wrxNO98NVxOVEC4OYpRnvC8p1MzdY:/ZkdMQyrxNO98XxO943pRnvfv
Score

10^/10

discovery evasion trojan
- UAC bypass
  evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasion