857c5d0a829681506a7427bf6c045a3a2dae47e012c35bd82060e0b992982a4f | Triage

Sharing

General

Target

ea737054d567b9c37288b81460060f52_JaffaCakes118
Size

1.3MB
Sample

240919-dby7ksxdpk
MD5

ea737054d567b9c37288b81460060f52
SHA1

11f4680c9d8beb2a0a3bc590a1ee08bffe9ab1ec
SHA256

857c5d0a829681506a7427bf6c045a3a2dae47e012c35bd82060e0b992982a4f
SHA512

cc44f499b057e88a5e1097fb365cc52442ccf26f542efec3b579ccf673da488714b069cfd2d3209ed9decc702390652e6b1f3910d721de6641201122429ba932
SSDEEP

24576:mrY9uiXCZEmH+AoNRx0Dz3QEZ3Ipm8BvQ+F+NWDpYtxrRLdPtNO:eiXC6mHRHQuO1InWDGtxrRJtk

Score

9^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  ea737054d567b9c37288b81460060f52_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  ea737054d567b9c37288b81460060f52
- SHA1
  
  11f4680c9d8beb2a0a3bc590a1ee08bffe9ab1ec
- SHA256
  
  857c5d0a829681506a7427bf6c045a3a2dae47e012c35bd82060e0b992982a4f
- SHA512
  
  cc44f499b057e88a5e1097fb365cc52442ccf26f542efec3b579ccf673da488714b069cfd2d3209ed9decc702390652e6b1f3910d721de6641201122429ba932
- SSDEEP
  
  24576:mrY9uiXCZEmH+AoNRx0Dz3QEZ3Ipm8BvQ+F+NWDpYtxrRLdPtNO:eiXC6mHRHQuO1InWDGtxrRJtk
Score

9^/10

discovery evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasion