708658fe6c3fa65e026f739c1a58a4b69fb4a1162a230eac765f490e83387cc2 | Triage

Sharing

General

Target

ea91db5818e63b7f37e7b6e9f4bdb5bc_JaffaCakes118
Size

432KB
Sample

240919-ew37ps1alf
MD5

ea91db5818e63b7f37e7b6e9f4bdb5bc
SHA1

df083c0d2c4414bd916509a146e7fde3c036daee
SHA256

708658fe6c3fa65e026f739c1a58a4b69fb4a1162a230eac765f490e83387cc2
SHA512

5179f00d2a4ce2bd96832719be92b342b87dbd247ded38eba9c2fbdd422ce9957fcb5234f585cb70af6dad6ff5910030a0078a792f4bd1203101e9c669402bfb
SSDEEP

12288:vrLQZgH3MQkrBYP4VM1fAdHSTOfBRgGOiRtmrdCVtNp+h:vHyCwmP4CS94OfBRgeRt6UNs

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  ea91db5818e63b7f37e7b6e9f4bdb5bc_JaffaCakes118
- Size
  
  432KB
- MD5
  
  ea91db5818e63b7f37e7b6e9f4bdb5bc
- SHA1
  
  df083c0d2c4414bd916509a146e7fde3c036daee
- SHA256
  
  708658fe6c3fa65e026f739c1a58a4b69fb4a1162a230eac765f490e83387cc2
- SHA512
  
  5179f00d2a4ce2bd96832719be92b342b87dbd247ded38eba9c2fbdd422ce9957fcb5234f585cb70af6dad6ff5910030a0078a792f4bd1203101e9c669402bfb
- SSDEEP
  
  12288:vrLQZgH3MQkrBYP4VM1fAdHSTOfBRgGOiRtmrdCVtNp+h:vHyCwmP4CS94OfBRgeRt6UNs
Score

7^/10

discovery evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion