General
-
Target
ea9395739e2e21e415a2ec5b19ff1085_JaffaCakes118
-
Size
4.5MB
-
Sample
240919-ezs6xa1bkf
-
MD5
ea9395739e2e21e415a2ec5b19ff1085
-
SHA1
0194cef92ed83b9bdcd5e56f1e8b3ce0417325de
-
SHA256
259c26d577bb1a511d84944bb4da21b026365a468846064357d0ff3cc72a285b
-
SHA512
937e403aa25fbbaa49c26d70ef0d02a09ba5dbf39ac9916efab5678590d4df77273e871e350afa96ec6fde84a2896ea4c3414480584847efca02ac5d01540f31
-
SSDEEP
98304:Z84INza2jZzwgWNlz6M7Iwio5kaZOuqDCgVGooYVYqWw+iq8r:Z8xpjZez6vwiQqegpX
Malware Config
Targets
-
-
Target
ea9395739e2e21e415a2ec5b19ff1085_JaffaCakes118
-
Size
4.5MB
-
MD5
ea9395739e2e21e415a2ec5b19ff1085
-
SHA1
0194cef92ed83b9bdcd5e56f1e8b3ce0417325de
-
SHA256
259c26d577bb1a511d84944bb4da21b026365a468846064357d0ff3cc72a285b
-
SHA512
937e403aa25fbbaa49c26d70ef0d02a09ba5dbf39ac9916efab5678590d4df77273e871e350afa96ec6fde84a2896ea4c3414480584847efca02ac5d01540f31
-
SSDEEP
98304:Z84INza2jZzwgWNlz6M7Iwio5kaZOuqDCgVGooYVYqWw+iq8r:Z8xpjZez6vwiQqegpX
Score8/10-
Stops running service(s)
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1