Overview

overview

8

Static

static

3

eacd2953f3...18.exe

windows7-x64

8

eacd2953f3...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eacd2953f341d15c5da324428b0da54b_JaffaCakes118

  • Size

    856KB

  • Sample

    240919-hqdxeawcqa

  • MD5

    eacd2953f341d15c5da324428b0da54b

  • SHA1

    52afd061c404d4886a35c147926df116dffa3e08

  • SHA256

    92c4f470ca756f46e038b4363729300aa0da8dfccbee60ca7b7b4c52d0d6c1fb

  • SHA512

    ba0fa95082b43e8d4da3fe4d08d357f533ebcda78bebf73667e5e3b93365a6d9a66a71cfd47815970b2c7c003c7551a21a0ded4cf3e18f5ca3b07219c0e748d3

  • SSDEEP

    24576:Kxz0H2vz8No857XeKOVejYFSMHTLpPHugwcvlp2HRW0uyEMcc:Kp98gVKAH5Hl8HRW0uymc

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      eacd2953f341d15c5da324428b0da54b_JaffaCakes118

    • Size

      856KB

    • MD5

      eacd2953f341d15c5da324428b0da54b

    • SHA1

      52afd061c404d4886a35c147926df116dffa3e08

    • SHA256

      92c4f470ca756f46e038b4363729300aa0da8dfccbee60ca7b7b4c52d0d6c1fb

    • SHA512

      ba0fa95082b43e8d4da3fe4d08d357f533ebcda78bebf73667e5e3b93365a6d9a66a71cfd47815970b2c7c003c7551a21a0ded4cf3e18f5ca3b07219c0e748d3

    • SSDEEP

      24576:Kxz0H2vz8No857XeKOVejYFSMHTLpPHugwcvlp2HRW0uyEMcc:Kp98gVKAH5Hl8HRW0uymc

    Score
    8/10
    discoveryevasionpersistence

    • Drops file in Drivers directory

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks