894bd21bd80f13e045fb58754eb51ea21997d42f3261ccb6d469b3db0fa2c44c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f01b9b83fd052c246e26545bea0becc3_JaffaCakes118
Size

772KB
Sample

240921-s2wlpszdkf
MD5

f01b9b83fd052c246e26545bea0becc3
SHA1

f42a3e5bb2df23ba18144439cd7edbe24b31bb83
SHA256

894bd21bd80f13e045fb58754eb51ea21997d42f3261ccb6d469b3db0fa2c44c
SHA512

2923f1583bc181e44624d2c1bf24399c96f020ecf0d24205a3adec1bcdab508699d3aa1ac5bb73ac2fa630721e7527060f4e69688368c5845732115f5403f75b
SSDEEP

24576:4np7EoT+anu50jABxwCWK4+kyoYT+3/sef/qc:4p75TBABxNzkyoO+Ps6

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  f01b9b83fd052c246e26545bea0becc3_JaffaCakes118
- Size
  
  772KB
- MD5
  
  f01b9b83fd052c246e26545bea0becc3
- SHA1
  
  f42a3e5bb2df23ba18144439cd7edbe24b31bb83
- SHA256
  
  894bd21bd80f13e045fb58754eb51ea21997d42f3261ccb6d469b3db0fa2c44c
- SHA512
  
  2923f1583bc181e44624d2c1bf24399c96f020ecf0d24205a3adec1bcdab508699d3aa1ac5bb73ac2fa630721e7527060f4e69688368c5845732115f5403f75b
- SSDEEP
  
  24576:4np7EoT+anu50jABxwCWK4+kyoYT+3/sef/qc:4p75TBABxNzkyoO+Ps6
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion