c1da97550f849ae2bf8fd308c4c7703278dcb8628b71d610e8e94c7c773a1ee0 | Triage

Sharing

General

Target

f505de3e57a38863c6bc99b1c5a774a2_JaffaCakes118
Size

1.9MB
Sample

240925-df6r8athjd
MD5

f505de3e57a38863c6bc99b1c5a774a2
SHA1

16438b8db2440a0fc2619b5d14c9a6f38f7fec7d
SHA256

c1da97550f849ae2bf8fd308c4c7703278dcb8628b71d610e8e94c7c773a1ee0
SHA512

4453424e3abfbbdc13ba6520a0221991a6059a30426fc142811ec1157f562dd1f7a0bf1c5a0cf2d65ed072d3b8e82355caa47de24e0e714b5fc81669b6f67baf
SSDEEP

49152:si6H6C21MRe55CsXmySdCDMKfN7HH/Mn4TcQZ54K5:sH21Se5YsXmySM4wND89QvZ5

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  f505de3e57a38863c6bc99b1c5a774a2_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  f505de3e57a38863c6bc99b1c5a774a2
- SHA1
  
  16438b8db2440a0fc2619b5d14c9a6f38f7fec7d
- SHA256
  
  c1da97550f849ae2bf8fd308c4c7703278dcb8628b71d610e8e94c7c773a1ee0
- SHA512
  
  4453424e3abfbbdc13ba6520a0221991a6059a30426fc142811ec1157f562dd1f7a0bf1c5a0cf2d65ed072d3b8e82355caa47de24e0e714b5fc81669b6f67baf
- SSDEEP
  
  49152:si6H6C21MRe55CsXmySdCDMKfN7HH/Mn4TcQZ54K5:sH21Se5YsXmySM4wND89QvZ5
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion