8e64f70e2c14e28f23433f06f1456584c7aea1ad658aa5661a2ba15e25b54924 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa522c4c6bad9a6b1173c3cdb295564b_JaffaCakes118
Size

1.9MB
Sample

240927-njbflazfqk
MD5

fa522c4c6bad9a6b1173c3cdb295564b
SHA1

1969703de708d139eb05c5bc3ed4c26f67b78719
SHA256

8e64f70e2c14e28f23433f06f1456584c7aea1ad658aa5661a2ba15e25b54924
SHA512

b8cf6efdb5be7bb5a5656610cba7a5a94ba82f96244ce1af181d6ca9880c7a0e0046dba8676576baff8afcf0d4830e80bde3bf872445fb31f57f74ebd5ae2949
SSDEEP

49152:HKA3Jm8yUKDseX2bOW/tdInO/2EvvALyaP:qAZmUjrbOW/MnOu4A9P

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  fa522c4c6bad9a6b1173c3cdb295564b_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  fa522c4c6bad9a6b1173c3cdb295564b
- SHA1
  
  1969703de708d139eb05c5bc3ed4c26f67b78719
- SHA256
  
  8e64f70e2c14e28f23433f06f1456584c7aea1ad658aa5661a2ba15e25b54924
- SHA512
  
  b8cf6efdb5be7bb5a5656610cba7a5a94ba82f96244ce1af181d6ca9880c7a0e0046dba8676576baff8afcf0d4830e80bde3bf872445fb31f57f74ebd5ae2949
- SSDEEP
  
  49152:HKA3Jm8yUKDseX2bOW/tdInO/2EvvALyaP:qAZmUjrbOW/MnOu4A9P
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion