bb094bd269012c19f53836f93919b88898e4f4141781e8bb32e3c885575b16ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffcd73975684aea83c6ad0a518d3af2d_JaffaCakes118
Size

393KB
Sample

240930-da4qnstgnj
MD5

ffcd73975684aea83c6ad0a518d3af2d
SHA1

47d1512a1eec41e6b7e38ac3135853f4b0f82a66
SHA256

bb094bd269012c19f53836f93919b88898e4f4141781e8bb32e3c885575b16ca
SHA512

c781ad1faf4666f5425f5141bdad0fed11a2ec8488008689e149bdb0d71f11c34040020dbbcb293ec9d89b03d5094d9ebd38244e73f75dc75920c4bd1f59bfd0
SSDEEP

12288:ANZ0gokvOSPArxgINZNQA85txaeU3oJtdjmGDt7/2kMF4f:ANZfDFIrxNNZP8jAeU3opCaikMF

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  ffcd73975684aea83c6ad0a518d3af2d_JaffaCakes118
- Size
  
  393KB
- MD5
  
  ffcd73975684aea83c6ad0a518d3af2d
- SHA1
  
  47d1512a1eec41e6b7e38ac3135853f4b0f82a66
- SHA256
  
  bb094bd269012c19f53836f93919b88898e4f4141781e8bb32e3c885575b16ca
- SHA512
  
  c781ad1faf4666f5425f5141bdad0fed11a2ec8488008689e149bdb0d71f11c34040020dbbcb293ec9d89b03d5094d9ebd38244e73f75dc75920c4bd1f59bfd0
- SSDEEP
  
  12288:ANZ0gokvOSPArxgINZNQA85txaeU3oJtdjmGDt7/2kMF4f:ANZfDFIrxNNZP8jAeU3opCaikMF
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion