b70afaf07d53ee222132b586aed31a5872a1f3543ca9d942f00d356e4e44ec89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

031cba19c240742042751c073e59d8cc_JaffaCakes118
Size

1.2MB
Sample

240930-y278dsxdph
MD5

031cba19c240742042751c073e59d8cc
SHA1

1fca2def2bf8b5f2fcd81edf28b78a868e3f2603
SHA256

b70afaf07d53ee222132b586aed31a5872a1f3543ca9d942f00d356e4e44ec89
SHA512

e597d9d9a71476e33576cd0e1a3e6b985bb29d233c36859646d5e55bebca49cf87b64ddbfb6f188f7576e9a6841fa29ab839b9ad42eadd532793bf13a433a25d
SSDEEP

24576:GT9bJ5NtgwjA3Sf1Y9eZCnR5PGXiatkVV3JjYX:GxbJ5NOWACdVwUztkVt5

Score

7^/10

discovery evasion

Malware Config

Targets

- Target
  
  031cba19c240742042751c073e59d8cc_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  031cba19c240742042751c073e59d8cc
- SHA1
  
  1fca2def2bf8b5f2fcd81edf28b78a868e3f2603
- SHA256
  
  b70afaf07d53ee222132b586aed31a5872a1f3543ca9d942f00d356e4e44ec89
- SHA512
  
  e597d9d9a71476e33576cd0e1a3e6b985bb29d233c36859646d5e55bebca49cf87b64ddbfb6f188f7576e9a6841fa29ab839b9ad42eadd532793bf13a433a25d
- SSDEEP
  
  24576:GT9bJ5NtgwjA3Sf1Y9eZCnR5PGXiatkVV3JjYX:GxbJ5NOWACdVwUztkVt5
Score

7^/10

discovery evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion