b6b8719f5063b0d321be80f7095df423be333524b1e495a451232f9c5cdc3d48 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

059185eb830b8549e7a2df0bee762a69_JaffaCakes118
Size

815KB
Sample

241001-m6lz6swcmn
MD5

059185eb830b8549e7a2df0bee762a69
SHA1

f6806041ea5b5c054a584364b5092204be517517
SHA256

b6b8719f5063b0d321be80f7095df423be333524b1e495a451232f9c5cdc3d48
SHA512

35506e0c3a84946ad313a7678ca0876d85f875fdc21d247072ad14c2c7e95466fc1d35f2ae868181692f741e60d1c2f48c687fe0b7f8b960bc0157bba756379e
SSDEEP

12288:V/C7wR3t7ZESttwWYSIk9/LjMiS59VZsPH5HLjC6mW0EZ9ty4B8WYrQvlPYPOQ3M:8UrYSIkxvMV5Cv5rjC6mWZ9cWYCwPp5+

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  059185eb830b8549e7a2df0bee762a69_JaffaCakes118
- Size
  
  815KB
- MD5
  
  059185eb830b8549e7a2df0bee762a69
- SHA1
  
  f6806041ea5b5c054a584364b5092204be517517
- SHA256
  
  b6b8719f5063b0d321be80f7095df423be333524b1e495a451232f9c5cdc3d48
- SHA512
  
  35506e0c3a84946ad313a7678ca0876d85f875fdc21d247072ad14c2c7e95466fc1d35f2ae868181692f741e60d1c2f48c687fe0b7f8b960bc0157bba756379e
- SSDEEP
  
  12288:V/C7wR3t7ZESttwWYSIk9/LjMiS59VZsPH5HLjC6mW0EZ9ty4B8WYrQvlPYPOQ3M:8UrYSIkxvMV5Cv5rjC6mWZ9cWYCwPp5+
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2