Overview

overview

7

Static

static

7

Correspond...al.exe

windows7-x64

7

Correspond...al.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0994e75c79923d8379764b977a59e57f_JaffaCakes118

  • Size

    661KB

  • Sample

    241002-jgaztsybjb

  • MD5

    0994e75c79923d8379764b977a59e57f

  • SHA1

    8863596aeddefdcd4d0ea55ba229ad8814c6d896

  • SHA256

    561c5a85c5f279e6d2b38d105cfb4f2556e7a9f1d730359e1463fe0ba004ae04

  • SHA512

    f885a272456ad7b15c45a8c16ee8e32cc067b8d4b8f727fc4e87178f6e2ace4405c825afa4ae573399e6b0efc75e0864e98185a5630cae8e3a61cf3fa3f5f982

  • SSDEEP

    12288:vSXa+Jnet0khUA815FrM8EyE41o4knnE4ldb4fvSDEFhjnO6nXjtiXytg:ea+o0+UAkM14SXEgufvBhjnOQjtiXyu

Score
7/10
discoveryevasionthemida

Malware Config

Targets

    • Target

      Correspondencia_Digital.exe

    • Size

      673KB

    • MD5

      d07d7fe4ed884ddfe8926b9d47c8e09f

    • SHA1

      5c819af49d58fefa6aeb7b783ca4df4facc79d72

    • SHA256

      6eb125810384e179d2504c0ce9785f953300d480d71b55390729324cdd005abd

    • SHA512

      dd1210e6c79041f2fd979b7683f378dfcc40be8bd56e652bb0f020967717ca060caf6f52c593927b2864ed1abbed3bc4bd91846fc045be231e3737695ab96267

    • SSDEEP

      12288:zbG4r0+7nOiWmjDFXg7QMLWN48w/OD7DkMR8S8d2LwEnMuaIg5ID7Fx6H6rl:zbGO0EZ5P4s48Ug7QMT8d6wMaIgeXFxp

    Score
    7/10
    evasionthemidadiscovery

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks