77aefb8211f43958a9d440ff3ccbf144d43d5ea06bb3b60614d2db647c3e3a75 | Triage

Sharing

General

Target

09c674a79db0d17fcce913f622a8c30d_JaffaCakes118
Size

714KB
Sample

241002-kecw3swgln
MD5

09c674a79db0d17fcce913f622a8c30d
SHA1

887f3d54a02e7622fdee9f5fe4d5817b48a10f1f
SHA256

77aefb8211f43958a9d440ff3ccbf144d43d5ea06bb3b60614d2db647c3e3a75
SHA512

7d01c33b584c977fafb8980b6ee0b4dadac5b1ac6d20215f3bdb86d8496d3611c5ce45b4097b737c2b75703218766166561f47b0978d798293c578662fd3bc9b
SSDEEP

12288:6OcOOrJiJJrFZ5VOlzL02ub/3a8f1fcgrr7N/S/qWk1RvWSfrILoWTL/Y/ko0ppa:6xdr0ZoI22Ffcgr3Z0q1RvWS0LbA/kba

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  09c674a79db0d17fcce913f622a8c30d_JaffaCakes118
- Size
  
  714KB
- MD5
  
  09c674a79db0d17fcce913f622a8c30d
- SHA1
  
  887f3d54a02e7622fdee9f5fe4d5817b48a10f1f
- SHA256
  
  77aefb8211f43958a9d440ff3ccbf144d43d5ea06bb3b60614d2db647c3e3a75
- SHA512
  
  7d01c33b584c977fafb8980b6ee0b4dadac5b1ac6d20215f3bdb86d8496d3611c5ce45b4097b737c2b75703218766166561f47b0978d798293c578662fd3bc9b
- SSDEEP
  
  12288:6OcOOrJiJJrFZ5VOlzL02ub/3a8f1fcgrr7N/S/qWk1RvWSfrILoWTL/Y/ko0ppa:6xdr0ZoI22Ffcgr3Z0q1RvWS0LbA/kba
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2