e374e3322174548296d1b6c4fdcd8cb415328ee14fd2dd690579c384c0942c94 | Triage

Sharing

General

Target

15be839d4192a64c7ae5acaa80d897fa_JaffaCakes118
Size

1.8MB
Sample

241005-ckgs8atdme
MD5

15be839d4192a64c7ae5acaa80d897fa
SHA1

bc7e2db894665e472179a649d48874c2adea07ff
SHA256

e374e3322174548296d1b6c4fdcd8cb415328ee14fd2dd690579c384c0942c94
SHA512

4c627c138bc889d6febc994bd21e6f2be2b72f3a5d4a79bdc5301508bbeedb2b1f9451bbd04b211defddf8ccfe47b7260cd3a5e368eaa9494d03effdf0a3b5f4
SSDEEP

24576:u6mFBlaYARIRWidbqlIo50HuyHZZdQft68obHwClL7ljW1t4udlYs4HAzbR:uhFraMbolI20O8QglFjCVcs2Azb

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  15be839d4192a64c7ae5acaa80d897fa_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  15be839d4192a64c7ae5acaa80d897fa
- SHA1
  
  bc7e2db894665e472179a649d48874c2adea07ff
- SHA256
  
  e374e3322174548296d1b6c4fdcd8cb415328ee14fd2dd690579c384c0942c94
- SHA512
  
  4c627c138bc889d6febc994bd21e6f2be2b72f3a5d4a79bdc5301508bbeedb2b1f9451bbd04b211defddf8ccfe47b7260cd3a5e368eaa9494d03effdf0a3b5f4
- SSDEEP
  
  24576:u6mFBlaYARIRWidbqlIo50HuyHZZdQft68obHwClL7ljW1t4udlYs4HAzbR:uhFraMbolI20O8QglFjCVcs2Azb
Score

7^/10

discovery evasion trojan
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan