General
-
Target
2c46c6e79b001c4ed3b9535840644e40_JaffaCakes118
-
Size
881KB
-
Sample
241009-gyg4cs1cmf
-
MD5
2c46c6e79b001c4ed3b9535840644e40
-
SHA1
1bec5976194b01f3c461c0b28032317ecc0eba0e
-
SHA256
bcd043de37e79c8f607252cb2b298bf8510a96bbe87ebf08a0190e1096c8d59a
-
SHA512
77ab7b0d44531ba81c5cdb9181def4679bc621fb5ee655dca0711cf68568fe1d4fe002f6ca17b797d8fba2933ea33ca4164c90919420f32c16c06de34241f6f5
-
SSDEEP
12288:NFaBKmr8z1O9nsvgU2AL0BuBuAiLiNRMAF2M725EyXKW9C2d3z1QH:aBv8z1O9svgVAIuBXzNlcMGhHny
Malware Config
Targets
-
-
Target
2c46c6e79b001c4ed3b9535840644e40_JaffaCakes118
-
Size
881KB
-
MD5
2c46c6e79b001c4ed3b9535840644e40
-
SHA1
1bec5976194b01f3c461c0b28032317ecc0eba0e
-
SHA256
bcd043de37e79c8f607252cb2b298bf8510a96bbe87ebf08a0190e1096c8d59a
-
SHA512
77ab7b0d44531ba81c5cdb9181def4679bc621fb5ee655dca0711cf68568fe1d4fe002f6ca17b797d8fba2933ea33ca4164c90919420f32c16c06de34241f6f5
-
SSDEEP
12288:NFaBKmr8z1O9nsvgU2AL0BuBuAiLiNRMAF2M725EyXKW9C2d3z1QH:aBv8z1O9svgVAIuBXzNlcMGhHny
Score7/10-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-