9e72dff7cce25047acb94afa840cc58f39088c9b9c1b9b7b91de2ec894d71d81 | Triage

Sharing

General

Target

3deebc449901aa636ea37f9afdce09a8_JaffaCakes118
Size

2.9MB
Sample

241013-fmqexszfrf
MD5

3deebc449901aa636ea37f9afdce09a8
SHA1

6cc9019fd8c3702bf6c935267714f56b84d39322
SHA256

9e72dff7cce25047acb94afa840cc58f39088c9b9c1b9b7b91de2ec894d71d81
SHA512

71212f771bd74661eb28f3d5704bbc3bba71ab507ecb8a176f8a1fef65bd1a3dc56a558f93be827e8a47b29a3247cc791f3c5c8929106978c8d55260cf8ca979
SSDEEP

49152:25GxM1/vGppvwIgM9eiiNZfcV5HjO8BSiNfwqLEbssPb9/dPmQPvzg9:cGx8/vQ139+NadjOiNfRKjTnPmQPvzk

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  3deebc449901aa636ea37f9afdce09a8_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  3deebc449901aa636ea37f9afdce09a8
- SHA1
  
  6cc9019fd8c3702bf6c935267714f56b84d39322
- SHA256
  
  9e72dff7cce25047acb94afa840cc58f39088c9b9c1b9b7b91de2ec894d71d81
- SHA512
  
  71212f771bd74661eb28f3d5704bbc3bba71ab507ecb8a176f8a1fef65bd1a3dc56a558f93be827e8a47b29a3247cc791f3c5c8929106978c8d55260cf8ca979
- SSDEEP
  
  49152:25GxM1/vGppvwIgM9eiiNZfcV5HjO8BSiNfwqLEbssPb9/dPmQPvzg9:cGx8/vQ139+NadjOiNfRKjTnPmQPvzk
Score

7^/10

discovery evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasion