d35b7657fbd48ab08b72ffa7b24324c1c9af16dfee8aa6e4789981cb99bb6178 | Triage

Sharing

General

Target

3ebf58b88372969befd563158b0ee074_JaffaCakes118
Size

811KB
Sample

241013-j3z6vawfnd
MD5

3ebf58b88372969befd563158b0ee074
SHA1

4c0199e92347949bc017bac89c5df4fa909f5881
SHA256

d35b7657fbd48ab08b72ffa7b24324c1c9af16dfee8aa6e4789981cb99bb6178
SHA512

1b187976699a1c4cac476e9198b1cbed18a5913c6fc4e32e8bc71f37d5204e92f4f429eac0a1e3751f4e9a9890cdd1cea98ac89d715eb6e6e8fc9bee8a4c9003
SSDEEP

12288:v6PDMWiMRNIz/KSRUstGsyBTpcXn0GgznbSgJUGtOfcphVhRef9eAIoqtH:vkXiueK0UstGsyBTwAqGHVnef9eAGtH

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  3ebf58b88372969befd563158b0ee074_JaffaCakes118
- Size
  
  811KB
- MD5
  
  3ebf58b88372969befd563158b0ee074
- SHA1
  
  4c0199e92347949bc017bac89c5df4fa909f5881
- SHA256
  
  d35b7657fbd48ab08b72ffa7b24324c1c9af16dfee8aa6e4789981cb99bb6178
- SHA512
  
  1b187976699a1c4cac476e9198b1cbed18a5913c6fc4e32e8bc71f37d5204e92f4f429eac0a1e3751f4e9a9890cdd1cea98ac89d715eb6e6e8fc9bee8a4c9003
- SSDEEP
  
  12288:v6PDMWiMRNIz/KSRUstGsyBTpcXn0GgznbSgJUGtOfcphVhRef9eAIoqtH:vkXiueK0UstGsyBTwAqGHVnef9eAGtH
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2