Overview

overview

9

Static

static

3

848c65b87a...18.exe

windows7-x64

9

848c65b87a...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    848c65b87a8e74c80e9176a104d5c354_JaffaCakes118

  • Size

    649KB

  • Sample

    241101-wc7t8ateqk

  • MD5

    848c65b87a8e74c80e9176a104d5c354

  • SHA1

    400d5317e31a0db90a8d41336ab442669ec87210

  • SHA256

    f483216d8fa9f77d58ec1921d1ebdf4c8fae9388e227fd691c0eb909f549136e

  • SHA512

    d442f6e1fb7f664aa31a64a2ba3c27ca43c43fc74cf62763b0888281595b5936ed9a2f384be02cabe352d2988036f83984539f03aabdb26b781a6a7a40e087d3

  • SSDEEP

    12288:/sg+72vlG3cDC0obLTyBrwJyx5H25qu8jmCuhveC40ujuLD2T+F7D1Vq+9N:bw3cm1TWC45HSj8svZP32T0P/quN

Score
9/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      848c65b87a8e74c80e9176a104d5c354_JaffaCakes118

    • Size

      649KB

    • MD5

      848c65b87a8e74c80e9176a104d5c354

    • SHA1

      400d5317e31a0db90a8d41336ab442669ec87210

    • SHA256

      f483216d8fa9f77d58ec1921d1ebdf4c8fae9388e227fd691c0eb909f549136e

    • SHA512

      d442f6e1fb7f664aa31a64a2ba3c27ca43c43fc74cf62763b0888281595b5936ed9a2f384be02cabe352d2988036f83984539f03aabdb26b781a6a7a40e087d3

    • SSDEEP

      12288:/sg+72vlG3cDC0obLTyBrwJyx5H25qu8jmCuhveC40ujuLD2T+F7D1Vq+9N:bw3cm1TWC45HSj8svZP32T0P/quN

    Score
    9/10
    discoveryevasiontrojan

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks