Overview

overview

10

Static

static

7

901ae6b2d0...18.exe

windows7-x64

10

901ae6b2d0...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    901ae6b2d03037af2c09a96300d4fd57_JaffaCakes118

  • Size

    2.8MB

  • Sample

    241123-xpcehsxmer

  • MD5

    901ae6b2d03037af2c09a96300d4fd57

  • SHA1

    6cd4cb350e08cb4fb1f8249879a2ecad27ab3ef7

  • SHA256

    b7a29dd718c9421497edddd75b57fb4c85298bc8d5cff13263912c78cf92e06a

  • SHA512

    c348aaddceb82ee2cffef0eece4c34314eca6e08701d94d6ea90f769ae32457fe55286063e0d4c60c46df6d755cdb810e4f5c8abc193d2ef5d554f91fbc5a718

  • SSDEEP

    49152:T9O1ypWNJ11iKmn0R9uKPgnOuJ6ojtbgQQtx7kDLgqymaRyLay6WTzMZZe:T9O1ypWR1nm+zPf66o5sQQtxgfpymaRi

Score
10/10
discoveryevasionpersistencethemida

Malware Config

Targets

    • Target

      901ae6b2d03037af2c09a96300d4fd57_JaffaCakes118

    • Size

      2.8MB

    • MD5

      901ae6b2d03037af2c09a96300d4fd57

    • SHA1

      6cd4cb350e08cb4fb1f8249879a2ecad27ab3ef7

    • SHA256

      b7a29dd718c9421497edddd75b57fb4c85298bc8d5cff13263912c78cf92e06a

    • SHA512

      c348aaddceb82ee2cffef0eece4c34314eca6e08701d94d6ea90f769ae32457fe55286063e0d4c60c46df6d755cdb810e4f5c8abc193d2ef5d554f91fbc5a718

    • SSDEEP

      49152:T9O1ypWNJ11iKmn0R9uKPgnOuJ6ojtbgQQtx7kDLgqymaRyLay6WTzMZZe:T9O1ypWR1nm+zPf66o5sQQtxgfpymaRi

    Score
    10/10
    discoveryevasionpersistencethemida

    • Modifies WinLogon for persistence

      persistence

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks