General
-
Target
be831033ea198845d6a3505495df0d20_JaffaCakes118
-
Size
840KB
-
Sample
241203-wccn3swlhs
-
MD5
be831033ea198845d6a3505495df0d20
-
SHA1
63f5838e08f77c339aee9a16cf81a584f9850c2f
-
SHA256
ede5edbf62e535b4738cc1300f85834b332b4ec68be8e5c51f4668e45a6b2051
-
SHA512
c3ed15bf50609934812ff82c678434d8e14f47537a6338fa84bbf84ef6052dc7dd27dfcf54b15e4b01586899234775b88bf1e2ee43fde24d7b6e8b7eb371f971
-
SSDEEP
24576:szZBVznxG4nMSoXTfmU7m3QdCM3lfeZ09wqo/E:2ZBO4MVzmEU4Bfy+b
Malware Config
Targets
-
-
Target
be831033ea198845d6a3505495df0d20_JaffaCakes118
-
Size
840KB
-
MD5
be831033ea198845d6a3505495df0d20
-
SHA1
63f5838e08f77c339aee9a16cf81a584f9850c2f
-
SHA256
ede5edbf62e535b4738cc1300f85834b332b4ec68be8e5c51f4668e45a6b2051
-
SHA512
c3ed15bf50609934812ff82c678434d8e14f47537a6338fa84bbf84ef6052dc7dd27dfcf54b15e4b01586899234775b88bf1e2ee43fde24d7b6e8b7eb371f971
-
SSDEEP
24576:szZBVznxG4nMSoXTfmU7m3QdCM3lfeZ09wqo/E:2ZBO4MVzmEU4Bfy+b
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
1File Deletion
1Modify Registry
1Virtualization/Sandbox Evasion
2