neshta | ef3a99af23b9f0078f49ebc2b2374f2a000d5500716953de0d3943ccd6ed2cbb | Triage

Sharing

General

Target

JaffaCakes118_00c180e1763728f7114a83881921c364
Size

8.3MB
Sample

250105-25hcxs1jel
MD5

00c180e1763728f7114a83881921c364
SHA1

24e9c45eb2d38776a0d6ce8b6d63c7d6bd238c27
SHA256

ef3a99af23b9f0078f49ebc2b2374f2a000d5500716953de0d3943ccd6ed2cbb
SHA512

f699c3344da38f68e5b72f27ed0d7d7c5353a6109a049d7fa7ee680337515a20e4d969ef83f3369ef544f72149da0e5c19b3ba1e6f79fabefdb3c330850cd677
SSDEEP

196608:02IGbIFIvCgcO9R3HQ7343j8TQ3e50jZ7WIwd58zOoGbj:02nhqOTg7o3uQO+jUIwj8zOoEj

Score

10^/10

neshta discovery evasion

Malware Config

Targets

- Target
  
  JaffaCakes118_00c180e1763728f7114a83881921c364
- Size
  
  8.3MB
- MD5
  
  00c180e1763728f7114a83881921c364
- SHA1
  
  24e9c45eb2d38776a0d6ce8b6d63c7d6bd238c27
- SHA256
  
  ef3a99af23b9f0078f49ebc2b2374f2a000d5500716953de0d3943ccd6ed2cbb
- SHA512
  
  f699c3344da38f68e5b72f27ed0d7d7c5353a6109a049d7fa7ee680337515a20e4d969ef83f3369ef544f72149da0e5c19b3ba1e6f79fabefdb3c330850cd677
- SSDEEP
  
  196608:02IGbIFIvCgcO9R3HQ7343j8TQ3e50jZ7WIwd58zOoGbj:02nhqOTg7o3uQO+jUIwj8zOoEj
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion