Overview

overview

7

Static

static

7

1e4772da92...18.exe

windows7-x64

7

1e4772da92...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e4772da921c3e14e53203e91e8faaae_JaffaCakes118

  • Size

    612KB

  • Sample

    240702-g1x8cszdnc

  • MD5

    1e4772da921c3e14e53203e91e8faaae

  • SHA1

    7af06ba77c7bc5c1d9065379b73bd859b9badae9

  • SHA256

    f22918a21817acf20d5450586f54caf11de888eb967676a82940a34a9fadaa3a

  • SHA512

    f4502f0ff7b436626e14b351ea471c2c739665bef0322be2bb2b66253ae9a31818a02dda40a9777e0442b7ddb298a8d85fa0816ab6cd9720cd9cf4a6df773435

  • SSDEEP

    12288:vZgKOZ8ZmG8+nMRaLlCOS1UxgmTCfblyofjemfu5fl7Fs0hcCmBQdX+yMKyE2M:RfOZ8ZmtWRCOZtTCDL6aoRhcCmufh

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      1e4772da921c3e14e53203e91e8faaae_JaffaCakes118

    • Size

      612KB

    • MD5

      1e4772da921c3e14e53203e91e8faaae

    • SHA1

      7af06ba77c7bc5c1d9065379b73bd859b9badae9

    • SHA256

      f22918a21817acf20d5450586f54caf11de888eb967676a82940a34a9fadaa3a

    • SHA512

      f4502f0ff7b436626e14b351ea471c2c739665bef0322be2bb2b66253ae9a31818a02dda40a9777e0442b7ddb298a8d85fa0816ab6cd9720cd9cf4a6df773435

    • SSDEEP

      12288:vZgKOZ8ZmG8+nMRaLlCOS1UxgmTCfblyofjemfu5fl7Fs0hcCmBQdX+yMKyE2M:RfOZ8ZmtWRCOZtTCDL6aoRhcCmufh

    Score
    7/10
    evasionthemida

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks