224dacbc7b10c443bdeb8f036e0db243c8bca62b4271910b15a2e50206befa23 | Triage

Sharing

General

Target

f1b1e7b883d00659b6e88f7d21d13c93_JaffaCakes118
Size

701KB
Sample

240415-w2zj5sfd7v
MD5

f1b1e7b883d00659b6e88f7d21d13c93
SHA1

29da8e8e295a7cdc7cfe4e7b73c24785542e41b3
SHA256

224dacbc7b10c443bdeb8f036e0db243c8bca62b4271910b15a2e50206befa23
SHA512

7a07813b04a6e14a6e42c92678c4e68afcec0ae738eee7eadc4bcc4d6ca4688d0791e38720b8880f59d55101333b7505187a999c075c97045a408309db4c4d4b
SSDEEP

12288:ZBwq6VFMFXpComESVXbTcUNUQ8Oog2cazH+jUv7wIHylWmFDwqJd/O1:/B6VF8C1ESVXboH9jVHF7wIHgHF3/O1

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  f1b1e7b883d00659b6e88f7d21d13c93_JaffaCakes118
- Size
  
  701KB
- MD5
  
  f1b1e7b883d00659b6e88f7d21d13c93
- SHA1
  
  29da8e8e295a7cdc7cfe4e7b73c24785542e41b3
- SHA256
  
  224dacbc7b10c443bdeb8f036e0db243c8bca62b4271910b15a2e50206befa23
- SHA512
  
  7a07813b04a6e14a6e42c92678c4e68afcec0ae738eee7eadc4bcc4d6ca4688d0791e38720b8880f59d55101333b7505187a999c075c97045a408309db4c4d4b
- SSDEEP
  
  12288:ZBwq6VFMFXpComESVXbTcUNUQ8Oog2cazH+jUv7wIHylWmFDwqJd/O1:/B6VF8C1ESVXboH9jVHF7wIHgHF3/O1
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2