11c4618effc8f7f0046f03f550626700e8db227e35622152574477726c5efe8c | Triage

Sharing

General

Target

f515a20a2a483f98d25195a99a8b46ab_JaffaCakes118
Size

620KB
Sample

240417-flv9saec54
MD5

f515a20a2a483f98d25195a99a8b46ab
SHA1

f7f4322829369ae0a1b4cb396ad93fcc289c0c2d
SHA256

11c4618effc8f7f0046f03f550626700e8db227e35622152574477726c5efe8c
SHA512

fdea076d0633462ba9fe95b381d3c037112bb2858809c55e65d99f47ba36d0e9327b09408f863c1e8aa0c34bb7667e1730b8b7d64d587b2af4a8027c71cb6096
SSDEEP

12288:iKmvp4Mc97OnZ4jfSQA8whpzzbj9Ov4ukdNZihb62a:Fmvp4fOZKfSQA86/bc4ukdHmb6t

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  f515a20a2a483f98d25195a99a8b46ab_JaffaCakes118
- Size
  
  620KB
- MD5
  
  f515a20a2a483f98d25195a99a8b46ab
- SHA1
  
  f7f4322829369ae0a1b4cb396ad93fcc289c0c2d
- SHA256
  
  11c4618effc8f7f0046f03f550626700e8db227e35622152574477726c5efe8c
- SHA512
  
  fdea076d0633462ba9fe95b381d3c037112bb2858809c55e65d99f47ba36d0e9327b09408f863c1e8aa0c34bb7667e1730b8b7d64d587b2af4a8027c71cb6096
- SSDEEP
  
  12288:iKmvp4Mc97OnZ4jfSQA8whpzzbj9Ov4ukdNZihb62a:Fmvp4fOZKfSQA86/bc4ukdHmb6t
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2