060e282c96c736aa615d2ff2248d28ca6e4fef6549789d7c6a1efe6d2afa7217 | Triage

Sharing

General

Target

fe18a771d1c8347c8aa41c71bc938af2_JaffaCakes118
Size

674KB
Sample

240421-bp6gpsfc47
MD5

fe18a771d1c8347c8aa41c71bc938af2
SHA1

58dd91d8106efb1aa780272859fd8486ed4767c9
SHA256

060e282c96c736aa615d2ff2248d28ca6e4fef6549789d7c6a1efe6d2afa7217
SHA512

e4e4736f798c8637163b0340a5b21edd4c6d83a96f43f255e57f590d02a38b1db6beae17b5e08e2a3d4b67d7c02335b898a62f87c330220ccf90ae6707725730
SSDEEP

12288:rCRO7YJnY+ndmFWp9QYKctiH0bPbzYVlEYZHJBitDEK9f3ajKG7DfyG6e:OROclJ0Q9+cthjUlE2HLj8f3aD7DqG6e

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  fe18a771d1c8347c8aa41c71bc938af2_JaffaCakes118
- Size
  
  674KB
- MD5
  
  fe18a771d1c8347c8aa41c71bc938af2
- SHA1
  
  58dd91d8106efb1aa780272859fd8486ed4767c9
- SHA256
  
  060e282c96c736aa615d2ff2248d28ca6e4fef6549789d7c6a1efe6d2afa7217
- SHA512
  
  e4e4736f798c8637163b0340a5b21edd4c6d83a96f43f255e57f590d02a38b1db6beae17b5e08e2a3d4b67d7c02335b898a62f87c330220ccf90ae6707725730
- SSDEEP
  
  12288:rCRO7YJnY+ndmFWp9QYKctiH0bPbzYVlEYZHJBitDEK9f3ajKG7DfyG6e:OROclJ0Q9+cthjUlE2HLj8f3aD7DqG6e
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2