e630964f5d9d5f7e208a4557ce0e1530ef16394f879b72fdb043e65de1e02a05 | Triage

Sharing

General

Target

03bd108b282e1fdde5f06790acb050db_JaffaCakes118
Size

667KB
Sample

240427-13y28ahf39
MD5

03bd108b282e1fdde5f06790acb050db
SHA1

6105c14753e5b7e2198cb1fdb36f6bfd9be7713b
SHA256

e630964f5d9d5f7e208a4557ce0e1530ef16394f879b72fdb043e65de1e02a05
SHA512

d9e57f03be6e8c9bcb3c8ae3318c2e3109111c69ec1a4aa1720f5cd67c94619753df11747424ac797b7bcfaaafdc4d4f5281b6aba0ff8b34454ecba147e685ae
SSDEEP

12288:T8rqkM4RxFPeGUEyD8V5SJVvImhxhBDRR6Oifc3OY3MCP9rdOb6P:QrqkM4AGUAjSJVrhxhZRCYljOb6P

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  03bd108b282e1fdde5f06790acb050db_JaffaCakes118
- Size
  
  667KB
- MD5
  
  03bd108b282e1fdde5f06790acb050db
- SHA1
  
  6105c14753e5b7e2198cb1fdb36f6bfd9be7713b
- SHA256
  
  e630964f5d9d5f7e208a4557ce0e1530ef16394f879b72fdb043e65de1e02a05
- SHA512
  
  d9e57f03be6e8c9bcb3c8ae3318c2e3109111c69ec1a4aa1720f5cd67c94619753df11747424ac797b7bcfaaafdc4d4f5281b6aba0ff8b34454ecba147e685ae
- SSDEEP
  
  12288:T8rqkM4RxFPeGUEyD8V5SJVvImhxhBDRR6Oifc3OY3MCP9rdOb6P:QrqkM4AGUAjSJVrhxhZRCYljOb6P
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2