04a1f74d1110b17e3a3a2e32b57652d348b8963d25ff8eb81dc1e8c45c590f99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1104753b6c8cdacaa6eab61994b8e8e3_JaffaCakes118
Size

666KB
Sample

240503-vrjkhaee46
MD5

1104753b6c8cdacaa6eab61994b8e8e3
SHA1

995f090dceb2b6bf88e851ad8b66c1846962f3b9
SHA256

04a1f74d1110b17e3a3a2e32b57652d348b8963d25ff8eb81dc1e8c45c590f99
SHA512

e76e8126f62fca2e969636fba1c41aadbe8b5c0efe3e6455f2a5392876ca2ec2842a5642107b54a8557938c1a940664c105af7eca336fa618be39f2c6eb8e3bd
SSDEEP

12288:5N7njumso2sJSQpDLsyIDcGZSXOsfsn42HeFtjNQqnsI+6w:37njXhgQlHGZCs4YW+6w

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  1104753b6c8cdacaa6eab61994b8e8e3_JaffaCakes118
- Size
  
  666KB
- MD5
  
  1104753b6c8cdacaa6eab61994b8e8e3
- SHA1
  
  995f090dceb2b6bf88e851ad8b66c1846962f3b9
- SHA256
  
  04a1f74d1110b17e3a3a2e32b57652d348b8963d25ff8eb81dc1e8c45c590f99
- SHA512
  
  e76e8126f62fca2e969636fba1c41aadbe8b5c0efe3e6455f2a5392876ca2ec2842a5642107b54a8557938c1a940664c105af7eca336fa618be39f2c6eb8e3bd
- SSDEEP
  
  12288:5N7njumso2sJSQpDLsyIDcGZSXOsfsn42HeFtjNQqnsI+6w:37njXhgQlHGZCs4YW+6w
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2