23b91be74f3c9907431c48797e0cf494021d64783627968fe14d4ffa5144cee0 | Triage

Sharing

General

Target

150b0d45627c8f9193dfb1bd22a4e216_JaffaCakes118
Size

672KB
Sample

240504-3xlk2sah48
MD5

150b0d45627c8f9193dfb1bd22a4e216
SHA1

07b2cb935187c6f7c292f19e8558cb95208c5838
SHA256

23b91be74f3c9907431c48797e0cf494021d64783627968fe14d4ffa5144cee0
SHA512

dfe306b2f831682c8e9fb5162b15276b8ae96d289f6f773228dfba236cb59f8d69b91732ed3fdb6f57f03772a665e3da34d2b120e0ff2cae1b9b3039bedf3952
SSDEEP

12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6x:qJ7Uzj4yUo7Fdle8WIbCL6x

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  150b0d45627c8f9193dfb1bd22a4e216_JaffaCakes118
- Size
  
  672KB
- MD5
  
  150b0d45627c8f9193dfb1bd22a4e216
- SHA1
  
  07b2cb935187c6f7c292f19e8558cb95208c5838
- SHA256
  
  23b91be74f3c9907431c48797e0cf494021d64783627968fe14d4ffa5144cee0
- SHA512
  
  dfe306b2f831682c8e9fb5162b15276b8ae96d289f6f773228dfba236cb59f8d69b91732ed3fdb6f57f03772a665e3da34d2b120e0ff2cae1b9b3039bedf3952
- SSDEEP
  
  12288:SZJ7G1zskWtP44444ItPZkTKpPwHb/dgusOlMLSTQNirbCfrL6x:qJ7Uzj4yUo7Fdle8WIbCL6x
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2