21116814e4af730412bebc8c632755857ff837b89ae36a072d614e211c982980 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

113829f1c9ce2a6fb54a5679424a5e42_JaffaCakes118
Size

680KB
Sample

240504-crfjqsag71
MD5

113829f1c9ce2a6fb54a5679424a5e42
SHA1

bddb67f45145be2aeb4697db8f23e1f9c49045cc
SHA256

21116814e4af730412bebc8c632755857ff837b89ae36a072d614e211c982980
SHA512

74af77c9c68833bd2ab7f4c5c9decde7e27cd24337fb023af48919ebc47476d92e94d26f4fbc9ffe73049d0d3841d6c5d0d61cde79bf0bfcebf62db26a881d6e
SSDEEP

12288:C82isfaTcM8/kNcHKp3IVHWcjSf4P/cJL5a/5WdU6AmR+6ms:32isfdMqTPwcjSf4P/cJL5a/5FmR+6ms

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  113829f1c9ce2a6fb54a5679424a5e42_JaffaCakes118
- Size
  
  680KB
- MD5
  
  113829f1c9ce2a6fb54a5679424a5e42
- SHA1
  
  bddb67f45145be2aeb4697db8f23e1f9c49045cc
- SHA256
  
  21116814e4af730412bebc8c632755857ff837b89ae36a072d614e211c982980
- SHA512
  
  74af77c9c68833bd2ab7f4c5c9decde7e27cd24337fb023af48919ebc47476d92e94d26f4fbc9ffe73049d0d3841d6c5d0d61cde79bf0bfcebf62db26a881d6e
- SSDEEP
  
  12288:C82isfaTcM8/kNcHKp3IVHWcjSf4P/cJL5a/5WdU6AmR+6ms:32isfdMqTPwcjSf4P/cJL5a/5FmR+6ms
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2