2037cba7ea5803d091ef613891a80545fe0663abdfee6086ef418ff7eea708ac | Triage

Sharing

General

Target

260963c1e91235b813f609be801723a8_JaffaCakes118
Size

615KB
Sample

240508-wj5y7sgb5x
MD5

260963c1e91235b813f609be801723a8
SHA1

e385d7f84f1b2a5a6d7dda2e61dd18c680b6f4eb
SHA256

2037cba7ea5803d091ef613891a80545fe0663abdfee6086ef418ff7eea708ac
SHA512

d5561910832fd3950284729134f7d64b8759c8c75b8959ad86622ee8feb875cd0a4c4f15dd0aa64b204f15ac598bd4dbbe6a07093928e2393ad7efe65447e4b1
SSDEEP

12288:X36t+1yCD9OkveZXAUZFuZOcS/2Q6RlYz6m:H6t+1TOfZXAIFunS/2Qlz6m

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  260963c1e91235b813f609be801723a8_JaffaCakes118
- Size
  
  615KB
- MD5
  
  260963c1e91235b813f609be801723a8
- SHA1
  
  e385d7f84f1b2a5a6d7dda2e61dd18c680b6f4eb
- SHA256
  
  2037cba7ea5803d091ef613891a80545fe0663abdfee6086ef418ff7eea708ac
- SHA512
  
  d5561910832fd3950284729134f7d64b8759c8c75b8959ad86622ee8feb875cd0a4c4f15dd0aa64b204f15ac598bd4dbbe6a07093928e2393ad7efe65447e4b1
- SSDEEP
  
  12288:X36t+1yCD9OkveZXAUZFuZOcS/2Q6RlYz6m:H6t+1TOfZXAIFunS/2Qlz6m
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2