6b9819a15b779ab3ab18a68bb9ffc414f15b47696f8fb4138fd397cc745255cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

288213cc5c586faec5b2d883b7b12b1d_JaffaCakes118
Size

289KB
Sample

240509-f8tpgada2w
MD5

288213cc5c586faec5b2d883b7b12b1d
SHA1

8b7ea213852cae78db87805fda423fdfa85bfd21
SHA256

6b9819a15b779ab3ab18a68bb9ffc414f15b47696f8fb4138fd397cc745255cc
SHA512

1ffdbb961c862655b120c95af05e595ba9586f6a31d0e5632ff835e99de8e15dd6fbec9ea43fb7c923d7feb2b7938caee074801afcb76857508e209bd21a1869
SSDEEP

3072:Q6KrePVti2gCnjHCtTETGbgn6qZ7QW77NyEob5XiMjvIeLOjr10hti/PCGj+M76C:iaYnuNGxlg7Nw5XiQvb4cYX0MZ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  288213cc5c586faec5b2d883b7b12b1d_JaffaCakes118
- Size
  
  289KB
- MD5
  
  288213cc5c586faec5b2d883b7b12b1d
- SHA1
  
  8b7ea213852cae78db87805fda423fdfa85bfd21
- SHA256
  
  6b9819a15b779ab3ab18a68bb9ffc414f15b47696f8fb4138fd397cc745255cc
- SHA512
  
  1ffdbb961c862655b120c95af05e595ba9586f6a31d0e5632ff835e99de8e15dd6fbec9ea43fb7c923d7feb2b7938caee074801afcb76857508e209bd21a1869
- SSDEEP
  
  3072:Q6KrePVti2gCnjHCtTETGbgn6qZ7QW77NyEob5XiMjvIeLOjr10hti/PCGj+M76C:iaYnuNGxlg7Nw5XiQvb4cYX0MZ
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2