b32a1cc7bf5666616499860b1c75db6a19fbd31dad2be7ef5f13720dec6939af | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2a6c125d7d...18.exe

windows7-x64

9

2a6c125d7d...18.exe

windows10-2004-x64

9

Sharing

General

Target

2a6c125d7ddbdf876a132dad12f33d34_JaffaCakes118
Size

3.1MB
Sample

240509-rychzsef4y
MD5

2a6c125d7ddbdf876a132dad12f33d34
SHA1

961dae6d9cac36b3cb7a2ef1f63792af56b4c1d9
SHA256

b32a1cc7bf5666616499860b1c75db6a19fbd31dad2be7ef5f13720dec6939af
SHA512

fa3f90ae6d922dec6c1cf2c60efeca7bf189e0f901dc893539c45e6ea35f94b30e835db748c3b48d31ed452628ccc7319ca92341aa7c8f3ced56f8be9dc6e506
SSDEEP

49152:AUfYxziGK24+ZnH/XGiLVDd2Md9UySlEO+lFBe/kEcbycuhAOOdudfV6wetNcLlV:A+YxGJWH/XNHd2KRqkPycu1Oafr+er

Score

9^/10

evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a6c125d7ddbdf876a132dad12f33d34_JaffaCakes118.exe

Resource

win7-20240220-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a6c125d7ddbdf876a132dad12f33d34_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2a6c125d7ddbdf876a132dad12f33d34_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  2a6c125d7ddbdf876a132dad12f33d34
- SHA1
  
  961dae6d9cac36b3cb7a2ef1f63792af56b4c1d9
- SHA256
  
  b32a1cc7bf5666616499860b1c75db6a19fbd31dad2be7ef5f13720dec6939af
- SHA512
  
  fa3f90ae6d922dec6c1cf2c60efeca7bf189e0f901dc893539c45e6ea35f94b30e835db748c3b48d31ed452628ccc7319ca92341aa7c8f3ced56f8be9dc6e506
- SSDEEP
  
  49152:AUfYxziGK24+ZnH/XGiLVDd2Md9UySlEO+lFBe/kEcbycuhAOOdudfV6wetNcLlV:A+YxGJWH/XNHd2KRqkPycu1Oafr+er
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy