23fee87fb45ea21a59e0b2c0ded15eae2aa25ca71c53db9380280e9c84709c17 | Triage

Sharing

General

Target

395295900262456a661ab7199204da91_JaffaCakes118
Size

570KB
Sample

240512-k2d3nacc99
MD5

395295900262456a661ab7199204da91
SHA1

efbb0462a745c03906fc191f54d3d3cc6c12662e
SHA256

23fee87fb45ea21a59e0b2c0ded15eae2aa25ca71c53db9380280e9c84709c17
SHA512

664d128f2f4014ac7b6e85a0cd3fd249e69823d1365d4551b8447655d50fbf1229355098c0342d464d75ae54fc2bde7f35a4ba3cb30e5bca8c18175775a787ea
SSDEEP

12288:SWXMlC4QMUw9gT4umyVyIyzmsAu15ErqfAnUb60:BXMlCU9gTZmywIyCmkWfAUb60

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  395295900262456a661ab7199204da91_JaffaCakes118
- Size
  
  570KB
- MD5
  
  395295900262456a661ab7199204da91
- SHA1
  
  efbb0462a745c03906fc191f54d3d3cc6c12662e
- SHA256
  
  23fee87fb45ea21a59e0b2c0ded15eae2aa25ca71c53db9380280e9c84709c17
- SHA512
  
  664d128f2f4014ac7b6e85a0cd3fd249e69823d1365d4551b8447655d50fbf1229355098c0342d464d75ae54fc2bde7f35a4ba3cb30e5bca8c18175775a787ea
- SSDEEP
  
  12288:SWXMlC4QMUw9gT4umyVyIyzmsAu15ErqfAnUb60:BXMlCU9gTZmywIyCmkWfAUb60
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2