232b8c14dc7fbd2692d838ddead0e78621370af798893be99dcb40f89d8d6544 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c9ae15e93b6e38ffc1751c21c77dacb_JaffaCakes118
Size

638KB
Sample

240513-z4kqjsea7s
MD5

3c9ae15e93b6e38ffc1751c21c77dacb
SHA1

b28ccfde99018e7e9461c1f5fdb3dcdf550b4602
SHA256

232b8c14dc7fbd2692d838ddead0e78621370af798893be99dcb40f89d8d6544
SHA512

d1dd8d71005905f63b70239e8fd528833d25b1279f3ad021b1b4c7c167e38ed6754c93bd3220d7afea29a13a92d8abe946098b2de8ca3e97019d99e805516392
SSDEEP

12288:hmrT/NtMTbIhcvPMLxa8bzzyUoCyhRB2Sjy7Xrxti3rwbX1W38oZ1f6jB3Bq:QrT/Nt3AML1XRykdzltqm8r3f6jBI

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  3c9ae15e93b6e38ffc1751c21c77dacb_JaffaCakes118
- Size
  
  638KB
- MD5
  
  3c9ae15e93b6e38ffc1751c21c77dacb
- SHA1
  
  b28ccfde99018e7e9461c1f5fdb3dcdf550b4602
- SHA256
  
  232b8c14dc7fbd2692d838ddead0e78621370af798893be99dcb40f89d8d6544
- SHA512
  
  d1dd8d71005905f63b70239e8fd528833d25b1279f3ad021b1b4c7c167e38ed6754c93bd3220d7afea29a13a92d8abe946098b2de8ca3e97019d99e805516392
- SSDEEP
  
  12288:hmrT/NtMTbIhcvPMLxa8bzzyUoCyhRB2Sjy7Xrxti3rwbX1W38oZ1f6jB3Bq:QrT/Nt3AML1XRykdzltqm8r3f6jBI
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2