1363376f98fa8a7b5e3b8ae068936119ddb2fc990be8aa8b4ea783fa3aa35af4 | Triage

Sharing

General

Target

3dc8072eb2b5496ed5ce047f832fbf74_JaffaCakes118
Size

664KB
Sample

240514-eerscaab94
MD5

3dc8072eb2b5496ed5ce047f832fbf74
SHA1

31aa7920abe72927668f0b1af47addabf9bbddeb
SHA256

1363376f98fa8a7b5e3b8ae068936119ddb2fc990be8aa8b4ea783fa3aa35af4
SHA512

2f3300cac9f08cdf23f11eb2de2ec5cce44524f6396d803bffc92d53e361cdebe70ca93a9bbf1e1856c61e3ca3c43b876a53502261db04e7d5cbb519101a5696
SSDEEP

12288:0tAl+5h74BeJCZpQcXrRxE4MeN7eLc9tnl1EINSDsgBIJTDKn/uA3r:QAl+5KbQWVMvA9tlpUQguAn/uA3r

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  3dc8072eb2b5496ed5ce047f832fbf74_JaffaCakes118
- Size
  
  664KB
- MD5
  
  3dc8072eb2b5496ed5ce047f832fbf74
- SHA1
  
  31aa7920abe72927668f0b1af47addabf9bbddeb
- SHA256
  
  1363376f98fa8a7b5e3b8ae068936119ddb2fc990be8aa8b4ea783fa3aa35af4
- SHA512
  
  2f3300cac9f08cdf23f11eb2de2ec5cce44524f6396d803bffc92d53e361cdebe70ca93a9bbf1e1856c61e3ca3c43b876a53502261db04e7d5cbb519101a5696
- SSDEEP
  
  12288:0tAl+5h74BeJCZpQcXrRxE4MeN7eLc9tnl1EINSDsgBIJTDKn/uA3r:QAl+5KbQWVMvA9tlpUQguAn/uA3r
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2