04df94879d7cb2ea6583f4e2dd21fdb35dc5de7d474aea9e5531120b1c0e4c5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d8b1fb1881048d38b26ce2045d9e5cb_JaffaCakes118
Size

663KB
Sample

240516-3d7deaeb2t
MD5

4d8b1fb1881048d38b26ce2045d9e5cb
SHA1

b5b5a39f32ee58241ba422cb75f4a94b3e0c0bf0
SHA256

04df94879d7cb2ea6583f4e2dd21fdb35dc5de7d474aea9e5531120b1c0e4c5d
SHA512

c8bfca3dc78f4167ad6c5080770912befedfbd105bbb0ed3e3c0de39e6cf96d2dac68964ff18a5c1f09706b77ec268ff946bda99c044db8737417ec577a76e28
SSDEEP

12288:uqMEMEMgxYtIEov70s2sft/nUGKitxSBRzUZfj9I8waz6+:pMEMER3/dSz4ZZJz6+

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  4d8b1fb1881048d38b26ce2045d9e5cb_JaffaCakes118
- Size
  
  663KB
- MD5
  
  4d8b1fb1881048d38b26ce2045d9e5cb
- SHA1
  
  b5b5a39f32ee58241ba422cb75f4a94b3e0c0bf0
- SHA256
  
  04df94879d7cb2ea6583f4e2dd21fdb35dc5de7d474aea9e5531120b1c0e4c5d
- SHA512
  
  c8bfca3dc78f4167ad6c5080770912befedfbd105bbb0ed3e3c0de39e6cf96d2dac68964ff18a5c1f09706b77ec268ff946bda99c044db8737417ec577a76e28
- SSDEEP
  
  12288:uqMEMEMgxYtIEov70s2sft/nUGKitxSBRzUZfj9I8waz6+:pMEMER3/dSz4ZZJz6+
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2