General
-
Target
5d39da2c05bc4467719f123638a654a0_JaffaCakes118
-
Size
2.3MB
-
Sample
240520-faq6paca77
-
MD5
5d39da2c05bc4467719f123638a654a0
-
SHA1
3da62fedf8199f651b52b7268483230ca0075a7e
-
SHA256
85220b1eb21832d0c1959138e97af548141a4983c7b08114881b3d5faaadaff7
-
SHA512
c0f91eb7e0ffa34d57185c47ad9d998d4ffc372f1d6269ae47a903a62f985472ee5aa1cbe0385d1d0908cddcdfc08ab370f27cc3c92f593d6bbc98ae24180f46
-
SSDEEP
49152:91CSwAHN1WidB8g2p4FdoxchtWhLJWhFohmagu7HS0x6CaYa0j8EvlBM:9kSwAt1tpoxcPGJtHS0XaPLEHM
Static task
static1
Behavioral task
behavioral1
Sample
Order details 20160623103529.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Order details 20160623103529.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Order details 20160623103529.exe
-
Size
2.3MB
-
MD5
07a4eab7815d7240e9d3d38f7df9be36
-
SHA1
2fcb5ee484b60dcadd3ef4aa4ab2f6b22f8e78f4
-
SHA256
14d2a798476194ebc48db82141fa597c7ac6a91094f36a1311d857579c867017
-
SHA512
4fe7adbfcd46ef19d3ce73f4342a197579d6653c7bba96e65813fe6d076cadc87ff2e0d640035656a044566e21e21dcf4393191f4d6330f25319f476611686ab
-
SSDEEP
49152:Ipgs8ABpNAcbBicSTgbDgtcBbWRzfYb/kL+agsNFCriQmew54a11Fp:IGs8AvNzXgtcpEfFFC2QVbalp
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1