04d8335d52a7e49278f09f21caab430da2517a26f49c8488a66bbc96c425da10 | Triage

Sharing

General

Target

63f7b76d8842007e570fb765c8ef6982_JaffaCakes118
Size

628KB
Sample

240521-tz2wdabg28
MD5

63f7b76d8842007e570fb765c8ef6982
SHA1

ae76aec2194f24fb358238618255c6a6bba5dc79
SHA256

04d8335d52a7e49278f09f21caab430da2517a26f49c8488a66bbc96c425da10
SHA512

af439ed015ad7bc96c3926f1dcc89a351bdac0976cef6e8878f2a4c1f6ce9a5f3e9d2c0bf6a57a3a42dbba3d397bdcc2e9e237d499a4ba92c19dcc7faddadab8
SSDEEP

12288:eL4MO+THTJZVyWW9Xl6nHZDQQXiPYURmjDAOu7Q944dc6H:o4MO+Vx+M1OPoO7tGc6H

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  63f7b76d8842007e570fb765c8ef6982_JaffaCakes118
- Size
  
  628KB
- MD5
  
  63f7b76d8842007e570fb765c8ef6982
- SHA1
  
  ae76aec2194f24fb358238618255c6a6bba5dc79
- SHA256
  
  04d8335d52a7e49278f09f21caab430da2517a26f49c8488a66bbc96c425da10
- SHA512
  
  af439ed015ad7bc96c3926f1dcc89a351bdac0976cef6e8878f2a4c1f6ce9a5f3e9d2c0bf6a57a3a42dbba3d397bdcc2e9e237d499a4ba92c19dcc7faddadab8
- SSDEEP
  
  12288:eL4MO+THTJZVyWW9Xl6nHZDQQXiPYURmjDAOu7Q944dc6H:o4MO+Vx+M1OPoO7tGc6H
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2